Configurer VPN client sur un pix501 cisco

Configurer VPN client sur un pix501 cisco - Réseaux - Réseaux grand public / SoHo

Marsh Posté le 22-10-2011 à 15:02:06    

Bonjour tout le monde  
voila je viens vers vous pour savoir si quelqu'un pourrais m'aider à configurer mon PIX 501 pour réaliser un vpn client.  
la version de mon PIX est la 6.3  
j'utilise un client vpn version 5.0.4  
 
la config que j'ai mis sur le pix est la suivante :  
   
negociador# sh run  
: Saved  
:  
PIX Version 6.3(5)  
interface ethernet0 auto  
interface ethernet1 100full  
nameif ethernet0 outside security0  
nameif ethernet1 inside security100  
enable password 8Ry2YjIyt7RRXU24 encrypted  
passwd 2KFQnbNIdI.2KYOU encrypted  
hostname negociador  
domain-name tsevpn.com  
fixup protocol dns maximum-length 512  
fixup protocol ftp 21  
fixup protocol h323 h225 1720  
fixup protocol h323 ras 1718-1719  
fixup protocol http 80  
fixup protocol rsh 514  
fixup protocol rtsp 554  
fixup protocol sip 5060  
fixup protocol sip udp 5060  
fixup protocol skinny 2000  
fixup protocol smtp 25  
fixup protocol sqlnet 1521  
fixup protocol tftp 69  
names  
access-list 101 permit ip 10.1.1.0 255.255.255.0 10.1.2.0 255.255.255.0  
access-list 102 permit ip 10.1.1.0 255.255.255.0 10.1.2.0 255.255.255.0  
access-list 120 permit icmp any any  
pager lines 24  
logging buffered debugging  
mtu outside 1500  
mtu inside 1500  
ip address outside L4ip de ma box 255.255.255.0  
ip address inside 10.1.1.1 255.255.255.0  
ip audit info action alarm  
ip audit attack action alarm  
ip local pool vpnpool1 10.1.2.1-10.1.2.254 mask 255.255.255.0  
pdm history enable  
arp timeout 14400  
global (outside) 1 interface  
nat (inside) 0 access-list 102  
nat (inside) 1 10.1.1.0 255.255.255.0 0 0  
access-group 120 in interface outside  
rip inside default version 1  
route outside 0.0.0.0 0.0.0.0 passrelle de ma box 1  
timeout xlate 3:00:00  
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00  
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00  
timeout sip-disconnect 0:02:00 sip-invite 0:03:00  
timeout uauth 0:05:00 absolute  
aaa-server TACACS+ protocol tacacs+  
aaa-server TACACS+ max-failed-attempts 3  
aaa-server TACACS+ deadtime 10  
aaa-server RADIUS protocol radius  
aaa-server RADIUS max-failed-attempts 3  
aaa-server RADIUS deadtime 10  
aaa-server LOCAL protocol local  
http server enable  
no snmp-server location  
no snmp-server contact  
snmp-server community public  
no snmp-server enable traps  
floodguard enable  
sysopt connection permit-ipsec  
crypto ipsec transform-set ESP-AES-SHA esp-aes-256 esp-sha-hmac  
crypto dynamic-map outside_dyn_map 10 set transform-set ESP-AES-SHA  
crypto map outside_map 10 ipsec-isakmp dynamic outside_dyn_map  
crypto map outside_map interface outside  
isakmp enable outside  
isakmp identity address  
isakmp nat-traversal 20  
isakmp policy 10 authentication pre-share  
isakmp policy 10 encryption aes-256  
isakmp policy 10 hash sha  
isakmp policy 10 group 2  
isakmp policy 10 lifetime 86400  
vpngroup tsevpn address-pool vpnpool1  
vpngroup tsevpn dns-server 212.27.40.240 212.27.40.241  
vpngroup tsevpn default-domain vpntse.com  
vpngroup tsevpn split-tunnel 101  
vpngroup tsevpn idle-time 1800  
vpngroup tsevpn password ********  
vpngroup vpntse idle-time 1800  
telnet 10.1.1.2 255.255.255.255 inside  
telnet 10.1.1.0 255.255.255.0 inside  
telnet timeout 5  
ssh 10.1.1.0 255.255.255.0 inside  
ssh timeout 5  
console timeout 0  
username admin password YQ7us2tBAraRV9Le encrypted privilege 2  
terminal width 80  
Cryptochecksum:9e126462453ea8f1ed34a28635152583  
: end  
 
merci pour votre aide

Reply

Marsh Posté le 22-10-2011 à 15:02:06   

Reply

Marsh Posté le 24-10-2011 à 10:50:38    

Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed