[c-nsp] Pix - Configuring as a VPN conc.

[ALI Rijas Mannanthara]

Pease help me ... does version have some problem...

 

I attach the config also . I am able to ping the pix outside from my
test pc.

 

PIX Version 6.2(2)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

hostname vpnserver

domain-name covansys.com

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000

names

pager lines 24

logging buffered debugging

logging facility 7

interface ethernet0 auto

interface ethernet1 auto

mtu outside 1500

mtu inside 1500

ip address outside 10.6.85.34 255.255.255.0

ip address inside 172.16.17.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

ip local pool vpnpool 100.100.100.1-100.100.100.50

pdm history enable

arp timeout 14400

conduit permit icmp any any

route outside 0.0.0.0 0.0.0.0 10.6.85.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323
0:05:00 sip 0:30:00 sip_media 0:0

2:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt connection permit-ipsec

no sysopt route dnat

crypto ipsec transform-set vpnset esp-des esp-sha-hmac

crypto dynamic-map dynmap 10 set transform-set vpnset

crypto map dialinmap 10 ipsec-isakmp dynamic dynmap

crypto map dialinmap client configuration address initiate

crypto map dialinmap interface outside

isakmp enable outside

isakmp key ******** address 0.0.0.0 netmask 0.0.0.0

isakmp client configuration address-pool local vpnpool outside

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

vpngroup mygroup address-pool vpnpool

vpngroup mygroup idle-time 1800

vpngroup mygroup password ********

telnet timeout 5

ssh 10.6.85.0 255.255.255.0 outside

ssh timeout 60

terminal width 80

Cryptochecksum:d6cd560dfbf65bd2c901641d762dc318

: end

 

 

Thanks ,

 

Rijas

EPBX : 6226

VoIP : 248-994-4858

 

This E-Mail is intended only for the use of the individual or entity to
which it is addressed and may contain information that is privileged,
confidential, and exempt from disclosure. If the reader of this document
is not the intended recipient or an employee or agent responsible for
delivering this document to the intended recipient, you are hereby
notified that any dissemination, distribution, or copying of this
document is strictly prohibited. If you have received this document in
error, please delete it. Thank you. 

 

Confidentiality Statement:

This message is intended only for the individual or entity to which it is addressed. It may contain privileged, confidential information which is exempt from disclosure under applicable laws. If you are not the intended recipient, please note that you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information. If you have received this communication in error, please notify us immediately by return email.