Center point: PIX515E optical fiber access, fixed IP address.
Branch: 262.16ethernet port), ADSL cat, non-fixed IP address.
The configuration is as follows: center point
User Access Verification Password: Type help or '?' for a list of available commands. pixfirewall> ena Password: ********* pixfirewall# sh run : Saved : PIX Version 6.2(2) nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password HM/y0e4AWPiGT691 encrypted passwd Wgu.mxsstcG42LLg encrypted hostname pixfirewall fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol ils 389 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sqlnet 1521 fixup protocol sip 5060 no fixup protocol skinny 2000 no fixup protocol smtp 25 names access-list 130 permit ip 10.15.0.0 255.255.255.0 10.15.1.0 255.255.255.0 pager lines 24 logging buffered warnings interface ethernet0 auto interface ethernet1 auto mtu outside 1500 mtu inside 1500 ip address outside 61.131. 54.22 255.255.255.248 ip address inside 10.15.0.1 255.255.255.252 ip audit info action alarm ip audit attack action alarm pdm history enable arp timeout 14400 global (outside) 1 interface netmask 255.255.255.248 nat (inside) 0 access-list 130 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 conduit permit icmp any any route outside 0.0.0.0 0.0.0.0 61.131.54.21 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si p 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol local no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec no sysopt route dnat crypto ipsec transform-set xp esp-des esp-md5-hmac crypto dynamic-map dymap 10 set transform-set xp crypto map mymap 10 ipsec-isakmp dynamic dymap crypto map mymap interface outside isakmp enable outside isakmp key ******** address 0.0.0.0 netmask 0.0.0.0 isakmp policy 9 authentication pre-share isakmp policy 9 encryption des isakmp policy 9 hash sha isakmp policy 9 group 2 isakmp policy 9 lifetime 86400 telnet 10.15.0.0 255.255.255.0 inside telnet timeout 15 ssh timeout 5 terminal width 80 Cryptochecksum:fa3fa252ac3694a8546869120e7eb1a9 : end pixfirewall# Branch: Building configuration... Current configuration : 2073 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Router ! boot system tftp c2600-ik8o3s-mz.122-11.T.bin 10.15.1.131 logging buffered 4096 debugging no logging console ! ip subnet-zero ! ! ! ip audit notify log ip audit po max-events 100 vpdn enable ! vpdn-group pppoe request-dialin protocol pppoe ! ! crypto isakmp policy 1 authentication pre-share group 2 lifetime 28800 crypto isakmp key 123456 address 61.131. 54.22 ! ! crypto ipsec transform-set xp esp-des esp-md5-hmac ! crypto map 515e 100 ipsec-isakmp set peer 61.131. 54.22 set security-association lifetime seconds 28800 set transform-set xp match address 131 ! ! ! voice call carrier capacity active ! ! ! ! ! ! ! ! ! mta receive maximum-recipients 0 ! ! ! ! interface Ethernet0/0 ip address 10.15.1.251 255.255.255.0 ip nat inside no ip route-cache no ip mroute-cache full-duplex ! interface Serial0/0 no ip address shutdown ! interface Ethernet0/1 no ip address no ip route-cache no ip mroute-cache full-duplex pppoe enable pppoe-client dial-pool-number 1 crypto map 515e ! interface Serial0/1 no ip address shutdown ! interface Serial0/2 no ip address shutdown ! interface Serial0/3 no ip address shutdown ! interface Dialer1 ip address negotiated ip mtu 1492 ip nat outside encapsulation ppp no ip route-cache no ip mroute-cache dialer pool 1 dialer-group 1 ppp authentication pap callin ppp pap sent-username 123456 password 0 123456 crypto map 515e ! ip nat inside source list 132 interface Dialer1 overload ip classless ip route 0.0.0.0 0.0.0.0 Dialer1 ip http server ip pim bidir-enable ! ! access-list 1 permit 10.15.1.0 0.0.0.255 access-list 131 permit ip 10.15.1.0 0.0.0.255 10.15.0.0 0.0.0.255 access-list 132 deny ip 10.15.1.0 0.0.0.255 10.15.0.0 0.0.0.255 access-list 132 permit ip 10.15.1.0 0.0.0.255 any dialer-list 1 protocol ip permit ! call rsvp-sync ! ! mgcp profile default ! dial-peer cor custom ! ! ! ! ! line con 0 line aux 0 line vty 0 4 login ! ! end Router# |
In this experiment, I am not very clear about ADSL. I use ZTE 831ADSL cat, which supports routing and NAT. I have already configured it when the local Netcom gets it. I cannot connect it to the vro, check the information to know that you must use the bridge mode. Find a pin and stick it to the RESET port of the cat. The whole world is clean. Everything is OK!