|
|
发表于 2006-8-30 17:07:45| 字数 5,857| - 中国–北京–北京 光环新网
|
显示全部楼层
|阅读模式
各位大哥,快帮帮我,我是刚毕业的,在一家公司上班了,现在做VPN呢,但是现在不通啊,我好郁闷啊,好了,废话就不多说了,先谢过各位大哥了.
vpn呢,只是说员工回了家还可以访问公司 的资源就可以了,原来PIX里有配置 ,好像原来可以用吧,但是那个人不在了,得我弄呢,我不会,我现在在客户端用vpn client那个软件登 录的时候他提示用户认证失败,我不知道什么原因,这个认证还需要架服务器吗?我这里没有服务器,下面是PIX里的配置,希望各位大哥能帮帮我!
PIX Version 6.3(3)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password OUibOyAziDa9WGe/ encrypted
passwd y3qJjV3ViRxrTX36 encrypted
hostname firewall506
domain-name ciscopix.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol icmp error
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list 101 deny ip 192.168.0.0 255.255.0.0 host 219.133.40.138
access-list 101 deny ip 192.168.0.0 255.255.0.0 host 219.133.60.31
access-list 101 deny ip 192.168.0.0 255.255.0.0 host 219.133.49.171
access-list 101 deny tcp 192.168.0.0 255.255.0.0 host 65.54.225.254 eq 1863
access-list 101 deny tcp 192.168.0.0 255.255.0.0 host 65.54.226.254 eq 1863
access-list 101 deny tcp 192.168.0.0 255.255.0.0 host 65.54.228.244 eq 1863
access-list 101 deny tcp 192.168.0.0 255.255.0.0 host 65.54.228.253 eq 1863
access-list 101 deny tcp 192.168.0.0 255.255.0.0 host 65.54.229.248 eq 1863
access-list 101 deny tcp 192.168.0.0 255.255.0.0 host 65.54.229.253 eq 1863
access-list 101 deny tcp 192.168.0.0 255.255.0.0 host 65.54.225.241 eq 1863
access-list 101 deny tcp 192.168.0.0 255.255.0.0 host 65.54.226.247 eq 1863
access-list 101 deny ip 192.168.0.0 255.255.0.0 host 219.133.38.47
access-list 101 deny ip 192.168.0.0 255.255.0.0 host 219.133.38.46
access-list 101 deny ip 192.168.0.0 255.255.0.0 host 219.133.49.72
access-list 101 deny ip 192.168.0.0 255.255.0.0 host 219.133.40.216
access-list 101 deny ip 192.168.0.0 255.255.0.0 host 219.133.38.44
access-list 101 deny ip 192.168.0.0 255.255.0.0 host 219.133.38.43
access-list 101 deny ip 192.168.0.0 255.255.0.0 host 219.133.40.215
access-list 101 deny ip 192.168.0.0 255.255.0.0 host 219.133.38.131
access-list 101 deny ip 192.168.0.0 255.255.0.0 host 219.133.48.108
access-list 101 deny ip 192.168.0.0 255.255.0.0 host 219.133.49.74
access-list 101 deny ip 192.168.0.0 255.255.0.0 host 219.133.38.136
access-list 101 deny ip 192.168.0.0 255.255.0.0 host 219.133.38.135
access-list 101 deny ip 192.168.0.0 255.255.0.0 host 219.133.49.172
access-list 101 deny ip 192.168.0.0 255.255.0.0 host 219.133.60.32
access-list 101 deny ip 192.168.0.0 255.255.0.0 host 61.144.238.155
access-list 101 deny ip 192.168.0.0 255.255.0.0 host 218.18.95.236
access-list 101 deny ip 192.168.0.0 255.255.0.0 host 219.133.49.6
access-list 101 deny ip 192.168.0.0 255.255.0.0 host 219.133.49.206
access-list 101 deny ip 192.168.0.0 255.255.0.0 host 219.133.60.34
access-list 101 deny ip 192.168.0.0 255.255.0.0 host 219.133.49.170
access-list 101 deny ip 192.168.0.0 255.255.0.0 host 219.133.49.163
access-list 101 deny ip 192.168.0.0 255.255.0.0 host 219.133.60.18
access-list 101 deny ip 192.168.0.0 255.255.0.0 host 219.133.60.172
access-list 101 deny ip 192.168.0.0 255.255.0.0 host 219.133.48.104
access-list 101 deny ip 192.168.0.0 255.255.0.0 host 207.46.104.20
access-list 101 deny ip 192.168.0.0 255.255.0.0 host 192.168.162.225
access-list 101 deny tcp any any eq 4000
access-list 101 permit tcp host 192.168.10.87 any eq https
access-list 101 permit tcp host 192.168.3.21 any eq https
access-list 101 permit tcp host 192.168.3.31 any eq https
access-list 101 permit tcp host 192.168.3.41 any eq https
access-list 101 permit tcp host 192.168.4.154 any eq https
access-list 101 permit tcp host 192.168.4.145 any eq https
access-list 101 permit ip any any
access-list 101 permit icmp any any
access-list outside_cryptomap_dyn_20 permit ip any 192.168.1.128 255.255.255.224
access-list inside_outbound_nat0_acl permit ip 192.168.0.0 255.255.0.0 192.168.1
.128 255.255.255.224
access-list 102 permit icmp any any
pager lines 24
logging on
logging trap warnings
logging host inside 192.168.3.68
icmp permit any outside
icmp permit any inside
mtu outside 1500
mtu inside 1500
ip address outside 218.97.252.34 255.255.255.240
ip address inside 192.168.1.2 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool pool1 192.168.1.128-192.168.1.159
pdm location 192.168.1.10 255.255.255.255 inside
pdm location 192.168.3.68 255.255.255.255 inside
pdm location 192.168.3.0 255.255.255.0 inside
pdm location 192.168.0.0 255.255.0.0 inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-group 101 in interface outside
access-group 101 in interface inside
route outside 0.0.0.0 0.0.0.0 218.97.252.33 1
route inside 192.168.0.0 255.255.0.0 192.168.1.1 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
aaa-server vpn1 protocol tacacs+
aaa-server vpn1 (inside) host 192.168.1.10 123456 timeout 10
http server enable
http 0.0.0.0 0.0.0.0 outside
http 192.168.0.0 255.255.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-DES-MD5
crypto map outside_map 20 ipsec-isakmp
! Incomplete
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map client authentication vpn1
crypto map outside_map interface outside
isakmp enable outside
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
vpngroup vpn1 address-pool pool1
vpngroup vpn1 idle-time 1800
vpngroup vpn1 password ********
telnet 192.168.3.0 255.255.255.0 inside
telnet timeout 50
ssh 0.0.0.0 0.0.0.0 outside
ssh 192.168.3.0 255.255.255.0 inside
ssh timeout 50
console timeout 0
username admin password BRXgcLxXJzJAhymZ encrypted privilege 2
terminal width 80
Cryptochecksum:2a379a86fc44831d35ad51e76eebc995
: end |
|
[复制链接]
|自动提醒
狗仔卡
离线
提升卡
置顶卡
变色卡
