 |
 |
|||||||||||||||||||
|
||||||||||||||||||||
|
PIX IPSEC/VPN and remote client question - looking for a working config posted 12/02/2002
|
Hi, I need to setup a PIX so that some outside users can tie in securely using IPSEC and a VPN client while others will tie in in the clear and be subject solely to ACL's (and lastly - the general public will have access to ports 80 and 443). My confusion exists in the configuration of what if any ACL to use to tell the VPN what packets to look at for IPSEC and what packets not to look at. My sample config follows: ip address outside 150.140.130.1 255.255.255.0 ip address inside 192.168.1.1 255.255.255.0 ip local pool vpn_users 192.168.2.0-192.168.2.254 sysopt connection permit-ipsec sysopt ipsec pl-compatible no sysopt route dnat crypto ipsec transform-set whatever esp-des esp-md5-hmac crypto ipsec security-association lifetime seconds 3600 crypto map mymap 10 set transform-set whatever crypto map mymap 10 ipsec-isakmp dynamic cisco crypto map mymap interface outside isakmp enable outside isakmp key privatekey address 0.0.0.0 netmask 0.0.0.0 isakmp client configuration address-pool local vpn_users outside isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash md5 isakmp policy 10 group 1 isakmp policy 10 lifetime 28800 Hope that makes sense....
