<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML dir=ltr><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=unicode">
<META content="MSHTML 6.00.2800.1106" name=GENERATOR></HEAD>
<BODY>
<DIV id=idOWAReplyText21415 dir=ltr>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2>Have you looked at the Cisco
TAC site? </FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>Below is for a 1720 router
ipsec.</FONT></DIV>
<DIV dir=ltr>
<P class=MsoNormalIndent style="LAYOUT-GRID-MODE: char"><FONT
face="Arial, Helvetica">!</FONT></P>
<P class=MsoNormalIndent style="LAYOUT-GRID-MODE: char"><FONT
face="Arial, Helvetica">crypto isakmp policy 1</FONT></P>
<P class=MsoNormalIndent style="LAYOUT-GRID-MODE: char"><FONT
face="Arial, Helvetica"> authentication pre-share</FONT></P>
<P class=MsoNormalIndent style="LAYOUT-GRID-MODE: char"><FONT
face="Arial, Helvetica"> group 2</FONT></P>
<P class=MsoNormalIndent style="LAYOUT-GRID-MODE: char"><FONT
face="Arial, Helvetica">!</FONT></P>
<P class=MsoNormalIndent style="LAYOUT-GRID-MODE: char"><FONT
face="Arial, Helvetica">crypto isakmp policy 2</FONT></P>
<P class=MsoNormalIndent style="LAYOUT-GRID-MODE: char"><FONT
face="Arial, Helvetica"> hash md5</FONT></P>
<P class=MsoNormalIndent style="LAYOUT-GRID-MODE: char"><FONT
face="Arial, Helvetica"> authentication pre-share</FONT></P>
<P class=MsoNormalIndent style="LAYOUT-GRID-MODE: char"><FONT
face="Arial, Helvetica"> group 2</FONT></P>
<P class=MsoNormalIndent style="LAYOUT-GRID-MODE: char"><FONT
face="Arial, Helvetica">!</FONT></P>
<P class=MsoNormalIndent style="LAYOUT-GRID-MODE: char"><FONT
face="Arial, Helvetica">crypto isakmp policy 3</FONT></P>
<P class=MsoNormalIndent style="LAYOUT-GRID-MODE: char"><FONT
face="Arial, Helvetica"> authentication pre-share</FONT></P>
<P class=MsoNormalIndent style="LAYOUT-GRID-MODE: char"><FONT
face="Arial, Helvetica">!</FONT></P>
<P class=MsoNormalIndent style="LAYOUT-GRID-MODE: char"><FONT
face="Arial, Helvetica">crypto isakmp policy 4</FONT></P>
<P class=MsoNormalIndent style="LAYOUT-GRID-MODE: char"><FONT
face="Arial, Helvetica"> hash md5</FONT></P>
<P class=MsoNormalIndent style="LAYOUT-GRID-MODE: char"><FONT
face="Arial, Helvetica"> authentication pre-share</FONT></P>
<P class=MsoNormalIndent style="LAYOUT-GRID-MODE: char"><FONT
face="Arial, Helvetica">crypto isakmp key XYZ123 address 140.111.1.1</FONT></P>
<P class=MsoNormalIndent style="LAYOUT-GRID-MODE: char"><FONT
face="Arial, Helvetica">!</FONT></P>
<P class=MsoNormalIndent style="LAYOUT-GRID-MODE: char"><FONT
face="Arial, Helvetica">!</FONT></P>
<P class=MsoNormalIndent style="LAYOUT-GRID-MODE: char"><FONT
face="Arial, Helvetica">crypto ipsec transform-set rtpset1 esp-des
esp-md5-hmac</FONT></P>
<P class=MsoNormalIndent style="LAYOUT-GRID-MODE: char"><FONT
face="Arial, Helvetica">crypto ipsec transform-set rtpset2 esp-des
esp-sha-hmac</FONT></P>
<P class=MsoNormalIndent style="LAYOUT-GRID-MODE: char"><FONT
face="Arial, Helvetica">crypto ipsec transform-set rtpset3 esp-null
esp-md5-hmac</FONT></P>
<P class=MsoNormalIndent style="LAYOUT-GRID-MODE: char"><FONT
face="Arial, Helvetica">crypto ipsec transform-set rtpset4 esp-null
esp-sha-hmac</FONT></P>
<P class=MsoNormalIndent style="LAYOUT-GRID-MODE: char"><FONT
face="Arial, Helvetica">crypto ipsec transform-set rtpset5 esp-des</FONT></P>
<P class=MsoNormalIndent style="LAYOUT-GRID-MODE: char"><FONT
face="Arial, Helvetica">!</FONT></P>
<P class=MsoNormalIndent style="LAYOUT-GRID-MODE: char"><FONT
face="Arial, Helvetica">crypto map rtp 1 ipsec-isakmp</FONT></P>
<P class=MsoNormalIndent style="LAYOUT-GRID-MODE: char"><FONT
face="Arial, Helvetica"> set peer 140.111.1.1</FONT></P>
<P class=MsoNormalIndent style="LAYOUT-GRID-MODE: char"><FONT
face="Arial, Helvetica"> set transform-set rtpset1 rtpset2 rtpset3 rtpset4
rtpset5</FONT></P>
<P class=MsoNormalIndent style="LAYOUT-GRID-MODE: char"><FONT
face="Arial, Helvetica"> match address 101</FONT></P>
<P class=MsoNormalIndent style="LAYOUT-GRID-MODE: char"><FONT
face="Arial, Helvetica">!</FONT></P></DIV></DIV>
<DIV dir=ltr><BR>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> kclug-bounces@kclug.org on behalf of
Joseph Shepherd<BR><B>Sent:</B> Tue 1/18/2005 2:44 PM<BR><B>To:</B> KC
LUG<BR><B>Subject:</B> anyone help me out for VPN please<BR></FONT><BR></DIV>
<DIV>
<DIV>Hi, all,</DIV>
<DIV> </DIV>
<DIV>I tried to email about Cisco PIX 501 VPN the other day.<BR>but no one
really respond or answered me.</DIV>
<DIV> </DIV>
<DIV>I have a Cisco PIX 501 with a static ip address at home.</DIV>
<DIV>I can access from 192.168.1.3 to outside internet.</DIV>
<DIV>and I can access this computer from outside through web browser.</DIV>
<DIV> </DIV>
<DIV>Here's the way I set up.</DIV>
<DIV> </DIV>
<DIV>I have a router Cisco 900 Series/ZyXel 900 series from Road Runner coming
in</DIV>
<DIV>and I connect the PIX 501 into it.</DIV>
<DIV> </DIV>
<DIV>--> Router -> Cisco PIX 501 -> Windows 2003 Standard (
192.168.1.3)</DIV>
<DIV>
-> Windows XP (192.168.1.5)</DIV>
<DIV>Two computer is connected directly to PIX 501.<BR><BR>only 192.168.1.3 can
access to internet outside.</DIV>
<DIV>not 192.168.1.5.</DIV>
<DIV> </DIV>
<DIV>Here's my configuration.</DIV>
<DIV> </DIV>
<DIV>:<BR>PIX Version 6.3(3)<BR>interface ethernet0 auto<BR>interface ethernet1
100full<BR>nameif ethernet0 outside security0<BR>nameif ethernet1 inside
security100<BR>enable password xxxxxxxx encrypted<BR>passwd xxxxxxx
encrypted<BR>hostname pix<BR>domain-name pixworld.net<BR>fixup protocol dns
maximum-length 512<BR>fixup protocol ftp 21<BR>fixup protocol h323 h225
1720<BR>fixup protocol h323 ras 1718-1719<BR>fixup protocol http 80<BR>fixup
protocol rsh 514<BR>fixup protocol rtsp 554<BR>fixup protocol sip 5060<BR>fixup
protocol sip udp 5060<BR>fixup protocol skinny 2000<BR>fixup protocol smtp
25<BR>fixup protocol sqlnet 1521<BR>fixup protocol tftp
69<BR>names<BR>access-list outside_access_in permit tcp any host 67.53.24.194 eq
smtp<BR>access-list outside_access_in permit tcp any host 67.53.24.194 eq
www<BR>access-list outside_access_in permit tcp any host 67.53.24.194 eq
domain<BR>access-list outside_access_in permit tcp any host 67.53.24.194 eq
ftp<BR>access-list outside_access_in permit tcp any host 67.53.24.194 eq
1812<BR>access-list outside_access_in permit tcp any host 67.53.24.194 eq
1813<BR>access-list outside_access_in permit udp any any eq
domain<BR>access-list inside_outbound_nat0_acl permit ip any 192.168.1.128
255.255.255.128</DIV>
<DIV>access-list outside_cryptomap_dyn_20 permit ip any 192.168.1.128
255.255.255.128</DIV>
<DIV>pager lines 24<BR>mtu outside 1500<BR>mtu inside 1500<BR>ip address outside
67.53.24.194 255.255.255.252<BR>ip address inside 192.168.1.1
255.255.255.0<BR>ip audit info action alarm<BR>ip audit attack action
alarm<BR>ip local pool homepool 192.168.1.150-192.168.1.200<BR>pdm location
192.168.1.3 255.255.255.255 inside<BR>pdm location 65.67.165.136 255.255.255.248
outside<BR>pdm location 192.168.1.128 255.255.255.128 outside<BR>pdm logging
informational 100<BR>pdm history enable<BR>arp timeout 14400<BR>global (outside)
1 interface<BR>nat (inside) 0 access-list inside_outbound_nat0_acl<BR>nat
(inside) 1 192.168.1.0 255.255.255.0 0 0<BR>nat (inside) 1 0.0.0.0 0.0.0.0 0
0<BR>static (inside,outside) 67.53.24.194 192.168.1.3 dns netmask
255.255.255.255 0 0</DIV>
<DIV>access-group outside_access_in in interface outside<BR>route outside
0.0.0.0 0.0.0.0 67.53.24.193 1<BR>timeout xlate 0:05:00<BR>timeout conn 1:00:00
half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00<BR>timeout h323 0:05:00
mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00<BR>timeout uauth 0:05:00
absolute<BR>aaa-server TACACS+ protocol tacacs+<BR>aaa-server RADIUS protocol
radius<BR>aaa-server LOCAL protocol local<BR>http server enable<BR>http
192.168.1.0 255.255.255.0 inside</DIV>
<DIV>http 192.168.1.1 255.255.255.255 inside<BR>no snmp-server location<BR>no
snmp-server contact<BR>snmp-server community public<BR>no snmp-server enable
traps<BR>floodguard enable<BR>sysopt connection permit-l2tp<BR>crypto ipsec
transform-set TRANS_ESP_3DES_MD5 esp-3des esp-md5-hmac<BR>crypto ipsec
transform-set TRANS_ESP_3DES_MD5 mode transport<BR>crypto dynamic-map
outside_dyn_map 20 match address outside_cryptomap_dyn_20<BR>crypto dynamic-map
outside_dyn_map 20 set transform-set TRANS_ESP_3DES_MD5<BR>crypto map
outside_map 65535 ipsec-isakmp dynamic outside_dyn_map<BR>crypto map outside_map
interface outside<BR>isakmp enable outside<BR>isakmp key ******** address
0.0.0.0 netmask 0.0.0.0<BR>isakmp peer fqdn pixworld.net
no-config-mode<BR>isakmp policy 20 authentication pre-share<BR>isakmp policy 20
encryption 3des<BR>isakmp policy 20 hash md5<BR>isakmp policy 20 group
2<BR>isakmp policy 20 lifetime 86400</DIV>
<DIV>telnet 0.0.0.0 0.0.0.0 inside<BR>telnet 192.168.1.0 255.255.255.0
inside<BR>telnet timeout 5<BR>ssh 65.67.165.136 255.255.255.248 outside<BR>ssh
timeout 60<BR>console timeout 0<BR>vpdn group L2TP-VPDN-GROUP accept dialin
l2tp<BR>vpdn group L2TP-VPDN-GROUP client configuration address local
homepool<BR>vpdn group L2TP-VPDN-GROUP client configuration dns
192.168.1.3<BR>vpdn group L2TP-VPDN-GROUP client configuration wins
192.168.1.3<BR>vpdn group L2TP-VPDN-GROUP l2tp tunnel hello 60<BR>vpdn enable
outside<BR>dhcpd address 192.168.1.100-192.168.1.131 inside<BR>dhcpd dns
192.168.1.3<BR>dhcpd wins 192.168.1.3<BR>dhcpd lease 3600<BR>dhcpd ping_timeout
750<BR>dhcpd domain jcho.net<BR>dhcpd auto_config outside<BR>dhcpd enable
inside<BR>vpnclient server 192.168.1.3</DIV>
<DIV>vpnclient mode client-mode<BR>vpnclient vpngroup jcho password
********<BR>terminal width
80<BR>Cryptochecksum:f4b4d3b576a685c282ac99fc9bfe57bd<BR>:
end<BR>pix(config)#</DIV>
<DIV> </DIV>
<DIV>Is there anyone who can help me??</DIV>
<DIV>If it is possible to call him/her, that would be great.</DIV>
<DIV> </DIV>
<DIV>Let me know if anyone willing to help me out.</DIV>
<DIV> </DIV>
<DIV>George Sheperd</DIV>
<DIV><A href="mailto:ksjoecho@yahoo.com">ksjoecho@yahoo.com</A></DIV>
<DIV>(816) 377-7519</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<P>
<HR SIZE=1>
Do you Yahoo!?<BR>The <A href="http://my.yahoo.com">all-new My Yahoo!</A> – Get
yours free! </DIV></BODY></HTML>