Task 4 – Test and verify the IPSec configuration

The following actions can be performed to test and verify that the VPN is configured correctly on the PIX Security Appliance , :

  • Verify ACLs and select interesting traffic with the show run access-list command.
  • Verify correct IKE configuration with the show run isakmp and show run tunnel-group commands.
  • Verify correct IPSec configuration of transform sets with the show run ipsec command.
  • Verify the correct crypto map configuration with the show run crypto map command.
  • Clear IPSec SAs for testing of SA establishment with the clear crypto ipsec sa command.
  • Clear IKE SAs for testing of IKE SA establishment with the clear crypto isakmp sa command.

Debug IKE and IPSec traffic through the firewall appliance with the debug crypto ipsec and debug crypto isakmp commands.

Lab Activity

Lab Exercise: Configure a PIX Security Appliance Site-to-Site IPSec VPN Tunnel Using CLI

In this lab exercise, students will prepare to configure VPN support. Students will then configure IKE and IPSec parameters. Finally, students will test and verify IPSec configuration.

Lab Activity

Lab Exercise: Configure a PIX Security Appliance Site-to-Site IPSec VPN Tunnel Using ASDM

In this lab exercise, students will configure IKE and IPSec parameters using the ADSM VPN Wizard. Students will then test and verify IPSec configuration.