|
message from discussion view parsed - show only message text path: g2news2.google.com!postnews.google.com!i3g2000cwc.googlegroups.com!not-for-mail from: "jsandlin" <jasonsandli...@yahoo.com> newsgroups: comp.dcom.sys.cisco subject: re: pix-to-sonicwall vpn... date: 16 oct 2006 10:12:44 -0700 organization: lines: 198 message-id: <1161018764.286801.235830@i3g2000cwc.googlegroups.com> references: <1159282471.556666.288320@i3g2000cwc.googlegroups.com> <aoisg.49336$1t2.28202@pd7urf2no> nntp-posting-host: 206.28.39.77 mime-version: 1.0 content-type: text/plain; charset="iso-8859-1" x-trace: posting.google.com 1161018767 4536 127.0.0.1 (16 oct 2006 17:12:47 gmt) x-complaints-to: groups-abuse@google.com nntp-posting-date: mon, 16 oct 2006 17:12:47 +0000 (utc) in-reply-to: <aoisg.49336$1t2.28202@pd7urf2no> user-agent: g2/1.0 x-http-useragent: mozilla/4.0 (compatible; msie 6.0; windows nt 5.1; sv1),gzip(gfe),gzip(gfe) complaints-to: groups-abuse@google.com injection-info: i3g2000cwc.googlegroups.com; posting-host=206.28.39.77; posting-account=anmkpw0aaacflx8iwv7edlzs1qmhqppd i still have not got this going. i have removed all of my attempts to create this from my pix. my current config is below. i need the commands to be able to add the vpn from my pix to the sonicwall without disturbing the remote clients using aes-256. please help me..... thanks so much for your help. below is my config. : saved : pix version 7.0(4) ! hostname pixfirewall domain-name default.domain enable password /r9ayom.cup8ngkt encrypted names name 192.168.100.0 remote_users name 162.40.148.0 wan ! interface ethernet0 nameif outside security-level 0 ip address 162.40.148.2 255.255.255.248 ! interface ethernet1 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 ! interface ethernet2 nameif inside2 security-level 100 ip address 192.168.0.1 255.255.255.0 ! passwd 2kfqnbnidi.2kyou encrypted ftp mode passive same-security-traffic permit intra-interface access-list 102 extended permit ip 192.168.0.0 255.255.255.0 remote_users 255.255.255.0 access-list 102 extended permit ip any any access-list 102 extended permit ip 192.168.0.0 255.255.255.0 any access-list 102 extended permit ip any 192.168.0.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip any remote_users 255.255.255.0 access-list inside_nat0_outbound extended permit ip any 172.20.1.0 255.255.255.0 access-list 103 extended permit ip 192.168.1.0 255.255.255.0 remote_users 255.255.255.0 access-list 103 extended permit ip 192.168.0.0 255.255.255.0 remote_users 255.255.255.0 access-list 103 extended permit ip 192.168.254.0 255.255.255.0 remote_users 255.255.255.0 access-list 105 standard permit 192.168.1.0 255.255.255.0 access-list 105 standard permit 192.168.0.0 255.255.255.0 access-list local_net_access remark cisco vpn client lan and internet access-list local_net_access extended permit ip host 0.0.0.0 any access-list local_net_access extended permit ip 192.168.0.0 255.255.255.0 remote_users 255.255.255.0 access-list local_net_access extended permit ip remote_users 255.255.255.0 192.168.0.0 255.255.255.0 access-list local_net_access extended permit ip 192.168.1.0 255.255.255.0 remote_users 255.255.255.0 ! http-map test strict-http action allow log ! pager lines 24 logging asdm informational mtu outside 1500 mtu inside 1500 mtu inside2 1500 ip local pool vpnpool1 192.168.100.1-192.168.100.254 ip verify reverse-path interface outside no failover icmp permit any echo-reply inside asdm image flash:/asdm-504.bin asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 192.168.1.0 255.255.255.0 nat (inside2) 0 access-list inside_nat0_outbound nat (inside2) 1 192.168.0.0 255.255.255.0 nat (inside2) 1 0.0.0.0 0.0.0.0 route outside 0.0.0.0 0.0.0.0 162.40.148.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server tacacs+ protocol tacacs+ aaa-server radius protocol radius group-policy mountainbilling internal group-policy mountainbilling attributes wins-server value 192.168.0.2 dns-server value 166.102.165.11 166.102.165.13 vpn-idle-timeout 30 split-tunnel-policy tunnelspecified split-tunnel-network-list value local_net_access default-domain value mbs.local username carliec password evbqe/38gti78pce encrypted username carliec attributes vpn-group-policy mountainbilling username olivia password gez/.yttf/nk2y5g encrypted username olivia attributes vpn-group-policy mountainbilling username lynn password se6tm5tmc/iz5.3a encrypted username lynn attributes vpn-group-policy mountainbilling username tabitha password isywfxu/xxnsxk74 encrypted username tabitha attributes vpn-group-policy mountainbilling username drburns password zfc.dzyswtcsxjad encrypted username drburns attributes vpn-group-policy mountainbilling username betty password my3n/zbd1xcqpzsb encrypted username betty attributes vpn-group-policy mountainbilling username aysheas password abbprdilqitwcikk encrypted username aysheas attributes vpn-group-policy mountainbilling username murad password 5njbfqc7.h/2ywpi encrypted username murad attributes vpn-group-policy mountainbilling username jasonsandlin password k.pugho2za3wswz8 encrypted username marybeth password vvys88jd88fldrzm encrypted username marybeth attributes vpn-group-policy mountainbilling username lavernac password vv5hlqikyn6c0/9u encrypted username lavernac attributes vpn-group-policy mountainbilling http server enable http 192.168.1.0 255.255.255.0 inside http 192.168.0.0 255.255.255.0 inside2 no snmp-server location no snmp-server contact snmp-server community public snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set trmset1 esp-aes-256 esp-sha-hmac crypto dynamic-map map2 10 set transform-set trmset1 crypto dynamic-map map2 30 set transform-set trmset1 crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map map1 65535 ipsec-isakmp dynamic map2 crypto map map1 interface outside crypto map maptosw 67 set peer 12.169.45.12 isakmp identity address isakmp enable outside isakmp policy 10 authentication pre-share isakmp policy 10 encryption aes-256 isakmp policy 10 hash sha isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 isakmp nat-traversal 20 tunnel-group mountainbilling type ipsec-ra tunnel-group mountainbilling general-attributes address-pool vpnpool1 default-group-policy mountainbilling tunnel-group mountainbilling ipsec-attributes pre-shared-key * telnet 192.168.1.0 255.255.255.0 inside telnet 192.168.0.2 255.255.255.255 inside2 telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd address 192.168.1.2-192.168.1.254 inside dhcpd lease 3600 dhcpd ping_timeout 50 ! class-map inspection_default match default-inspection-traffic ! ! policy-map global_policy class inspection_default inspect dns maximum-length 512 inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp ! service-policy global_policy global tftp-server inside 192.168.1.2 \backup cryptochecksum:0f3ff9873ea2f870c999f655ad0f48b6 : end pixfirewall# (责任编辑:admin) |
