Step 1 of the configuration of the EZVPNserver of the PIX Firewall, configure NAT1 and NAT0. The traffic of NAT0 is VPN traffic. Pixfirewall (config) # nat (inside) 110.2.2.020.255.0pixfirewall (config) # global (outside) 1 interfacepixfirewall (config) # access-listvpnpermitip
Step 1 of the EZVPN server configuration of the PIX Firewall, configure NAT1 and NAT0. The traffic of NAT0 is VPN traffic. Pixfirewall (config) # nat (inside) 1 10.2.2.0 255.255.255.0 pixfirewall (config) # global (outside) 1 interface pixfirewall (config) # access-list vpn permit ip
PIXFirewallEZVPN serverConfiguration
Step 1,ConfigurationNAT1 and NAT0, where NAT0 traffic is VPN traffic.
Pixfirewall(Config) # Nat (inside) 1 10.2.2.0 255.255.255.0
Pixfirewall (config) # global (outside) 1 interface
Pixfirewall (config) # access-list vpn permit ip 10.2.2.0 255.255.255.0 10.3.3.0 255.255.255.0
Pixfirewall (config) # nat (inside) 0 access-list vpn
Step 2,ConfigurationLocal address pool to assign IP addresses to VPN access users.
Pixfirewall (config) # ip local pool vpn-address 10.3.3.1-10.3.3.254
Step 3,ConfigurationISAKMP policy.
Pixfirewall (config) # crypto isakmp enable outside
Pixfirewall (config) # crypto isakmp policy 10 authentication pre-share
Pixfirewall (config) # crypto isakmp policy 10 encryption 3des
Pixfirewall (config) # crypto isakmp policy 10 hash sha
Pixfirewall (config) # crypto isakmp policy 10 group 2
Step 4,ConfigurationIPSec conversion set and dynamic ing.
Pixfirewall (config) # crypto ipsec transform-set ccie esp-sha-hmac esp-3des
Pixfirewall (config) # crypto dynamic-map vpn-dynamic 10 set transform-set ccie
Step 5,ConfigurationGroup Policy.
Pixfirewall (config) # username juniper password cisco
// Create a local database
Pixfirewall (config) # group-policy remote-policy internal
Pixfirewall (config) # group-policy remote-policy attributes
Pixfirewall (config-group-policy) # split-tunnel-policy tunnelspecified
Pixfirewall (config-group-policy) # split-tunnel-network-list value vpn
// Set the split-tunnel so that the client can access the internet while accessing the company network
Pixfirewall (config-group-policy) # dns-server value 10.2.2.10
Pixfirewall (config) # tunnel-group remote type ipsec-ra
Pixfirewall (config) # tunnel-group remote general-attributes
Pixfirewall (config-general) # address-pool vpn-address
Pixfirewall (config-general) # authentication-server-group local
Pixfirewall (config-general) # default-group-policy remote-policy
// In Group PolicyConfigurationAddress pool and default policy allocation
Pixfirewall (config) # tunnel-group remote ipsec-attributes
Pixfirewall (config-ipsec) # pre-shared-key cisco1234
// Set the pre-shared key
Step 6,ConfigurationEncryption graph.
Pixfirewall (config) # crypto map juniper 10 ipsec-isakmp dynamic vpn-dynamic
Pixfirewall (config) # crypto map cisco interface outside
Post reposted to Cisco Technology Forum guest Network Customer Alliance