 |
 |
|||||||||||||||||||
|
||||||||||||||||||||
|
PIX IPSEC/VPN and remote client question - looking for a working config (updated config) posted 12/02/2002
|
Hi, I need to setup a PIX so that some outside users can tie in securely using IPSEC and VPN client version 3 while others will tie in in the clear and be subject solely to ACL's (and lastly - the general public will have access to ports 80 and 443). My confusion exists in the configuration of what if any ACL to use to tell the VPN what packets to look at for IPSEC and what packets not to look at. My updated sample config follows: access-list 100 permit ip host 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 nat 0 access-list 100 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 ip address outside 150.140.130.1 255.255.255.0 ip address inside 192.168.1.1 255.255.255.0 ip local pool vpn_users 192.168.2.0-192.168.2.254 crypto isakmp client configuration address-pool local vpn_users outside crypto ipsec transform-set whatever esp-des esp-md5-hmac crypto ipsec security-association lifetime seconds 3600 crypto dynamic-map dynmap 10 set transform-set whatever crypto map mymap client-configuration address initiate crypto map mymap 10 ipsec-isakmp dynamic dynmap crypto map mymap interface outside isakmp enable outside vpngroup thegroup address-pool vpn_users vpngroup thegroup dns-server 200.100.50.1 vpngroup thegroup wins-server 192.168.1.10 vpngroup thegroup default-domain mydomain.com vpngroup thegroup split-tunnel 80 vpngroup thegroup idle-time 1800 isakmp key privatekey address 0.0.0.0 netmask 0.0.0.0 isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash md5 isakmp policy 10 group 2 isakmp policy 10 lifetime 28800 Thoughts....
