Configure a PIX Security Appliance Site-to-Site VPN using Pre-shared Keys
Task 1 – Prepare to configure VPN support

Configuring IPSec encryption can be complicated. Planning in advance of the actual configuration helps the administrator to configure IPSec encryption correctly the first time and minimize configuration errors. This task should be started by defining the overall security needs and strategy based on the overall company security policy. Some planning steps include the following:

Step 1 Determine the IKE (IKE Phase 1) policy.
Determine the IKE policies between peers based on the number and location of IPSec peers.
Step 2 Determine the IPSec (IKE Phase 2) policy.
Identify IPSec peer details such as IP addresses and IPSec modes. Determine the IPSec policies applied to the encrypted data passing between peers.
Step 3 Ensure that the network works without encryption.
Ensure that basic connectivity has been achieved between IPSec peers using the desired IP services before configuring firewall appliance IPSec.
Step 4 Implicitly permit IPSec packets to bypass PIX Secuity Appliance ACLs and access groups.
This can be done with the sysopt connection permit-ipsec command.