Home | Troubleshooting |  Quick Setup  |  Cisco How to  |  Data Recovery  |  Forums   | Blog | IT Exam Practice | Services  | About Us | Chicagotech MVP  | Search  | Contact Us  |               Select a Topic VPN How To Network How To Remote Access How To Windows How To Internet How To New Topics    Laptop for rent: $35 per day plus $5 for additional day

The Sample of Cisco PIX VPN Configuration

PIX Version 6.3(3)

interface ethernet0 auto

interface ethernet1 auto

nameif ethernet0 outside security0

nameif ethernet1 inside security100

hostname CHICAGOTECH

domain-name chicagotech.net

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

name 172.16.254.2 chicagotech

access-list outside_in permit icmp any any

access-list outside_in permit tcp any host 192.168.10.253 eq 3389

access-list outside_inbound_nat0_acl permit ip 192.168.10.0 255.255.255.0 any

access-list 10 permit 192.168.10.0 255.255.255.0

access-list 192_splitTunnelAcl permit ip 192.168.10.0 255.255.255.0 any

pager lines 24

logging on

logging trap errors

logging device-id hostname

mtu outside 1500

mtu inside 1500

ip address outside 192.168.10.254 255.255.255.0

ip address inside 172.16.254.1 255.255.0.0

ip audit info action alarm

ip audit attack action alarm

ip local pool 172pool 172.16.10.1-172.16.10.9

pdm location chicagotech 255.255.255.255 inside

pdm history enable

arp timeout 14400

global (outside) 2 192.168.10.250-192.168.10.253

global (outside) 1 interface

nat (outside) 0 access-list outside_inbound_nat0_acl outside

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) 192.168.10.253 chicagotech netmask 255.255.255.255 0 0

static (inside,outside) 192.168.10.111 172.16.254.1 netmask 255.255.255.255 0 0

access-group outside_in in interface outside

route outside 0.0.0.0 0.0.0.0 192.168.10.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

http server enable

http 172.16.0.0 255.255.0.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto dynamic-map outside_dyn_map 10 set transform-set ESP-3DES-MD5

crypto dynamic-map outside_dyn_map 10 set security-association lifetime seconds 600 kilobytes 4608000

crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map

crypto map outside_map interface outside

isakmp enable outside

isakmp nat-traversal 20

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

vpngroup 192 address-pool 172pool

vpngroup 192 dns-server 4.2.2.1

vpngroup 192 split-tunnel 192_splitTunnelAcl

vpngroup 192 idle-time 1800

vpngroup 192 password ********

telnet 172.16.0.0 255.255.0.0 inside

telnet timeout 5

ssh timeout 5

console timeout 0

terminal width 80

c1d5339ed86da9387018e5ff220b846a

: end

Post your questions, comments, feedbacks and suggestions

Related Topics

Cisco Router and Firewall Configuration Samples