本站已运行

攻城狮论坛

作者: Cmyrtle
查看: 1721|回复: 12

主题标签Tag

more +今日重磅推荐Recommend No.1

所有IT类厂商认证考试题库下载所有IT类厂商认证考试题库下载

more +随机图赏Gallery

【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器

[安全] 急,客户端是adsl上网,怎么才能登陆进pix515E的vpn

[复制链接]
查看: 1721|回复: 12
开通VIP 免金币+免回帖+批量下载+无广告
需要在防火墙上做如何配置
( I& c/ P$ k. z8 I防火墙是 pix515E
% M% b( }5 {3 m! {3 L$ \1 B8 x1 A8 a& [+ s: `
客户端是pppoe 上网
CCNA考试 官方正规报名 仅需1500元
回复 论坛版权

使用道具 举报

hawk793 [Lv4 初露锋芒] 发表于 2013-7-24 09:35:15 | 显示全部楼层
看我的帖子,& a# `$ M& k: }. p7 T! w, L
用cisco的客户端软件
回复 支持 反对

使用道具 举报

eric980643 [Lv4 初露锋芒] 发表于 2013-7-24 18:02:55 | 显示全部楼层
我用的客户端软件是 cisco vpn client 4.0.1
回复 支持 反对

使用道具 举报

sleet [Lv4 初露锋芒] 发表于 2013-7-24 19:18:58 | 显示全部楼层
提示,the necessary vpn sub-system is not valiable% b- O: b  }, h' y0 u) U2 a! y
you can't connect to the remote vpn server
回复 支持 反对

使用道具 举报

rinker [Lv4 初露锋芒] 发表于 2013-7-24 21:46:47 | 显示全部楼层
pixfirewall#show run
9 u1 l: |0 O+ I; ]7 o/ s' w: Saved$ `4 v! g$ [2 X0 u: M) Y- K
:; M3 g1 O! U! }+ N
PIX Version 6.3(3)3 O8 f" g; g  R  q5 V0 J8 q
interface ethernet0 100full* @+ g7 X, Z) a0 c% _+ p
interface ethernet1 100full
2 m4 s7 X. X/ n- Wnameif ethernet0 outside security0
# w0 l0 W; P1 Y* @% g, O& ynameif ethernet1 inside security1004 ^3 B5 D& V/ O
enable password 8Ry2YjIyt7RRXU24 encrypted( n" b0 V0 l" x- s3 w) ^
passwd 2KFQnbNIdI.2KYOU encrypted
3 v3 F; D) i7 e  y: whostname pixfirewall
- w1 `- J) H/ M9 rfixup protocol dns maximum-length 512
. i* S8 w0 d/ P, g0 R2 f2 mfixup protocol ftp 21+ C# [9 K5 w' A+ O
fixup protocol h323 h225 1720) M7 x0 V( C8 G1 `( G& H
fixup protocol h323 ras 1718-1719. }2 Q- [( `3 T% @8 F5 \
fixup protocol http 80
0 l; L! Z. {9 ?8 Z7 b+ k. W/ C( f. J' afixup protocol rsh 514; R5 c& T9 H/ g  W6 {/ \% s" v, f
fixup protocol rtsp 554
2 X0 Z4 i' u4 v: V) |# Sfixup protocol sip 5060+ W6 M' N. N3 S! _/ A
fixup protocol sip udp 5060/ V: W2 [) v5 H/ a
fixup protocol skinny 2000
# u( j# [* T; Bfixup protocol smtp 25
) \, x" {$ O8 t+ T+ Ufixup protocol sqlnet 15211 N3 j+ I( ]8 T+ A9 h% y; x9 ?
fixup protocol tftp 69
. _# y" g3 E5 D+ ^names
/ `6 c) E2 r8 D
/ Z$ a) R4 G) |  s7 O; w1 l4 k+ n4 u!--- Do not use Network Address Translation (NAT) for inside-to-pool: J+ }) A$ w8 K  n
!--- traffic. This should not go through NAT.
& ?5 X% r6 k5 k6 q) e* A& }0 b/ E+ g% M' d6 U  f& B/ q
access-list 101 permit ip 10.89.129.128 255.255.255.240 10.89.129.192 255.255.255.240; ^1 ]1 [; A  c4 m- g& S

# Z0 N4 S' \; X7 E1 B0 v!--- Permits Internet Control Message Protocol (ICMP)/ S; `1 M  R' l7 H" N8 S
!--- Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)& |5 v. l# K1 m, [+ l
!--- traffic from any host on the Internet (non-VPN) to the web server.. h" k- @# d( z

: ~; q$ u' k# G/ ?access-list 120 permit icmp any host 10.89.129.131
$ [  V1 K+ g3 l( jaccess-list 120 permit tcp any host 10.89.129.1318 A/ x0 Z# k% g1 V( Y- n( }2 d) Z
access-list 120 permit udp any host 10.89.129.131+ @$ N# H5 ^( y' e2 @

( g2 k! c+ e4 B9 J0 N+ b9 |0 Z- C4 qpager lines 24
5 ]; v9 Z3 o+ D: }2 ~- r$ S5 ]mtu outside 1500, B1 e! v" R9 T( ~
mtu inside 1500
" ~) R0 m4 A! ~3 K% O! wip address outside 192.168.1.1 255.255.255.0* F8 O; e& U! f4 s+ L! ^) r; E
ip address inside 10.89.129.194 255.255.255.240/ j' u- s  [, Q5 S
ip audit info action alarm
; f' `2 _4 J) wip audit attack action alarm
: C! i1 i% G1 }6 S" h6 D9 z; l3 I9 }% X0 E* n7 \
!--- Specifies the inside IP address range to be assigned% }. I& `3 g7 Q1 d6 p
!--- to the VPN Clients.
; ]8 r: y7 F4 K% f9 W$ \
, q4 h$ v* O) E$ k* fip local pool VPNpool 10.89.129.200-10.89.129.204
3 k, K4 C- M# p) J; u/ E( Qno failover$ e7 L1 k/ O, @6 F  u# Z0 U
failover timeout 0:00:00
( T# P* t7 Q, }2 Pfailover poll 15
: M! }0 V" F! X+ ~no failover ip address outside
# a/ D0 F; r' w- h# g. Kno failover ip address inside
* Y5 T$ t2 S2 m7 r% M: u! Gpdm history enable
4 R4 }# `  ]2 R4 }. h. harp timeout 14400
" |8 v, z* r) I* S- f$ O, q+ T- I; C- J! a& s$ z; ?/ d
!--- Defines a pool of global addresses to be used by NAT.( c$ l  E! h2 P. n- Q

9 J9 A) A; Z& G  x# B2 [& Xglobal (outside) 1 192.168.1.6-192.168.1.10
# I* `1 q1 L5 n, j0 t2 O9 \
8 N5 h& ]" X7 R9 }4 hnat (inside) 0 access-list 101
" Y  g. [( j1 u  p6 E3 wnat (inside) 1 0.0.0.0 0.0.0.0 0 0# @) ]8 N* G- T& a) b' [) W; h! N
+ Q& r6 _0 y' o+ r+ k
!--- Specifies which outside IP address to apply to the web server.1 L3 N; ^7 T0 z6 |
: G( y$ J4 a) f& x' v
static (inside,outside) 192.168.1.11 10.89.129.131 netmask 255.255.255.255 0 05 d  p- O, ~8 J7 @) f

! r( |$ h; K' a, Y+ S3 s!--- Apply ACL 120 to the outside interface in the inbound direction.7 j  X* G' t! X- }0 {: j3 N

4 q; b' [6 A5 ?access-group 120 in interface outside$ G. y' \9 Y/ T" J" Q3 j+ j5 X
: @$ E' e+ _  E! O. O% j
!--- Defines a default route for the PIX.
( I9 E) N$ a8 M0 n  x: T
6 F8 S: z9 g7 G9 xroute outside 0.0.0.0 0.0.0.0 192.168.1.3 1
1 S0 A$ h% r1 x% X8 b* j! [9 a7 d# k: e* ~' d
!--- Defines a route for traffic within the PIX's4 S  e8 Y8 t" I' `( L
!--- subnet to reach other inside hosts.
7 G. u: z" v4 N- y: X! W1 ]( p
. \! e2 h$ ~, D2 V* r6 |route inside 10.89.129.128 255.255.255.128 10.89.129.193 1
9 s$ s9 }: u) X5 B: o" n# ?+ E
$ r2 u5 H+ K/ _timeout xlate 3:00:00
) ^4 z! Y  }8 V; U/ etimeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
7 d) u3 }+ n/ d- H" Y# Ctimeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
8 S8 q% [4 Z( G' I" _timeout uauth 0:05:00 absolute1 {9 c' @6 p2 c& z4 Z' @$ v' m
aaa-server TACACS+ protocol tacacs+- Z! G5 |- H5 n7 r
aaa-server RADIUS protocol radius4 ?5 {" P, V, Z2 Q- ~6 b1 I
aaa-server LOCAL protocol local
4 c9 O: Y5 Q) q0 q. q" l- u
& T& X5 N6 C! {!--- Authentication, authorization, and accounting (AAA)
" @# j4 T9 Z% G1 P$ Y: C: J* z!--- statements for authentication. Method AuthInbound uses TACACS+.0 \5 f; t3 F0 A% g5 k+ w! }0 p/ n
  Z; w& a. ^9 g& S. \
aaa-server AuthInbound protocol tacacs+
3 g) o& M8 \% `: K* d/ R( |6 _7 d9 z! C$ |! x) R
!--- Specify the TACACS+ server and key.
: {; p6 Q$ M: [. \0 G" w% J/ }& ~3 j" X) R- }: I4 X7 j9 N: S2 X
aaa-server AuthInbound (inside) host 10.89.129.134 <deleted> timeout 10
+ P; H# B7 k+ Q9 G' {  E, r  ]- q) r& h$ S9 J1 f. a$ w" [( {
!--- Authenticate HTTP, FTP, and Telnet traffic to the web server.( q5 M2 t( ^- K  W; M( T$ b+ M
9 P( i' i7 u0 Z; z6 `! A7 f
aaa authentication include http outside # D/ U3 |' T& ~. o' E
10.89.129.131 255.255.255.255 0.0.0.0 0.0.0.0 AuthInbound3 l( N) n. R: B6 g- i
+ h; H, f- t, A! F7 @2 {# w
aaa authentication include ftp outside0 M: f4 A( o5 ?4 H  Z
10.89.129.131 255.255.255.255 0.0.0.0 0.0.0.0 AuthInbound/ Z5 q! T3 M- T. Z- J. C0 t
3 V3 `. b, q+ Z0 e' F6 j
aaa authentication include telnet outside 7 I  ?, t# b) u" b% g- U' U+ k
10.89.129.131 255.255.255.255 0.0.0.0 0.0.0.0 AuthInbound7 o  w  q  H8 V$ N5 j$ \. ]3 A4 l
% u  m" w6 i" m; Y. Y
no snmp-server location+ X  h$ L  d* _, b4 `0 n
no snmp-server contact
8 A. N# A  E; K) vsnmp-server community public
* z* B1 t5 p3 i& q. F! yno snmp-server enable traps# p& f! R# }/ W5 n, \; B
floodguard enable
( _# u( e+ p4 x* v" ?/ M5 x
2 M! c1 a# ^8 ]- X!--- Trust IPSec traffic and avoid going through ACLs/NAT.
  V3 }4 H6 L% d5 N4 t# e7 J1 A" t
. s4 o# b* @$ a6 H1 q" I7 |+ P/ x1 [sysopt connection permit-ipsec
. ]$ O, f7 e" d8 D, O( }, c
% A1 c5 |# |8 H/ j!--- IPSec and dynamic map configuration.
% O: O# Y% C+ J2 I( @: w2 t) T4 X# _( J# T* w/ L- l, Z  |/ h
crypto ipsec transform-set myset esp-des esp-md5-hmac
& ?. R; f) p) w+ wcrypto dynamic-map dynmap 10 set transform-set myset
/ D7 ?6 q0 [& g. ?3 Rcrypto map mymap 10 ipsec-isakmp dynamic dynmap
2 [# H0 x6 y* Q8 e9 Q7 i1 f) ^- p
6 ]. c- K* ?: {8 I" f!--- Assign IP address for VPN 1.1 Clients.
/ Q$ }- n% G8 K, ~" m% V1 z* z. }- I! |1 a3 P2 X- ]
crypto map mymap client configuration address initiate2 ~' {; ^4 Q# \% g# ]* B2 P
crypto map mymap client configuration address respond6 ^! P/ x0 |$ j, `0 c0 z

& ~' `7 b% e2 j) l!--- Use the AAA server for authentication (AuthInbound).
8 h5 g4 R7 T5 J  M0 C. a3 p" H' \% @7 m! N. q
crypto map mymap client authentication AuthInbound; h( [  c# ^& R% d" s
0 [3 M/ D1 j! d3 m" b" X4 P! y2 d
!--- Apply the IPSec/AAA/ISAKMP configuration to the outside interface.
5 O7 W. j' A* [0 z& P% n- O
- L7 O/ {, [1 ?/ O6 M: ^crypto map mymap interface outside
/ ^1 Q& K) Q( I+ R; ^! sisakmp enable outside, o  m; B. S0 D* k4 W9 e5 u! M+ X
, A: x- T  n4 Z
!--- Pre-shared key for VPN 1.1 Clients.
$ C+ `3 V4 _* h# K" M; S% ~* W2 y
9 J" R8 E* ?& t: @% \isakmp key ******** address 0.0.0.0 netmask 0.0.0.0
# L7 {9 O7 @+ s; A7 X' pisakmp identity address+ U; Y- N$ f2 B
# X# [6 c! _8 e/ C/ k- \
!--- Assign address from &quot;VPNpool&quot; pool for VPN 1.1 Clients.
0 K; N1 c) p3 g  l2 }$ D+ z- u$ u% U4 w/ p1 [1 ~0 G; Y
isakmp client configuration address-pool local VPNpool outside
. |- H) U/ {1 k  I& U$ Q
5 u/ q% _! |" b& o5 S, Z9 k( `, h!--- ISAKMP configuration for VPN Client 3.x/4.x.
5 v, V/ E) u+ t) m  q5 n% k* B0 w2 R& L$ P0 P2 W# ~" Q- h- O
isakmp policy 10 authentication pre-share
; {; v* T3 T1 r/ k* j( A; Wisakmp policy 10 encryption des
  `. c1 P# i2 O& L% _" k6 @isakmp policy 10 hash md5
2 k( @! w# O+ X9 I. h5 Y5 M9 _3 W6 Visakmp policy 10 group 21 T' t) t2 \7 w' V% l4 d& |
isakmp policy 10 lifetime 86400" A8 K0 h  Q5 Z$ k

8 r8 i# {* d; Y7 U; [3 R!--- ISAKMP configuration for VPN Client 1.x.& t5 v9 D! y/ I2 i
4 n8 D. H5 V0 R
isakmp policy 20 authentication pre-share) l/ m2 l. a- c" m
isakmp policy 20 encryption des
1 j4 A0 S, u" i, r, @* wisakmp policy 20 hash md57 _  f3 _$ i% L; n, L
isakmp policy 20 group 1% U2 J1 b, Q" v0 W4 D2 k; r6 U
isakmp policy 20 lifetime 86400
" A+ v$ ^% i. P: N( m7 S, R2 X& Q! u- f9 z, j7 ?& j
!--- Assign addresses from &quot;VPNpool&quot; for VPN Client 3.x/4.x.
, l! U- }! J# v# i/ B/ G0 w: U7 g' L
vpngroup vpn3000 address-pool VPNpool( ]3 s$ n+ E# [  [& H

7 l2 q% O8 j6 q) N, X+ ]vpngroup vpn3000 idle-time 1800% @/ Z) x8 d! X7 ]* A9 G  a, n
2 b  `' d2 T+ _7 [* }7 ~
" [4 _% _0 I& \% g; p! u' j
!--- Group password for VPN Client 3.x/4.x (not shown in configuration).( _3 Q3 J2 E7 p( [
& K' p8 h0 Q  Q0 Z
vpngroup vpn3000 password ********
/ C% e! o( S  U; {; U9 K2 Btelnet timeout 5+ `1 R1 G! x4 f) v4 T. y) R$ G8 ]
ssh timeout 5: L7 U6 e- H: ~+ m  ^' v- b& @
console timeout 00 v9 h8 C( ^" Y% U* G
terminal width 80
. _2 w( U5 p( i! \3 j8 wCryptochecksum:ba54c063d94989cbd79076955dbfeefc
0 q. D! v& P8 A0 b2 }3 c7 f* Y* k' h: end$ l0 H1 k6 j- \5 }4 a8 ]) V
pixfirewall#
回复 支持 反对

使用道具 举报

mosheh [Lv5 不断成长] 发表于 2013-7-24 23:12:03 | 显示全部楼层
我和你配的差不多,我用公网ip可以连上vpn
0 Q9 p" h& h0 ]' nadsl的pppoe访问不了
回复 支持 反对

使用道具 举报

ayayay [Lv8 技术精悍] 发表于 2013-11-6 22:00:54 | 显示全部楼层
不错不错,楼主您辛苦了。。。
回复 支持 反对

使用道具 举报

sadasz [Lv8 技术精悍] 发表于 2013-11-7 20:26:09 | 显示全部楼层
路过,支持一下啦
回复 支持 反对

使用道具 举报

azcat [Lv8 技术精悍] 发表于 2013-11-9 10:22:14 | 显示全部楼层
支持一下:lol
回复 支持 反对

使用道具 举报

楚行云 [Lv8 技术精悍] 发表于 2013-11-9 10:55:03 | 显示全部楼层
回复 支持 反对

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

QQ|无图浏览|手机版|网站地图|攻城狮论坛

GMT+8, 2026-7-4 06:42 , Processed in 0.099347 second(s), 10 queries , Gzip On, MemCache On.

Powered by Discuz! X3.4 © 2001-2013 Comsenz Inc.

Designed by ARTERY.cn