VPN的配置实例1.docx
《VPN的配置实例1.docx》由会员分享,可在线阅读,更多相关《VPN的配置实例1.docx(7页珍藏版)》请在冰豆网上搜索。
![VPN的配置实例1.docx](https://file1.bdocx.com/fileroot1/2022-11/16/e906db1d-9d9d-474d-b5d6-3c341b33da05/e906db1d-9d9d-474d-b5d6-3c341b33da051.gif)
VPN的配置实例1
一、Pix-Pix
PIXCentral
Buildingconfiguration...
:
Saved
:
PIXVersion6.3(3)
interfaceethernet0auto
interfaceethernet1auto
nameifethernet0outsidesecurity0
nameifethernet1insidesecurity100
enablepassword8Ry2YjIyt7RRXU24encrypted
passwd2KFQnbNIdI.2KYOUencrypted
hostnamepix-central
fixupprotocoldnsmaximum-length512
fixupprotocolftp21
fixupprotocolh323h2251720
fixupprotocolh323ras1718-1719
fixupprotocolhttp80
fixupprotocolrsh514
fixupprotocolrtsp554
fixupprotocolsip5060
fixupprotocolsipudp5060
fixupprotocolskinny2000
fixupprotocolsmtp25
fixupprotocolsqlnet1521
fixupprotocoltftp69
names
!
---ThisistraffictoPIX2.
access-list120permitip10.1.1.0255.255.255.010.2.2.0255.255.255.0
!
---ThisistraffictoPIX3.
access-list130permitip10.1.1.0255.255.255.010.3.3.0255.255.255.0
!
---DonotdoNetworkAddressTranslation(NAT)ontraffictootherPIXes.
access-list100permitip10.1.1.0255.255.255.010.2.2.0255.255.255.0
access-list100permitip10.1.1.0255.255.255.010.3.3.0255.255.255.0
pagerlines24
loggingon
mtuoutside1500
mtuinside1500
ipaddressoutside172.18.124.153255.255.255.0
ipaddressinside10.1.1.1255.255.255.0
ipauditinfoactionalarm
ipauditattackactionalarm
pdmhistoryenable
arptimeout14400
!
---DonotdoNATontraffictootherPIXes.
nat(inside)0access-list100
routeoutside0.0.0.00.0.0.0172.18.124.11
timeoutxlate3:
00:
00
timeoutconn1:
00:
00half-closed0:
10:
00udp0:
02:
00rpc0:
10:
00h2251:
00:
00
timeouth3230:
05:
00mgcp0:
05:
00sip0:
30:
00sip_media0:
02:
00
timeoutuauth0:
05:
00absolute
aaa-serverTACACS+protocoltacacs+
aaa-serverRADIUSprotocolradius
aaa-serverLOCALprotocollocal
nosnmp-serverlocation
nosnmp-servercontact
snmp-servercommunitypublic
snmp-serverenabletraps
floodguardenable
sysoptconnectionpermit-ipsec
cryptoipsectransform-setmysetesp-desesp-md5-hmac
!
---ThisistraffictoPIX2.
cryptomapnewmap20ipsec-isakmp
cryptomapnewmap20matchaddress120
cryptomapnewmap20setpeer172.18.124.154
cryptomapnewmap20settransform-setmyset
!
---ThisistraffictoPIX3.
cryptomapnewmap30ipsec-isakmp
cryptomapnewmap30matchaddress130
cryptomapnewmap30setpeer172.18.124.157
cryptomapnewmap30settransform-setmyset
cryptomapnewmapinterfaceoutside应用MAP到outside
isakmpenableoutside开启IKE
isakmpkey********address172.18.124.154netmask255.255.255.255
no-xauthno-config-mode
isakmpkey********address172.18.124.157netmask255.255.255.255
no-xauthno-config-mode
isakmpidentityaddress
isakmppolicy10authenticationpre-share
isakmppolicy10encryptiondes
isakmppolicy10hashmd5
isakmppolicy10group1
isakmppolicy10lifetime1000
telnettimeout5
sshtimeout5
consoletimeout0
terminalwidth80
Cryptochecksum:
d41d8cd98f00b204eecf8427e
:
end
PIX2
Buildingconfiguration...
:
Saved
:
PIXVersion6.3(3)
interfaceethernet0auto
interfaceethernet1auto
nameifethernet0outsidesecurity0
nameifethernet1insidesecurity100
enablepassword8Ry2YjIyt7RRXU24encrypted
passwd2KFQnbNIdI.2KYOUencrypted
hostnamepix2
fixupprotocoldnsmaximum-length512
fixupprotocolftp21
fixupprotocolh323h2251720
fixupprotocolh323ras1718-1719
fixupprotocolhttp80
fixupprotocolrsh514
fixupprotocolrtsp554
fixupprotocolsip5060
fixupprotocolsipudp5060
fixupprotocolskinny2000
fixupprotocolsmtp25
fixupprotocolsqlnet1521
fixupprotocoltftp69
names
!
---ThisistraffictoPIXCentral.
access-list110permitip10.2.2.0255.255.255.010.1.1.0255.255.255.0
!
---DonotdoNATontraffictoPIXCentral.
access-list100permitip10.2.2.0255.255.255.010.1.1.0255.255.255.0
pagerlines24
loggingon
mtuoutside1500
mtuinside1500
ipaddressoutside172.18.124.154255.255.255.0
ipaddressinside10.2.2.1255.255.255.0
ipauditinfoactionalarm
ipauditattackactionalarm
nofailover
failovertimeout0:
00:
00
failoverpoll15
nofailoveripaddressoutside
nofailoveripaddressinside
pdmhistoryenable
arptimeout14400
!
---DonotdoNATontraffictoPIXCentral.
nat(inside)0access-list100
routeoutside0.0.0.00.0.0.0172.18.124.11
aaa-serverTACACS+protocoltacacs+
aaa-serverRADIUSprotocolradius
aaa-serverLOCALprotocollocal
nosnmp-serverlocation
nosnmp-servercontact
snmp-servercommunitypublic
nosnmp-serverenabletraps
floodguardenable
sysoptconnectionpermit-ipsec
cryptoipsectransform-setmysetesp-desesp-md5-hmac
!
---ThisistraffictoPIXCentral.
cryptomapnewmap10ipsec-isakmp
cryptomapnewmap10matchaddress110
cryptomapnewmap10setpeer172.18.124.153
cryptomapnewmap10settransform-setmyset
cryptomapnewmapinterfaceoutside
isakmpenableoutside
isakmpkey********address172.18