{"id":74,"date":"2010-12-10T10:33:50","date_gmt":"2010-12-10T02:33:50","guid":{"rendered":"http:\/\/www.microwolf.net\/?p=74"},"modified":"2010-12-10T10:33:50","modified_gmt":"2010-12-10T02:33:50","slug":"pix-vpn%e9%85%8d%e7%bd%ae%e5%ae%9e%e4%be%8b-pix%e4%bd%9cserver-pc%e4%bd%9c%e5%ae%a2%e6%88%b7%e7%ab%af","status":"publish","type":"post","link":"http:\/\/www.microwolf.net\/?p=74","title":{"rendered":"PIX VPN\u914d\u7f6e\u5b9e\u4f8b &#8211; PIX\u4f5cServer PC\u4f5c\u5ba2\u6237\u7aef"},"content":{"rendered":"<table border=\"0\" width=\"100%\">\n<tr>\n<td width=\"100%\"><font SIZE=\"2\">!\u5b9a\u4e49\u4e0d\u8fdb\u884cNAT\u7684\u4f20\u8f93\uff0c<\/p>\n<p>access-list 102 permit ip 192.168.1.0 255.255.255.0 192.168.10.0<br \/>\n      255.255.255.0<\/p>\n<p>access-list 102 permit ip 172.16.1.0 255.255.255.0 192.168.10.0<br \/>\n      255.255.255.0<\/p>\n<p>pager lines 24<\/p>\n<p>mtu outside 1500<\/p>\n<p>mtu inside 1500<\/p>\n<p>mtu dmz 1500<\/p>\n<p>!\u5b9a\u4e49IP<\/p>\n<p>ip address outside x.x.x.x 255.255.255.248<\/p>\n<p>ip address inside 192.168.1.1 255.255.255.0<\/p>\n<p>ip address dmz 172.16.1.1 255.255.255.0<\/p>\n<p>!\u5b9a\u4e49\u5206\u914d\u7ed9VPN client\u7684IP\u5730\u5740\u6c60 vpnpool1 \u4e0eWINDOWS client\u7684IP\u5730\u5740\u6c60<br \/>\n      winpool<\/p>\n<p>ip local pool vpnpool1 192.168.10.10-192.168.10.100<\/p>\n<p>ip local pool winpool 192.168.10.101-192.168.10.200<\/p>\n<p>pdm history enable<\/p>\n<p>arp timeout 14400<\/p>\n<p>!\u5b9a\u4e49\u4e0d\u9700\u8981\u8fdb\u884cNAT\u7684\u4f20\u8f93<\/p>\n<p>nat (inside) 0 access-list 102<\/p>\n<p>!\u5b9a\u653e\u7528\u4e8e\u4e0a\u7f51\u7684IP\u6c60<\/p>\n<p>global (outside) 1 x.x.x.x netmask 255.255.255.248<\/p>\n<p>!\u5bf9\u6240\u6709\u5185\u7f51\u505aNAT<\/p>\n<p>nat (inside) 1 0.0.0.0 0.0.0.0 0 0<\/p>\n<p>nat (dmz) 1 0.0.0.0 0.0.0.0 0 0<\/p>\n<p>conduit permit icmp any any<\/p>\n<p>conduit permit tcp any any<\/p>\n<p>route outside 0.0.0.0 0.0.0.0 x.x.x.x 1<\/p>\n<p>!\u670d\u52a1\u5668\u4f7f\u7528\u7684\u534f\u8bae<\/p>\n<p>aaa-server TACACS+ protocol tacacs+<\/p>\n<p>aaa-server RADIUS protocol radius<\/p>\n<p>aaa-server LOCAL protocol local<\/p>\n<p>!<\/p>\n<p>floodguard enable<\/p>\n<p>!\u5bf9\u4e8e\u6240\u6709IPSec\u6d41\u91cf\u4e0d\u68c0\u6d4b\u5141\u8bb8\u5176\u901a\u8fc7\uff0c\u5982\u679c\u4e0d\u52a0\u8fd9\u4e2a\u547d\u4ee4\u7684\u8bdd\uff0c\u9700\u8981\u52a0\u4e0aACL\u5230outside\u53e3\u4ee5\u5141\u8bb8\u7279\u5b9a\u7684IPSce\u6d41\u91cf\u901a\u8fc7\uff0c\u4f46\u4f1a\u63a7\u5236\u66f4\u52a0\u7075\u6d3b\u3002<\/p>\n<p>sysopt connection permit-ipsec<\/p>\n<p>sysopt connection permit-pptp<\/p>\n<p>!\u5b9a\u4e49\u4e00\u4e2a\u53d8\u6362\u96c6trmset1<\/p>\n<p>crypto ipsec transform-set trmset1 esp-des esp-md5-hmac<\/p>\n<p>!\u628a\u53d8\u6362\u96c6trmset1\u6dfb\u52a0\u5230\u52a8\u6001\u52a0\u5bc6\u7b56\u7565map2<\/p>\n<p>crypto dynamic-map map2 10 set transform-set trmset1<\/p>\n<p>!\u628a\u52a8\u6001\u52a0\u5bc6\u7b56\u7565\u7ed1\u5b9a\u5230map\u52a0\u5bc6\u56fe<\/p>\n<p>crypto map map1 10 ipsec-isakmp dynamic map2<\/p>\n<p>!\u5b9a\u4e49\u4e0d\u9700\u8981\u9a8c\u8bc1\u670d\u52a1\u5668 \uff0c\u4f7f\u7528\u7684\u662fPIX\u81ea\u5df1\u7684\u7528\u6237\u9a8c\u8bc1\u3002<\/p>\n<p>crypto map map1 client authentication local<\/p>\n<p>!\u5b9a\u4e49\u7ed9\u6bcf\u4e2a\u5ba2\u6237\u7aef\u5206\u914dIP\u5730\u5740<\/p>\n<p>crypto map map1 client configuration address initiate<\/p>\n<p>!\u5b9a\u4e49PIX\u9632\u706b\u5899\u63a5\u53d7\u6765\u81ea\u4efb\u4f55IP\u7684\u8bf7\u6c42<\/p>\n<p>crypto map map1 client configuration address respond<\/p>\n<p>!\u628a\u52a8\u6001\u52a0\u5bc6\u56fevpnpeer\u7ed1\u5b9a\u5230outside\u53e3<\/p>\n<p>crypto map map1 interface outside<\/p>\n<p>!isakmp\u7ed1\u5b9a\u5230outside\u53e3<\/p>\n<p>isakmp enable outside<\/p>\n<p>!\u7528\u5730\u5740\u6807\u8bc6isakmp\uff0c\u5982\u679c\u542f\u7528RSA\u7684\u8bdd\uff0c\u6539\u4e3ahostname<\/p>\n<p>isakmp identity address<\/p>\n<p>isakmp policy 20 authentication pre-share<\/p>\n<p>isakmp policy 20 encryption des<\/p>\n<p>isakmp policy 20 hash md5<\/p>\n<p>isakmp policy 20 group 2<\/p>\n<p>isakmp policy 20 lifetime 86400<\/p>\n<p>!VPN Client &#8220;cisco&#8221; use v3.0\/4.0<\/p>\n<p>vpngroup test address-pool vpnpool1<\/p>\n<p>vpngroup test idle-time 1800<\/p>\n<p>!VPN client\u4e2d name\u548cpassword\u5373\u6b64test\u540d\u548c\u5bc6\u7801<\/p>\n<p>vpngroup test password ******<\/p>\n<p>!\u53ef\u4ee5telnet\u7684IP<\/p>\n<p>telnet 192.168.1.0 255.255.255.0 inside<\/p>\n<p>telnet timeout 5<\/p>\n<p>ssh timeout 5<\/p>\n<p>console timeout 0<\/p>\n<p>!Windows client use pptp\uff0c\u53ef\u901a\u8fc7\u5b9a\u4e49\u4e0d\u540c\u7684VPDN\u7ec4\uff0c\u7528\u4e0d\u540c\u7684\u7528\u6237\u548c\u5bc6\u7801\u5206\u914d\u5730\u5740<\/p>\n<p>vpdn group 1 accept dialin pptp<\/p>\n<p>vpdn group 1 ppp authentication pap<\/p>\n<p>vpdn group 1 ppp authentication chap<\/p>\n<p>vpdn group 1 ppp authentication mschap<\/p>\n<p>vpdn group 1 ppp encryption mppe 40<\/p>\n<p>vpdn group 1 client configuration address local winpool<\/p>\n<p>vpdn group 1 pptp echo 60<\/p>\n<p>vpdn group 1 client authentication local<\/p>\n<p>!windows vpn<br \/>\n      \u767b\u9646\u7528\u6237\u540d\u548c\u5bc6\u7801\uff0c\u5ba2\u6237\u7aef\u91c7\u7528\u9ed8\u8ba4\u914d\u7f6e\u5373\u53ef\uff0c\u4e5f\u53ef\u91c7\u7528\u5b89\u5168\u4e2d\u7684\u9ad8\u7ea7\u9ed8\u8ba4\u914d\u7f6e<\/p>\n<p>vpdn username test password ******<\/p>\n<p>vpdn enable outside<\/p>\n<p>: end<\/p>\n<p>      <\/font><\/p>\n<p>\u3000<\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>!\u5b9a\u4e49\u4e0d\u8fdb\u884cNAT\u7684\u4f20\u8f93\uff0c access-list 102 permit ip 192.168.1.0 255 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"_links":{"self":[{"href":"http:\/\/www.microwolf.net\/index.php?rest_route=\/wp\/v2\/posts\/74"}],"collection":[{"href":"http:\/\/www.microwolf.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.microwolf.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.microwolf.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.microwolf.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=74"}],"version-history":[{"count":1,"href":"http:\/\/www.microwolf.net\/index.php?rest_route=\/wp\/v2\/posts\/74\/revisions"}],"predecessor-version":[{"id":75,"href":"http:\/\/www.microwolf.net\/index.php?rest_route=\/wp\/v2\/posts\/74\/revisions\/75"}],"wp:attachment":[{"href":"http:\/\/www.microwolf.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=74"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.microwolf.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=74"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.microwolf.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=74"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}