Advertisement

07.05.2008 at 09:50PM PDT, ID: 23541292
[x]
Attachment Details

PIX to Netgear ProSafe FVS318v3

Asked by Tacobell2000 in Cisco PIX Firewall, Networking Hardware Firewalls, Enterprise Firewalls

Tags: Cisco, Pix, 501, VPN to Netgear ProSafe FVS318v3

Hello,

I've configured a Netgear Firewall to a Cisco Pix. I have not yet deployed the Pix in production. Just want to make sure that my configs on the PIX are sound and that the VPN tunnel will work the PIX.
Here are the configs:

Will this work?

Tacobell2000Start Free Trial 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:

PIX Version 6.3(5)
interface ethernet0 auto shutdown
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password ktcbiTLLLpXOr9mx encrypted
passwd ktcbiTLLLpXOr9mx encrypted
hostname PixBurnaby
domain-name (some domain)
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list inside_outbound_nat_acl permit ip 192.168.10.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list outside_cryptomap_10 permit ip 192.168.10.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list outbound permit tcp 192.168.10.0 255.255.255.0 any eq www
access-list outbound permit tcp 192.168.10.0 255.255.255.0 any eq ftp-data
access-list outbound permit tcp 192.168.10.0 255.255.255.0 any eq ftp
access-list outbound permit tcp 192.168.10.0 255.255.255.0 any eq domain
access-list outbound permit udp 192.168.10.0 255.255.255.0 any eq domain
access-list outside_access_in permit tcp any interface outside eq 5900
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside "PUBLIC IP ADDRESS BURNABY" 255.255.255.0
ip address inside 192.168.10.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location 192.168.10.0 255.255.255.0 inside
pdm history enable
arp timeout 14400
global (outside) 1 interface
global (outside) 9 0.0.0.1
nat (inside) 1 192.168.10.0 255.255.255.0 0 0
static (inside,outside) tcp interface 5900 192.168.10.2 5900 netmask 255.255.255.255 0 0
access-group outside_access_in in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.10.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set BurnabyEhspTransform esp-des esp-md5-hmac
crypto map outside_map 10 ipsec-isakmp
crypto map outside_map 10 match address outside_cryptomap_10
crypto map outside_map 10 set peer "Public IP NETGEAR DEVICE"
crypto map outside_map 10 set transform-set TransformName
crypto map outside_map interface outside
isakmp enable outside
isakmp key ******** address "Public IP NETGEAR DEVICE" netmask 255.255.255.255 no-xauth no-config-mode
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 1
isakmp policy 10 lifetime 86400
ssh 192.168.10.0 255.255.255.0 inside
ssh timeout 30
console timeout 10
terminal width 80
banner exec Unauthorized access will be prosecuted
Cryptochecksum:2e2f82eac8c762882e0069348c7e915e
: end
[+][-]07.06.2008 at 04:13AM PDT, ID: 21939914

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Cisco PIX Firewall, Networking Hardware Firewalls, Enterprise Firewalls
Tags: Cisco, Pix, 501, VPN to Netgear ProSafe FVS318v3
Sign Up Now!
Solution Provided By: cstosgale
Participating Experts: 1
Solution Grade: C
 
 
[+][-]07.06.2008 at 08:01AM PDT, ID: 21940522

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628