VPN的配置实例1.docx
- 文档编号:10790086
- 上传时间:2023-02-22
- 格式:DOCX
- 页数:8
- 大小:25.29KB
VPN的配置实例1.docx
《VPN的配置实例1.docx》由会员分享,可在线阅读,更多相关《VPN的配置实例1.docx(8页珍藏版)》请在冰豆网上搜索。
VPN的配置实例1
一、Pix-Pix
PIXCentral
Buildingconfiguration...
:
Saved
:
PIXVersion6.3(3)
interfaceethernet0auto
interfaceethernet1auto
nameifethernet0outsidesecurity0
nameifethernet1insidesecurity100
enablepassword8Ry2YjIyt7RRXU24encrypted
passwd2KFQnbNIdI.2KYOUencrypted
hostnamepix-central
fixupprotocoldnsmaximum-length512
fixupprotocolftp21
fixupprotocolh323h2251720
fixupprotocolh323ras1718-1719
fixupprotocolhttp80
fixupprotocolrsh514
fixupprotocolrtsp554
fixupprotocolsip5060
fixupprotocolsipudp5060
fixupprotocolskinny2000
fixupprotocolsmtp25
fixupprotocolsqlnet1521
fixupprotocoltftp69
names
!
---ThisistraffictoPIX2.
access-list120permitip10.1.1.0255.255.255.010.2.2.0255.255.255.0
!
---ThisistraffictoPIX3.
access-list130permitip10.1.1.0255.255.255.010.3.3.0255.255.255.0
!
---DonotdoNetworkAddressTranslation(NAT)ontraffictootherPIXes.
access-list100permitip10.1.1.0255.255.255.010.2.2.0255.255.255.0
access-list100permitip10.1.1.0255.255.255.010.3.3.0255.255.255.0
pagerlines24
loggingon
mtuoutside1500
mtuinside1500
ipaddressoutside172.18.124.153255.255.255.0
ipaddressinside10.1.1.1255.255.255.0
ipauditinfoactionalarm
ipauditattackactionalarm
pdmhistoryenable
arptimeout14400
!
---DonotdoNATontraffictootherPIXes.
nat(inside)0access-list100
routeoutside0.0.0.00.0.0.0172.18.124.11
timeoutxlate3:
00:
00
timeoutconn1:
00:
00half-closed0:
10:
00udp0:
02:
00rpc0:
10:
00h2251:
00:
00
timeouth3230:
05:
00mgcp0:
05:
00sip0:
30:
00sip_media0:
02:
00
timeoutuauth0:
05:
00absolute
aaa-serverTACACS+protocoltacacs+
aaa-serverRADIUSprotocolradius
aaa-serverLOCALprotocollocal
nosnmp-serverlocation
nosnmp-servercontact
snmp-servercommunitypublic
snmp-serverenabletraps
floodguardenable
sysoptconnectionpermit-ipsec
cryptoipsectransform-setmysetesp-desesp-md5-hmac
!
---ThisistraffictoPIX2.
cryptomapnewmap20ipsec-isakmp
cryptomapnewmap20matchaddress120
cryptomapnewmap20setpeer172.18.124.154
cryptomapnewmap20settransform-setmyset
!
---ThisistraffictoPIX3.
cryptomapnewmap30ipsec-isakmp
cryptomapnewmap30matchaddress130
cryptomapnewmap30setpeer172.18.124.157
cryptomapnewmap30settransform-setmyset
cryptomapnewmapinterfaceoutside应用MAP到outside
isakmpenableoutside开启IKE
isakmpkey********address172.18.124.154netmask255.255.255.255
no-xauthno-config-mode
isakmpkey********address172.18.124.157netmask255.255.255.255
no-xauthno-config-mode
isakmpidentityaddress
isakmppolicy10authenticationpre-share
isakmppolicy10encryptiondes
isakmppolicy10hashmd5
isakmppolicy10group1
isakmppolicy10lifetime1000
telnettimeout5
sshtimeout5
consoletimeout0
terminalwidth80
Cryptochecksum:
d41d8cd98f00b204e9800998ecf8427e
:
end
PIX2
Buildingconfiguration...
:
Saved
:
PIXVersion6.3(3)
interfaceethernet0auto
interfaceethernet1auto
nameifethernet0outsidesecurity0
nameifethernet1insidesecurity100
enablepassword8Ry2YjIyt7RRXU24encrypted
passwd2KFQnbNIdI.2KYOUencrypted
hostnamepix2
fixupprotocoldnsmaximum-length512
fixupprotocolftp21
fixupprotocolh323h2251720
fixupprotocolh323ras1718-1719
fixupprotocolhttp80
fixupprotocolrsh514
fixupprotocolrtsp554
fixupprotocolsip5060
fixupprotocolsipudp5060
fixupprotocolskinny2000
fixupprotocolsmtp25
fixupprotocolsqlnet1521
fixupprotocoltftp69
names
!
---ThisistraffictoPIXCentral.
access-list110permitip10.2.2.0255.255.255.010.1.1.0255.255.255.0
!
---DonotdoNATontraffictoPIXCentral.
access-list100permitip10.2.2.0255.255.255.010.1.1.0255.255.255.0
pagerlines24
loggingon
mtuoutside1500
mtuinside1500
ipaddressoutside172.18.124.154255.255.255.0
ipaddressinside10.2.2.1255.255.255.0
ipauditinfoactionalarm
ipauditattackactionalarm
nofailover
failovertimeout0:
00:
00
failoverpoll15
nofailoveripaddressoutside
nofailoveripaddressinside
pdmhistoryenable
arptimeout14400
!
---DonotdoNATontraffictoPIXCentral.
nat(inside)0access-list100
routeoutside0.0.0.00.0.0.0172.18.124.11
aaa-serverTACACS+protocoltacacs+
aaa-serverRADIUSprotocolradius
aaa-serverLOCALprotocollocal
nosnmp-serverlocation
nosnmp-servercontact
snmp-servercommunitypublic
nosnmp-serverenabletraps
floodguardenable
sysoptconnectionpermit-ipsec
cryptoipsectransform-setmysetesp-desesp-md5-hmac
!
---ThisistraffictoPIXCentral.
cryptomapnewmap10ipsec-isakmp
cryptomapnewmap10matchaddress110
cryptomapnewmap10setpeer172.18.124.153
cryptomapnewmap10settransform-setmyset
cryptomapnewmapinterfaceoutside
isakmpenableoutside
isakmpkey********address172.18.124.153netmask255.255.255.255
no-xauthno-config-mode
isakmpidentityaddressPIX上需要自己手动开启。
isakmppolicy10authenticationpre-share
isakmppolicy10encryptiondes
isakmppolicy10hashmd5
isakmppolicy10group1
isakmppolicy10lifetime1000
telnettimeout5
sshtimeout5
consoletimeout0
terminalwidth80
Cryptochecksum:
d41d8cd98f00b204e9800998ecf8427e
:
end
PIX3Configuration
Buildingconfiguration...
:
Saved
:
PIXVersion6.3(3)
interfaceethernet0auto
interfaceethernet1auto
nameifethernet0outsidesecurity0
nameifethernet1insidesecurity100
enablepassword8Ry2YjIyt7RRXU24encrypted
passwd2KFQnbNIdI.2KYOUencrypted
hostnamepix3
fixupprotocoldnsmaximum-length512
fixupprotocolftp21
fixupprotocolh323h2251720
fixupprotocolh323ras1718-1719
fixupprotocolhttp80
fixupprotocolrsh514
fixupprotocolrtsp554
fixupprotocolsip5060
fixupprotocolsipudp5060
fixupprotocolskinny2000
fixupprotocolsmtp25
fixupprotocolsqlnet1521
fixupprotocoltftp69
names
!
---ThisistraffictoPIXCentral.
access-list110permitip10.3.3.0255.255.255.010.1.1.0255.255.255.0
!
---DonotdoNATontraffictoPIXCentral.
access-list100permitip10.3.3.0255.255.255.010.1.1.0255.255.255.0
pagerlines24
loggingon
mtuoutside1500
mtuinside1500
ipaddressoutside172.18.124.157255.255.255.0
ipaddressinside10.3.3.1255.255.255.0
ipauditinfoactionalarm
ipauditattackactionalarm
nofailover
failovertimeout0:
00:
00
failoverpoll15
nofailoveripaddressoutside
nofailoveripaddressinside
pdmhistoryenable
arptimeout14400
!
---DonotdoNATontraffictoPIXCentral.
nat(inside)0access-list100
routeoutside0.0.0.00.0.0.0172.18.124.11
aaa-serverTACACS+protocoltacacs+
aaa-serverRADIUSprotocolradius
aaa-serverLOCALprotocollocal
nosnmp-serverlocation
nosnmp-servercontact
snmp-servercommunitypublic
nosnmp-serverenabletraps
floodguardenable
sysoptconnectionpermit-ipsec
cryptoipsectransform-setmysetesp-desesp-md5-hmac
!
---ThisistraffictoPIXCentral.
cryptomapnewmap10ipsec-isakmp
cryptomapnewmap10matchaddress110
cryptomapnewmap10setpeer172.18.124.153
cryptomapnewmap10settransform-setmyset
cryptomapnewmapinterfaceoutside
isakmpenableoutside
isakmpkey********address172.18.124.153netmask255.255.255.255
no-xauthno-config-mode
isakmpidentityaddress
isakmppolicy10authenticationpre-share
isakmppolicy10encryptiondes
isakmppolicy10hashmd5
isakmppolicy10group1
isakmppolicy10lifetime1000
telnettimeout5
sshtimeout5
consoletimeout0
terminalwidth80
Cryptochecksum:
aa3bbd8c6275d214b153e1e0bc0173e4
:
end
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- VPN 配置 实例
![提示](https://static.bdocx.com/images/bang_tan.gif)