Thread: vpn between checkpoint and cisco pix
View Single Post
  #7 (permalink)  
Old 2006-07-15
cqliuke cqliuke is offline
Junior Member
  
Join Date: 2006-06-15
Posts: 15
Rep Power: 0
cqliuke has an average reputation (10+)
Default Re: vpn between checkpoint and cisco pix
以下是PIX 506E VPN的配置内容

: Saved
: Written by enable_15 at 15:35:21.676 GMT Fri Jul 14 2006
!
PIX Version 7.1(2)
!
hostname pix1
domain-name cisco.com
enable password 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0
nameif outside
security-level 0
ip address 210.21.xx.19 255.255.252.0
!
interface Ethernet1
nameif inside
security-level 100
ip address 10.10.10.1 255.255.255.0
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
clock timezone GMT 8
dns server-group DefaultDNS
domain-name cisco.com
access-list acl_out extended permit icmp any any
access-list 101 extended permit ip 10.10.10.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list 102 extended permit ip 10.10.10.0 255.255.255.0 192.168.0.0 255.255.255.0
access-list 110 extended permit ip 10.10.10.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list 110 extended permit ip 10.10.10.0 255.255.255.0 192.168.0.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu inside 1500
icmp permit any outside
icmp permit any inside
asdm location 192.168.0.108 255.255.255.255 inside
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list 110
nat (inside) 1 0.0.0.0 0.0.0.0
access-group acl_out in interface outside
route outside 0.0.0.0 0.0.0.0 210.21.56.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
username cisco password 3USUcOPFUiMCO4Jk encrypted
http server enable
http 0.0.0.0 0.0.0.0 inside
snmp-server host inside 192.168.0.254 community public
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps ipsec start stop
snmp-server enable traps remote-access session-threshold-exceeded
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto map mymap 10 match address 101
crypto map mymap 10 set peer 211.155.xx.115
crypto map mymap 10 set transform-set myset
crypto map mymap 100 match address 102
crypto map mymap 100 set peer 211.155.xx.67
crypto map mymap 100 set transform-set myset
crypto map mymap interface outside
isakmp identity address
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
tunnel-group 211.155.xx.115type ipsec-l2l
tunnel-group 211.155.xx.115ipsec-attributes
pre-shared-key netexpert
tunnel-group 211.155.xx.67type ipsec-l2l
tunnel-group 211.155.xx.67ipsec-attributes
pre-shared-key netexpert
telnet 192.168.0.108 255.255.255.255 inside
telnet 192.168.0.254 255.255.255.255 inside
telnet 10.10.10.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 60
management-access inside
tftp-server inside 192.168.0.108 asdm-512.bin
Cryptochecksum:e892d34a9552c89fce96e80ec566874d
: end
Reply With Quote