VPN的配置实例1Word格式.docx
《VPN的配置实例1Word格式.docx》由会员分享,可在线阅读,更多相关《VPN的配置实例1Word格式.docx(7页珍藏版)》请在冰豆网上搜索。
passwd2KFQnbNIdI.2KYOUencrypted
hostnamepix-central
fixupprotocoldnsmaximum-length512
fixupprotocolftp21
fixupprotocolh323h2251720
fixupprotocolh323ras1718-1719
fixupprotocolhttp80
fixupprotocolrsh514
fixupprotocolrtsp554
fixupprotocolsip5060
fixupprotocolsipudp5060
fixupprotocolskinny2000
fixupprotocolsmtp25
fixupprotocolsqlnet1521
fixupprotocoltftp69
names
!
---ThisistraffictoPIX2.
access-list120permitip10.1.1.0255.255.255.010.2.2.0255.255.255.0
---ThisistraffictoPIX3.
access-list130permitip10.1.1.0255.255.255.010.3.3.0255.255.255.0
---DonotdoNetworkAddressTranslation(NAT)ontraffictootherPIXes.
access-list100permitip10.1.1.0255.255.255.010.2.2.0255.255.255.0
access-list100permitip10.1.1.0255.255.255.010.3.3.0255.255.255.0
pagerlines24
loggingon
mtuoutside1500
mtuinside1500
ipaddressoutside172.18.124.153255.255.255.0
ipaddressinside10.1.1.1255.255.255.0
ipauditinfoactionalarm
ipauditattackactionalarm
pdmhistoryenable
arptimeout14400
---DonotdoNATontraffictootherPIXes.
nat(inside)0access-list100
routeoutside0.0.0.00.0.0.0172.18.124.11
timeoutxlate3:
00:
00
timeoutconn1:
00half-closed0:
10:
00udp0:
02:
00rpc0:
00h2251:
timeouth3230:
05:
00mgcp0:
00sip0:
30:
00sip_media0:
timeoutuauth0:
00absolute
aaa-serverTACACS+protocoltacacs+
aaa-serverRADIUSprotocolradius
aaa-serverLOCALprotocollocal
nosnmp-serverlocation
nosnmp-servercontact
snmp-servercommunitypublic
snmp-serverenabletraps
floodguardenable
sysoptconnectionpermit-ipsec
cryptoipsectransform-setmysetesp-desesp-md5-hmac
cryptomapnewmap20ipsec-isakmp
cryptomapnewmap20matchaddress120
cryptomapnewmap20setpeer172.18.124.154
cryptomapnewmap20settransform-setmyset
cryptomapnewmap30ipsec-isakmp
cryptomapnewmap30matchaddress130
cryptomapnewmap30setpeer172.18.124.157
cryptomapnewmap30settransform-setmyset
cryptomapnewmapinterfaceoutside应用MAP到outside
isakmpenableoutside开启IKE
isakmpkey********address172.18.124.154netmask255.255.255.255
no-xauthno-config-mode
isakmpkey********address172.18.124.157netmask255.255.255.255
isakmpidentityaddress
isakmppolicy10authenticationpre-share
isakmppolicy10encryptiondes
isakmppolicy10hashmd5
isakmppolicy10group1
isakmppolicy10lifetime1000
telnettimeout5
sshtimeout5
consoletimeout0
terminalwidth80
Cryptochecksum:
d41d8cd98f00b204eecf8427e
end
PIX2
hostnamepix2
---ThisistraffictoPIXCentral.
access-list110permitip10.2.2.0255.255.255.010.1.1.0255.255.255.0
---DonotdoNATontraffictoPIXCentral.
access-list100permitip10.2.2.0255.255.255.010.1.1.0255.255.255.0
ipaddressoutside172.18.124.154255.255.255.0
ipaddressinside10.2.2.1255.255.255.0
nofailover
failovertimeout0:
failoverpoll15
nofailoveripaddressoutside
nofailoveripaddressinside
nosnmp-serverenabletraps
cryptomapnewmap10ipsec-isakmp
cryptomapnewmap10matchaddress110
cryptomapnewmap10setpeer172.18.124.153
cryptomapnewmap10settransform-setmyset
cryptomapnewmapinterfaceoutside
isakmpenableoutside
isakmpkey********address172.18