[cisco-ttl] Cisco Pix 520_vpn_olusturma

From: Necmettin (necmi_at_tem.cc)
Date: Thu Sep 09 2004 - 04:47:30 GMT

  • Next message: Fatih Karakurt: "[cisco-ttl] Storage (yardım)"

    Merhaba Benim sizden ricam

    Bir adet Cisco Pix 520 var Bana alttaki configurationlari ornek olarak
    yolladilar VPN Tuneli icin. Karşı firma tunel sadece Firewall uzeri
    yapilabilir diye söyledi. Ben simdi console ile butun gereken degisiklikleri
    yapabiliyorum enable komutundan Firewall'da, ama bana adim adim yol
    gosterilmesi gerekiyor. Siziden ricam bu konfigrasyonu yapabilmem için bana
    adım adım yardımcı olursanız memnun olurum.

    Necmettin ERSÜREKÇİ

     

    Configuration of IPSEC on Business Partner Router
    crypto isakmp policy 1
    hash md5
    authentication pre-share
    crypto isakmp key abcd address (Operator peer IP address)
    crypto isakmp keepalive 15
    !
    crypto ipsec transform-set transac esp-des esp-md5-hmac
    crypto map cryptmap 1 ipsec-isakmp
    set peer (Operator peer IP address)
    set transform-set transac
    match address operator
    !
    int serial 0/0 {assuming that serial 0/0 interface is the tunnel end point
    at EDCH}
    crypto map cryptmap
    !
    ip access-list extended operator
    permit ip (your IP space and subnet mask) (operator server IP space)

     

    Cisco Pix Setup
    crypto ipsec transform-set transac esp-des esp-md5-hmac
    crypto map cryptmap 10 ipsec-isakmp
    crypto map cryptmap 10 match address OPERATOR
    crypto map cryptmap 10 set peer (Operator peer IP address)
    crypto map cryptmap 10 set transform-set transac
    crypto map cryptmap 10 set security-association lifetime seconds 3600
    kilobytes 4608000
    isakmp key abcd address (Operator peer IP address) netmask 255.255.255.255
    isakmp policy 10 authentication pre-share
    isakmp policy 10 encryption des
    isakmp policy 10 hash md5
    isakmp policy 10 group 1
    access-list Operator permit ip (customer IP space and subnet mask) sysopt
    connection permit-ipsec
    crypto map operator interface outside
    isakmp enable outside





    This archive was generated by hypermail 2.1.5 : Thu Sep 09 2004 - 08:39:28 GMT