Configuration of ADSL + VPN in pix + 2611

Last Update:2013-12-15 Source: Internet

Author: User

Tags hmac

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Center point: PIX515E optical fiber access, fixed IP address.
Branch: 262.16ethernet port), ADSL cat, non-fixed IP address.

The configuration is as follows: center point

User Access Verification

Password:
Type help or '?' for a list of available commands.
pixfirewall> ena
Password: *********
pixfirewall# sh run
: Saved
:
PIX Version 6.2(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password HM/y0e4AWPiGT691 encrypted
passwd Wgu.mxsstcG42LLg encrypted
hostname pixfirewall
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sqlnet 1521
fixup protocol sip 5060
no fixup protocol skinny 2000
no fixup protocol smtp 25
names
access-list 130 permit ip 10.15.0.0 255.255.255.0 10.15.1.0 255.255.255.0
pager lines 24
logging buffered warnings
interface ethernet0 auto
interface ethernet1 auto
mtu outside 1500
mtu inside 1500
ip address outside 61.131. 54.22 255.255.255.248
ip address inside 10.15.0.1 255.255.255.252
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
global (outside) 1 interface netmask 255.255.255.248
nat (inside) 0 access-list 130
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
conduit permit icmp any any

route outside 0.0.0.0 0.0.0.0 61.131.54.21 1

timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00

rpc 0:10:00 h323 0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
no sysopt route dnat
crypto ipsec transform-set xp esp-des esp-md5-hmac
crypto dynamic-map dymap 10 set transform-set xp
crypto map mymap 10 ipsec-isakmp dynamic dymap
crypto map mymap interface outside
isakmp enable outside
isakmp key ******** address 0.0.0.0 netmask 0.0.0.0
isakmp policy 9 authentication pre-share
isakmp policy 9 encryption des
isakmp policy 9 hash sha
isakmp policy 9 group 2
isakmp policy 9 lifetime 86400
telnet 10.15.0.0 255.255.255.0 inside
telnet timeout 15
ssh timeout 5
terminal width 80
Cryptochecksum:fa3fa252ac3694a8546869120e7eb1a9
: end
pixfirewall#

Branch:
Building configuration...

Current configuration : 2073 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
boot system tftp c2600-ik8o3s-mz.122-11.T.bin 10.15.1.131
logging buffered 4096 debugging
no logging console
!
ip subnet-zero
!
!
!
ip audit notify log
ip audit po max-events 100
vpdn enable
!
vpdn-group pppoe
request-dialin
protocol pppoe
!
!
crypto isakmp policy 1
authentication pre-share
group 2
lifetime 28800
crypto isakmp key 123456 address 61.131. 54.22 
!
!
crypto ipsec transform-set xp esp-des esp-md5-hmac
!
crypto map 515e 100 ipsec-isakmp
set peer 61.131. 54.22 
set security-association lifetime seconds 28800
set transform-set xp
match address 131
!
!
!
voice call carrier capacity active
!
!
!
!
!
!
!
!
!
mta receive maximum-recipients 0
!
!
!
!
interface Ethernet0/0
ip address 10.15.1.251 255.255.255.0
ip nat inside
no ip route-cache
no ip mroute-cache
full-duplex
!
interface Serial0/0
no ip address
shutdown
!
interface Ethernet0/1
no ip address
no ip route-cache
no ip mroute-cache
full-duplex
pppoe enable
pppoe-client dial-pool-number 1
crypto map 515e
!
interface Serial0/1
no ip address
shutdown
!
interface Serial0/2
no ip address
shutdown
!
interface Serial0/3
no ip address
shutdown
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
no ip route-cache
no ip mroute-cache
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username 123456 password 0 123456
crypto map 515e
!
ip nat inside source list 132 interface Dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
ip pim bidir-enable
!
!
access-list 1 permit 10.15.1.0 0.0.0.255
access-list 131 permit ip 10.15.1.0 0.0.0.255 10.15.0.0 0.0.0.255
access-list 132 deny ip 10.15.1.0 0.0.0.255 10.15.0.0 0.0.0.255
access-list 132 permit ip 10.15.1.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
call rsvp-sync
!
!
mgcp profile default
!
dial-peer cor custom
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end

Router#

In this experiment, I am not very clear about ADSL. I use ZTE 831ADSL cat, which supports routing and NAT. I have already configured it when the local Netcom gets it. I cannot connect it to the vro, check the information to know that you must use the bridge mode. Find a pin and stick it to the RESET port of the cat. The whole world is clean. Everything is OK!

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More