anyone help me out for VPN please
Joseph Shepherd
ksjoecho at yahoo.com
Tue Jan 18 14:44:51 CST 2005
Hi, all,
I tried to email about Cisco PIX 501 VPN the other day.
but no one really respond or answered me.
I have a Cisco PIX 501 with a static ip address at home.
I can access from 192.168.1.3 to outside internet.
and I can access this computer from outside through web browser.
Here's the way I set up.
I have a router Cisco 900 Series/ZyXel 900 series from Road Runner coming in
and I connect the PIX 501 into it.
--> Router -> Cisco PIX 501 -> Windows 2003 Standard ( 192.168.1.3)
-> Windows XP (192.168.1.5)
Two computer is connected directly to PIX 501.
only 192.168.1.3 can access to internet outside.
not 192.168.1.5.
Here's my configuration.
:
PIX Version 6.3(3)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password xxxxxxxx encrypted
passwd xxxxxxx encrypted
hostname pix
domain-name pixworld.net
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list outside_access_in permit tcp any host 67.53.24.194 eq smtp
access-list outside_access_in permit tcp any host 67.53.24.194 eq www
access-list outside_access_in permit tcp any host 67.53.24.194 eq domain
access-list outside_access_in permit tcp any host 67.53.24.194 eq ftp
access-list outside_access_in permit tcp any host 67.53.24.194 eq 1812
access-list outside_access_in permit tcp any host 67.53.24.194 eq 1813
access-list outside_access_in permit udp any any eq domain
access-list inside_outbound_nat0_acl permit ip any 192.168.1.128 255.255.255.128
access-list outside_cryptomap_dyn_20 permit ip any 192.168.1.128 255.255.255.128
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 67.53.24.194 255.255.255.252
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool homepool 192.168.1.150-192.168.1.200
pdm location 192.168.1.3 255.255.255.255 inside
pdm location 65.67.165.136 255.255.255.248 outside
pdm location 192.168.1.128 255.255.255.128 outside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 192.168.1.0 255.255.255.0 0 0
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 67.53.24.194 192.168.1.3 dns netmask 255.255.255.255 0 0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 67.53.24.193 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
http 192.168.1.1 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-l2tp
crypto ipsec transform-set TRANS_ESP_3DES_MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set TRANS_ESP_3DES_MD5 mode transport
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set TRANS_ESP_3DES_MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
isakmp enable outside
isakmp key ******** address 0.0.0.0 netmask 0.0.0.0
isakmp peer fqdn pixworld.net no-config-mode
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
telnet 0.0.0.0 0.0.0.0 inside
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 5
ssh 65.67.165.136 255.255.255.248 outside
ssh timeout 60
console timeout 0
vpdn group L2TP-VPDN-GROUP accept dialin l2tp
vpdn group L2TP-VPDN-GROUP client configuration address local homepool
vpdn group L2TP-VPDN-GROUP client configuration dns 192.168.1.3
vpdn group L2TP-VPDN-GROUP client configuration wins 192.168.1.3
vpdn group L2TP-VPDN-GROUP l2tp tunnel hello 60
vpdn enable outside
dhcpd address 192.168.1.100-192.168.1.131 inside
dhcpd dns 192.168.1.3
dhcpd wins 192.168.1.3
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd domain jcho.net
dhcpd auto_config outside
dhcpd enable inside
vpnclient server 192.168.1.3
vpnclient mode client-mode
vpnclient vpngroup jcho password ********
terminal width 80
Cryptochecksum:f4b4d3b576a685c282ac99fc9bfe57bd
: end
pix(config)#
Is there anyone who can help me??
If it is possible to call him/her, that would be great.
Let me know if anyone willing to help me out.
George Sheperd
ksjoecho at yahoo.com
(816) 377-7519
---------------------------------
Do you Yahoo!?
The all-new My Yahoo! Get yours free!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kclug.org/pipermail/kclug/attachments/20050118/15f7d89c/attachment-0002.htm
More information about the Kclug
mailing list