|
|||||||
|
|
|
 |
|
|
Strumenti |
26-08-2010, 14:52
|
#1 |
|
Member
Iscritto dal: Jan 2005
Messaggi: 83
|
Problemi con vpn cisco pix501
Salve a tutti
ho configurato il seguente apparato cisco da pdm 3.04. I pc dietro il pix501 navigano senza problemi, ma se con un client con un altra connessione internet cerco di farlo connettere alla mia rete, tramite vpn client di cisco, il pc si collega, negozia l'ip, ma poi non riesce a navigare su internet come se stesse sulla lan della vpn. Di seguita la configurazione pix501# sh conf : Saved : Written by enable_15 at 23:56:48.368 UTC Sat Aug 14 2010 PIX Version 6.3(5) interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password XXXXXXXXX encrypted passwd XXXXXX encrypted hostname pix501 domain-name mydomain.com fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names access-list ping_acl permit icmp any any access-list 101 permit ip 10.0.0.0 255.255.255.0 host 192.168.1.180 access-list 101 permit ip 10.0.0.0 255.255.255.0 host 192.168.1.181 access-list 101 permit ip 10.0.0.0 255.255.255.0 host 192.168.1.182 access-list 101 permit ip 10.0.0.0 255.255.255.0 host 192.168.1.183 pager lines 24 mtu outside 1500 mtu inside 1500 ip address outside dhcp setroute ip address inside 10.0.0.254 255.255.255.0 ip audit info action alarm ip audit attack action alarm ip local pool poolVPN_Home 192.168.1.180-192.168.1.183 pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list 101 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 access-group ping_acl in interface outside route outside 0.0.0.0 0.0.0.0 192.168.1.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout sip-disconnect 0:02:00 sip-invite 0:03:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local http server enable http 10.0.0.100 255.255.255.255 inside http 10.0.0.101 255.255.255.255 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec crypto ipsec transform-set setVPN_Home esp-3des esp-md5-hmac crypto dynamic-map mapDinVPN_Home 10 set transform-set setVPN_Home crypto map mapVPN_Home 10 ipsec-isakmp dynamic mapDinVPN_Home crypto map mapVPN_Home client configuration address initiate crypto map mapVPN_Home client configuration address respond crypto map mapVPN_Home client authentication LOCAL crypto map mapVPN_Home interface outside isakmp enable outside isakmp key XXXXX address 0.0.0.0 netmask 0.0.0.0 isakmp identity address isakmp client configuration address-pool local poolVPN_Home outside isakmp policy 20 authentication pre-share isakmp policy 20 encryption 3des isakmp policy 20 hash md5 isakmp policy 20 group 2 isakmp policy 20 lifetime 86400 vpngroup gruppoVPN_Home address-pool poolVPN_Home vpngroup gruppoVPN_Home dns-server 192.168.1.1 vpngroup gruppoVPN_Home wins-server 192.168.1.1 vpngroup gruppoVPN_Home default-domain intranet vpngroup gruppoVPN_Home idle-time 1800 vpngroup gruppoVPN_Home password XXXXXXX telnet 10.0.0.0 255.255.255.0 inside telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd address 10.0.0.100-10.0.0.110 inside dhcpd lease 3600 dhcpd ping_timeout 750 dhcpd auto_config outside dhcpd enable inside username test password XXXXX encrypted privilege 3 terminal width 80 |
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 11:50.
