[c-nsp] Pix - Configuring as a VPN conc.
Brian Feeny
signal at shreve.net
Fri Feb 25 16:35:14 EST 2005
Was there a question in here somewhere that we missed?
Lets start with "What is the problem you're having?"
Brian
On Feb 25, 2005, at 9:26 AM, ALI Rijas Mannanthara wrote:
> Pease help me ... does version have some problem...
>
>
>
> I attach the config also . I am able to ping the pix outside from my
> test pc.
>
>
>
> PIX Version 6.2(2)
>
> nameif ethernet0 outside security0
>
> nameif ethernet1 inside security100
>
> enable password 8Ry2YjIyt7RRXU24 encrypted
>
> passwd 2KFQnbNIdI.2KYOU encrypted
>
> hostname vpnserver
>
> domain-name covansys.com
>
> fixup protocol ftp 21
>
> fixup protocol http 80
>
> fixup protocol h323 h225 1720
>
> fixup protocol h323 ras 1718-1719
>
> fixup protocol ils 389
>
> fixup protocol rsh 514
>
> fixup protocol rtsp 554
>
> fixup protocol smtp 25
>
> fixup protocol sqlnet 1521
>
> fixup protocol sip 5060
>
> fixup protocol skinny 2000
>
> names
>
> pager lines 24
>
> logging buffered debugging
>
> logging facility 7
>
> interface ethernet0 auto
>
> interface ethernet1 auto
>
> mtu outside 1500
>
> mtu inside 1500
>
> ip address outside 10.6.85.34 255.255.255.0
>
> ip address inside 172.16.17.1 255.255.255.0
>
> ip audit info action alarm
>
> ip audit attack action alarm
>
> ip local pool vpnpool 100.100.100.1-100.100.100.50
>
> pdm history enable
>
> arp timeout 14400
>
> conduit permit icmp any any
>
> route outside 0.0.0.0 0.0.0.0 10.6.85.1 1
>
> timeout xlate 3:00:00
>
> timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323
> 0:05:00 sip 0:30:00 sip_media 0:0
>
> 2:00
>
> timeout uauth 0:05:00 absolute
>
> aaa-server TACACS+ protocol tacacs+
>
> aaa-server RADIUS protocol radius
>
> aaa-server LOCAL protocol local
>
> no snmp-server location
>
> no snmp-server contact
>
> snmp-server community public
>
> no snmp-server enable traps
>
> floodguard enable
>
> sysopt connection permit-ipsec
>
> no sysopt route dnat
>
> crypto ipsec transform-set vpnset esp-des esp-sha-hmac
>
> crypto dynamic-map dynmap 10 set transform-set vpnset
>
> crypto map dialinmap 10 ipsec-isakmp dynamic dynmap
>
> crypto map dialinmap client configuration address initiate
>
> crypto map dialinmap interface outside
>
> isakmp enable outside
>
> isakmp key ******** address 0.0.0.0 netmask 0.0.0.0
>
> isakmp client configuration address-pool local vpnpool outside
>
> isakmp policy 10 authentication pre-share
>
> isakmp policy 10 encryption 3des
>
> isakmp policy 10 hash md5
>
> isakmp policy 10 group 2
>
> isakmp policy 10 lifetime 86400
>
> vpngroup mygroup address-pool vpnpool
>
> vpngroup mygroup idle-time 1800
>
> vpngroup mygroup password ********
>
> telnet timeout 5
>
> ssh 10.6.85.0 255.255.255.0 outside
>
> ssh timeout 60
>
> terminal width 80
>
> Cryptochecksum:d6cd560dfbf65bd2c901641d762dc318
>
> : end
>
>
>
>
>
> Thanks ,
>
>
>
> Rijas
>
> EPBX : 6226
>
> VoIP : 248-994-4858
>
>
>
> This E-Mail is intended only for the use of the individual or entity to
> which it is addressed and may contain information that is privileged,
> confidential, and exempt from disclosure. If the reader of this
> document
> is not the intended recipient or an employee or agent responsible for
> delivering this document to the intended recipient, you are hereby
> notified that any dissemination, distribution, or copying of this
> document is strictly prohibited. If you have received this document in
> error, please delete it. Thank you.
>
>
>
> Confidentiality Statement:
>
> This message is intended only for the individual or entity to which it
> is addressed. It may contain privileged, confidential information
> which is exempt from disclosure under applicable laws. If you are not
> the intended recipient, please note that you are strictly prohibited
> from disseminating or distributing this information (other than to the
> intended recipient) or copying this information. If you have received
> this communication in error, please notify us immediately by return
> email.
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
------------------------------------------------------------------------
------
Brian Feeny, CCIE #8036, CISSP e: signal at shreve.net
Network Engineer p: 318.213.4709
ShreveNet Inc. f: 318.221.6612
More information about the cisco-nsp
mailing list