[c-nsp] basic remote vpn connection to cisco pix
Jorge Evangelista
netsecuredata at gmail.com
Mon Apr 2 18:28:22 EDT 2007
You can use this guide
http://www.fengnet.com/book/VPNconf/ch22lev1sec1.html
On 4/2/07, Jonathan Charles <jonvoip at gmail.com> wrote:
> This is going to sound stupid, but have you tried the wizard?
>
> It is just really easy... and it works all the time...
>
>
>
> Jonathan
>
> On 4/2/07, Chad Whitten <cwhitten at nexband.com> wrote:
> >
> > im trying to setup a basic connection using the cisco secure vpn client
> > to a cisco pix 501. dont need anything special, no nat, no access lists
> > or anything. ive went through the configs on the cisco site but
> > havent really found anything as simple as what i need.
> >
> > here is what i have so far, would like some input as to if this should
> > work before i begin trying to test
> >
> > -----------------------------------------------------------
> > PIX Version 6.3(5)
> > interface ethernet0 auto
> > interface ethernet1 100full
> > nameif ethernet0 outside security0
> > nameif ethernet1 inside security100
> > access-list 101 permit ip 10.1.6.0 255.255.255.0 10.1.6.208
> > 255.255.255.240
> > ip local pool vpn1 10.1.6.209-10.1.6.222
> > global (outside) 1 interface
> > nat (inside) 0 access-list 101
> > nat (inside) 1 0.0.0.0 0.0.0.0 0 0
> > sysopt connection permit-ipsec
> > sysopt ipsec pl-compatible
> > crypto ipsec transform-set set1 esp-3des esp-sha-hmac
> > crypto dynamic-map map1 10 set transform-set set1
> > crypto map vpnmap1 10 ipsec-isakmp dynamic map1
> > crypto map vpnmap1 interface outside
> > isakmp enable outside
> > isakmp key ******** address 0.0.0.0 netmask 0.0.0.0
> > isakmp identity address
> > isakmp client configuration address-pool local vpn1 outside
> > isakmp policy 10 authentication pre-share
> > isakmp policy 10 encryption 3des
> > isakmp policy 10 hash sha
> > isakmp policy 10 group 2
> > isakmp policy 10 lifetime 28800
> > vpngroup client1 address-pool vpn1
> > vpngroup client1 idle-time 1800
> > vpngroup client1 password ********
> >
> > --
> > Chad Whitten
> > Director of Operations
> > neXband Communications
> > cwhitten at nexband.com
> > 601-988-0101 - Phone
> > 601-988-0016 - Fax
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
--
"The network is the computer"
More information about the cisco-nsp
mailing list