Hi.. May I know whether your PIX 515 at your company is only for your VPN access from home or it can be used for internet access for your company as well.
If I have only one outside interface and one leased line, can it be used as for the internet access and VPN access from home at the same time?? Thanks >From: "BJ Rice" >Reply-To: "BJ Rice" >To: [EMAIL PROTECTED] >Subject: RE: PIX VPN home access question [7:65666] >Date: Tue, 18 Mar 2003 22:05:21 GMT > >The software is available at >http://www.cisco.com/kobayashi/sw-center/sw-vpn.shtml. > >Once you have the VPN tunnel established, there should be no need for a >dial >in line. > >Here is a sample configuration for my VPN tunnel to my home 515 PIX - I >use >DES, I would recommend 3DES. > >PIX Version 6.2(2) >nameif ethernet0 outside security0 >nameif ethernet1 inside security100 >nameif ethernet2 pix/intf2 security10 >nameif ethernet3 pix/intf3 security15 >nameif ethernet4 pix/intf4 security20 >nameif ethernet5 pix/intf5 security25 >enable password XXXXXXX encrypted >passwd XXXXXXX encrypted >hostname XXXXX >fixup protocol ftp 21 >fixup protocol http 80 >fixup protocol h323 h225 1720 >fixup protocol h323 ras 1718-1719 >fixup protocol ils 389 >fixup protocol rsh 514 >fixup protocol rtsp 554 >fixup protocol smtp 25 >fixup protocol sqlnet 1521 >fixup protocol sip 5060 >fixup protocol skinny 2000 >names >access-list 80 permit ip 10.0.0.0 255.255.255.0 10.0.0.0 255.255.255.0 >pager lines 24 >logging on >logging timestamp >logging trap debugging >logging host inside 10.0.0.111 >no logging message 305012 >no logging message 305011 >no logging message 302015 >no logging message 302014 >no logging message 302013 >no logging message 302016 >interface ethernet0 10full >interface ethernet1 10full >interface ethernet2 auto shutdown >interface ethernet3 auto shutdown >interface ethernet4 auto shutdown >interface ethernet5 auto shutdown >mtu outside 1500 >mtu inside 1500 >mtu pix/intf2 1500 >mtu pix/intf3 1500 >mtu pix/intf4 1500 >mtu pix/intf5 1500 >ip address outside dhcp setroute >ip address inside 10.0.0.1 255.255.255.0 >ip address pix/intf2 127.0.0.1 255.255.255.255 >ip address pix/intf3 127.0.0.1 255.255.255.255 >ip address pix/intf4 127.0.0.1 255.255.255.255 >ip address pix/intf5 127.0.0.1 255.255.255.255 >ip audit name IDSATTACK attack action alarm reset >ip audit interface outside IDSATTACK >ip audit info action alarm >ip audit attack action alarm >ip local pool REMOTEIPPOOLS 10.0.0.210-10.0.0.215 >no failover >failover timeout 0:00:00 >failover poll 15 >failover ip address outside 0.0.0.0 >failover ip address inside 0.0.0.0 >failover ip address pix/intf2 0.0.0.0 >failover ip address pix/intf3 0.0.0.0 >failover ip address pix/intf4 0.0.0.0 >failover ip address pix/intf5 0.0.0.0 >pdm location 10.0.0.4 255.255.255.255 inside >pdm location 10.0.0.111 255.255.255.255 inside >pdm location 10.0.0.0 255.0.0.0 inside >pdm history enable >arp timeout 14400 >global (outside) 1 interface >nat (inside) 0 access-list 80 >nat (inside) 1 0.0.0.0 0.0.0.0 0 0 >timeout xlate 3:00:00 >timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 >0:05:00 sip 0:30:00 sip_media 0:02:00 >timeout uauth 0:05:00 absolute >aaa-server TACACS+ protocol tacacs+ >aaa-server RADIUS protocol radius >aaa-server LOCAL protocol local >http server enable >http 10.0.0.111 255.255.255.255 inside >no snmp-server location >no snmp-server contact >snmp-server community public >no snmp-server enable traps >floodguard enable >sysopt connection permit-ipsec >no sysopt route dnat >crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac >crypto dynamic-map outside_dyn_map 10 set transform-set ESP-DES-MD5 >crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map >crypto map outside_map interface outside >isakmp enable outside >isakmp policy 10 authentication pre-share >isakmp policy 10 encryption des >isakmp policy 10 hash md5 >isakmp policy 10 group 2 >isakmp policy 10 lifetime 86400 >vpngroup GROUPNAME address-pool REMOTEIPPOOLS >vpngroup GROUPNAME idle-time 1800 >vpngroup GROUPNAME password xxxxxx >telnet 10.0.0.0 255.255.255.0 inside >telnet timeout 60 >ssh timeout 30 >dhcpd address 10.0.0.2-10.0.0.200 inside >dhcpd lease 3600 >dhcpd ping_timeout 750 >dhcpd auto_config outside >dhcpd enable inside >username XXXX password XXXX encrypted privilege 2 >terminal width 80 >Cryptochecksum:dc24ebe736764b81a98b1e78c3f9f326 >: end _________________________________________________________________ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65845&t=65666 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
