Solved

How to set up pix for lan to lan

Posted on 2008-10-26
8
735 Views
Last Modified: 2012-08-14
I have a cisco vpn 3005 in my office and i am trying to set up a cisco pix at a remote location to connect for a site to site vpn tunnel.

can any one tell me how i need to set this up.

my vpn 3005 unit is all set up for cisco vpn laptop users.

here is my running config on pix pix and my 3005

thanks

pix running config
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password tkQdcz74A.YRwxPO encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname pix01
domain-name happycabcompany.local
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list inside_outbound_nat0_acl permit ip interface inside interface outside
access-list outside_cryptomap_20 permit ip interface inside interface outside
access-list outside_cryptomap_40 permit ip interface inside interface outside
access-list outside_cryptomap_60 permit ip interface inside interface outside
access-list outside_cryptomap_80 permit ip interface inside interface outside
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 66.37.242.26 255.255.255.240
ip address inside 10.0.1.23 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location 10.0.1.81 255.255.255.255 inside
pdm history enable
arp timeout 14400
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 0 0.0.0.0 0.0.0.0 0 0
route outside 0.0.0.0 0.0.0.0 66.37.242.17 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 10.0.1.81 255.255.255.255 inside
http 10.0.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto map outside_map 20 ipsec-isakmp
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set peer 66.37.242.27
crypto map outside_map 20 set transform-set ESP-3DES-MD5
crypto map outside_map 40 ipsec-isakmp
crypto map outside_map 40 match address outside_cryptomap_40
crypto map outside_map 40 set peer 66.37.242.26
crypto map outside_map 40 set transform-set ESP-3DES-MD5
crypto map outside_map 60 ipsec-isakmp
crypto map outside_map 60 match address outside_cryptomap_60
crypto map outside_map 60 set peer 66.37.242.27
crypto map outside_map 60 set transform-set ESP-3DES-MD5
crypto map outside_map 80 ipsec-isakmp
crypto map outside_map 80 match address outside_cryptomap_80
crypto map outside_map 80 set peer 66.37.242.27
crypto map outside_map 80 set transform-set ESP-3DES-MD5
crypto map outside_map interface outside
isakmp enable outside
isakmp key ******** address 66.37.242.26 netmask 255.255.255.255 no-xauth no-config-mode
isakmp key ******** address 66.37.242.27 netmask 255.255.255.255 no-xauth no-config-mode
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:80e0c93c3172aeaaadaad1f1a4c5f12a
: end


here is the pix 506 config
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password tkQdcz74A.YRwxPO encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname pix01
domain-name happycabcompany.local
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list inside_outbound_nat0_acl permit ip interface inside interface outside
access-list outside_cryptomap_20 permit ip interface inside interface outside
access-list outside_cryptomap_40 permit ip interface inside interface outside
access-list outside_cryptomap_60 permit ip interface inside interface outside
access-list outside_cryptomap_80 permit ip interface inside interface outside
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 66.37.242.26 255.255.255.240
ip address inside 10.0.1.23 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location 10.0.1.81 255.255.255.255 inside
pdm history enable
arp timeout 14400
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 0 0.0.0.0 0.0.0.0 0 0
route outside 0.0.0.0 0.0.0.0 66.37.242.17 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 10.0.1.81 255.255.255.255 inside
http 10.0.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto map outside_map 20 ipsec-isakmp
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set peer 66.37.242.27
crypto map outside_map 20 set transform-set ESP-3DES-MD5
crypto map outside_map 40 ipsec-isakmp
crypto map outside_map 40 match address outside_cryptomap_40
crypto map outside_map 40 set peer 66.37.242.26
crypto map outside_map 40 set transform-set ESP-3DES-MD5
crypto map outside_map 60 ipsec-isakmp
crypto map outside_map 60 match address outside_cryptomap_60
crypto map outside_map 60 set peer 66.37.242.27
crypto map outside_map 60 set transform-set ESP-3DES-MD5
crypto map outside_map 80 ipsec-isakmp
crypto map outside_map 80 match address outside_cryptomap_80
crypto map outside_map 80 set peer 66.37.242.27
crypto map outside_map 80 set transform-set ESP-3DES-MD5
crypto map outside_map interface outside
isakmp enable outside
isakmp key ******** address 66.37.242.26 netmask 255.255.255.255 no-xauth no-config-mode
isakmp key ******** address 66.37.242.27 netmask 255.255.255.255 no-xauth no-config-mode
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:80e0c93c3172aeaaadaad1f1a4c5f12a
: end




here is my vpn 3005 config

##########################################################
#                                                        #
# When saving this file from a browser, you must save it #
# as a text (.txt) file. Most browsers default to saving #
# as an HTML (.htm/.html) file.                          #
#                                                        #
##########################################################
[Version 1.22]
[system]
name=VPN
location=Server Room At Happy Cab
contact=Jon Forbes
[access]
timeout=600
hoursaction=1
maxsession=10
encrypt=1
zone=360
dst=1
refenable=2
refresh=30
locktimeout=180
[http]
port=80
enable=1
maxconn=4
sslport=443
sslenable=2
httpproxy=0.0.0.0
httpsproxy=0.0.0.0
webvpntimeout=30
httpscertrequired=2
httpproxyport=80
httpsproxyport=443
acceptencoding=identity;q=1.0, *;q=0
[snmp]
port=161
enable=1
maxconn=4
[snmp_community 1]
name=0x3C.0xB1.0xC6.0xDE.0x2F.0x4D.0xEF
readonly=1
[filter 1]
enable=1
name=Private (Default)
enablesr=2
enablefrag=1
defaultaction=1
description=Default filter for the Private Interface.
[filter 2]
enable=1
name=Public (Default)
enablesr=2
enablefrag=1
defaultaction=1
description=Default filter for the Public Interface.
[filter 3]
enable=1
name=External (Default)
enablesr=2
enablefrag=1
defaultaction=1
description=Default filter for the External Interface.
[filter 4]
enable=1
name=Firewall Filter for VPN Client (Default)
enablesr=2
enablefrag=1
defaultaction=1
description=This blocks all incoming traffic/allows all outgoing traffic.
[securityassociation 1]
rowstatus=1
name=ESP-DES-MD5
inheritance=1
authprotocol=2
authalgorithm=2
authkeysize=128
encrprotocol=2
encralgorithm=3
encrkeysize=56
compression=2
lifetimemode=1
lifetimekbytes=10000
lifetimeseconds=28800
gatewayaddress=0.0.0.0
ikephase1mode=2
ikeauthmode=1
ikeauthalgorithm=2
ikeencralgorithm=2
ikelifetimemode=1
ikelifetimekbytes=10000
ikelifetimeseconds=86400
ikecerthandle=0
ikecertpathenab=2
ikedhgroup=3
ipsecencapmode=2
pfsdhgroup=1
replayprotection=2
ikeproposal=2
ikenattenable=2
l2ltype=1
l2lpeerlist=
[securityassociation 2]
rowstatus=1
name=ESP-3DES-MD5
inheritance=1
authprotocol=2
authalgorithm=2
authkeysize=128
encrprotocol=2
encralgorithm=4
encrkeysize=168
compression=2
lifetimemode=1
lifetimekbytes=10000
lifetimeseconds=28800
gatewayaddress=0.0.0.0
ikephase1mode=2
ikeauthmode=1
ikeauthalgorithm=2
ikeencralgorithm=2
ikelifetimemode=1
ikelifetimekbytes=10000
ikelifetimeseconds=86400
ikecerthandle=0
ikecertpathenab=2
ikedhgroup=3
ipsecencapmode=2
pfsdhgroup=1
replayprotection=2
ikeproposal=1
ikenattenable=2
l2ltype=1
l2lpeerlist=
[securityassociation 3]
rowstatus=1
name=ESP/IKE-3DES-MD5
inheritance=1
authprotocol=2
authalgorithm=2
authkeysize=128
encrprotocol=2
encralgorithm=4
encrkeysize=168
compression=2
lifetimemode=1
lifetimekbytes=10000
lifetimeseconds=28800
gatewayaddress=0.0.0.0
ikephase1mode=2
ikeauthmode=1
ikeauthalgorithm=2
ikeencralgorithm=2
ikelifetimemode=1
ikelifetimekbytes=10000
ikelifetimeseconds=86400
ikecerthandle=0
ikecertpathenab=2
ikedhgroup=3
ipsecencapmode=2
pfsdhgroup=1
replayprotection=2
ikeproposal=1
ikenattenable=2
l2ltype=1
l2lpeerlist=
[securityassociation 4]
rowstatus=1
name=ESP-3DES-NONE
inheritance=1
authprotocol=2
authalgorithm=1
authkeysize=128
encrprotocol=2
encralgorithm=4
encrkeysize=168
compression=2
lifetimemode=1
lifetimekbytes=10000
lifetimeseconds=28800
gatewayaddress=0.0.0.0
ikephase1mode=2
ikeauthmode=1
ikeauthalgorithm=2
ikeencralgorithm=2
ikelifetimemode=1
ikelifetimekbytes=10000
ikelifetimeseconds=86400
ikecerthandle=0
ikecertpathenab=2
ikedhgroup=3
ipsecencapmode=2
pfsdhgroup=1
replayprotection=2
ikeproposal=1
ikenattenable=2
l2ltype=1
l2lpeerlist=
[securityassociation 5]
rowstatus=1
name=ESP-L2TP-TRANSPORT
inheritance=1
authprotocol=2
authalgorithm=2
authkeysize=128
encrprotocol=2
encralgorithm=3
encrkeysize=56
compression=2
lifetimemode=1
lifetimekbytes=10000
lifetimeseconds=3600
gatewayaddress=0.0.0.0
ikephase1mode=2
ikeauthmode=1
ikeauthalgorithm=2
ikeencralgorithm=2
ikelifetimemode=1
ikelifetimekbytes=10000
ikelifetimeseconds=86400
ikecerthandle=0
ikecertpathenab=2
ikedhgroup=3
ipsecencapmode=3
pfsdhgroup=1
replayprotection=2
ikeproposal=1
ikenattenable=2
l2ltype=1
l2lpeerlist=
[securityassociation 6]
rowstatus=1
name=ESP-3DES-MD5-DH7
inheritance=1
authprotocol=2
authalgorithm=2
authkeysize=128
encrprotocol=2
encralgorithm=4
encrkeysize=168
compression=2
lifetimemode=1
lifetimekbytes=10000
lifetimeseconds=28800
gatewayaddress=0.0.0.0
ikephase1mode=1
ikeauthmode=1
ikeauthalgorithm=2
ikeencralgorithm=2
ikelifetimemode=1
ikelifetimekbytes=10000
ikelifetimeseconds=86400
ikecerthandle=0
ikecertpathenab=2
ikedhgroup=3
ipsecencapmode=2
pfsdhgroup=1
replayprotection=2
ikeproposal=7
ikenattenable=2
l2ltype=1
l2lpeerlist=
[securityassociation 7]
rowstatus=1
name=ESP-3DES-MD5-DH5
inheritance=1
authprotocol=2
authalgorithm=2
authkeysize=128
encrprotocol=2
encralgorithm=4
encrkeysize=168
compression=2
lifetimemode=1
lifetimekbytes=10000
lifetimeseconds=28800
gatewayaddress=0.0.0.0
ikephase1mode=1
ikeauthmode=1
ikeauthalgorithm=2
ikeencralgorithm=2
ikelifetimemode=1
ikelifetimekbytes=10000
ikelifetimeseconds=86400
ikecerthandle=0
ikecertpathenab=2
ikedhgroup=3
ipsecencapmode=2
pfsdhgroup=1
replayprotection=2
ikeproposal=12
ikenattenable=2
l2ltype=1
l2lpeerlist=
[securityassociation 8]
rowstatus=1
name=ESP-AES128-SHA
inheritance=1
authprotocol=2
authalgorithm=3
authkeysize=128
encrprotocol=2
encralgorithm=5
encrkeysize=128
compression=2
lifetimemode=1
lifetimekbytes=10000
lifetimeseconds=28800
gatewayaddress=0.0.0.0
ikephase1mode=2
ikeauthmode=1
ikeauthalgorithm=2
ikeencralgorithm=2
ikelifetimemode=1
ikelifetimekbytes=10000
ikelifetimeseconds=86400
ikecerthandle=0
ikecertpathenab=2
ikedhgroup=3
ipsecencapmode=2
pfsdhgroup=1
replayprotection=2
ikeproposal=16
ikenattenable=2
l2ltype=1
l2lpeerlist=
[securityassociation 9]
rowstatus=1
name=L2L: pix01
inheritance=1
authprotocol=2
authalgorithm=2
authkeysize=128
encrprotocol=2
encralgorithm=4
encrkeysize=168
compression=2
lifetimemode=1
lifetimekbytes=10000
lifetimeseconds=28800
gatewayaddress=66.37.242.26
ikephase1mode=2
ikeauthmode=1
ikeauthalgorithm=2
ikeencralgorithm=2
ikelifetimemode=1
ikelifetimekbytes=10000
ikelifetimeseconds=86400
ikecerthandle=0
ikecertpathenab=2
ikedhgroup=3
ipsecencapmode=2
pfsdhgroup=1
replayprotection=2
ikeproposal=1
ikenattenable=2
l2ltype=1
l2lpeerlist=
[filterrules 1]
name=GRE In
direction=1
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=0
sporthigh=65535
dportlow=0
dporthigh=65535
typelow=0
typehigh=255
protocol=47
action=2
established=2
slist=0
dlist=0
[filterrules 2]
name=GRE Out
direction=2
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=0
sporthigh=65535
dportlow=0
dporthigh=65535
typelow=0
typehigh=255
protocol=47
action=2
established=2
slist=0
dlist=0
[filterrules 3]
name=IPSEC-ESP In
direction=1
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=0
sporthigh=65535
dportlow=0
dporthigh=65535
typelow=0
typehigh=255
protocol=50
action=2
established=2
slist=0
dlist=0
[filterrules 4]
name=IKE In
direction=1
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=0
sporthigh=65535
dportlow=500
dporthigh=500
typelow=0
typehigh=255
protocol=17
action=2
established=2
slist=0
dlist=0
[filterrules 5]
name=IKE Out
direction=2
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=500
sporthigh=500
dportlow=0
dporthigh=65535
typelow=0
typehigh=255
protocol=17
action=2
established=2
slist=0
dlist=0
[filterrules 6]
name=PPTP In
direction=1
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=0
sporthigh=65535
dportlow=1723
dporthigh=1723
typelow=0
typehigh=255
protocol=6
action=2
established=2
slist=0
dlist=0
[filterrules 7]
name=PPTP Out
direction=2
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=1723
sporthigh=1723
dportlow=0
dporthigh=65535
typelow=0
typehigh=255
protocol=6
action=2
established=2
slist=0
dlist=0
[filterrules 8]
name=L2TP In
direction=1
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=0
sporthigh=65535
dportlow=1701
dporthigh=1701
typelow=0
typehigh=255
protocol=17
action=2
established=2
slist=0
dlist=0
[filterrules 9]
name=L2TP Out
direction=2
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=1701
sporthigh=1701
dportlow=0
dporthigh=65535
typelow=0
typehigh=255
protocol=17
action=2
established=2
slist=0
dlist=0
[filterrules 10]
name=ICMP In
direction=1
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=0
sporthigh=65535
dportlow=0
dporthigh=65535
typelow=0
typehigh=18
protocol=1
action=2
established=2
slist=0
dlist=0
[filterrules 11]
name=ICMP Out
direction=2
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=0
sporthigh=65535
dportlow=0
dporthigh=65535
typelow=0
typehigh=18
protocol=1
action=2
established=2
slist=0
dlist=0
[filterrules 12]
name=RIP In
direction=1
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=520
sporthigh=520
dportlow=520
dporthigh=520
typelow=0
typehigh=255
protocol=17
action=2
established=2
slist=0
dlist=0
[filterrules 13]
name=RIP Out
direction=2
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=520
sporthigh=520
dportlow=520
dporthigh=520
typelow=0
typehigh=255
protocol=17
action=2
established=2
slist=0
dlist=0
[filterrules 14]
name=OSPF In
direction=1
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=0
sporthigh=65535
dportlow=0
dporthigh=65535
typelow=0
typehigh=255
protocol=89
action=2
established=2
slist=0
dlist=0
[filterrules 15]
name=OSPF Out
direction=2
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=0
sporthigh=65535
dportlow=0
dporthigh=65535
typelow=0
typehigh=255
protocol=89
action=2
established=2
slist=0
dlist=0
[filterrules 16]
name=Incoming HTTP In
direction=1
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=0
sporthigh=65535
dportlow=80
dporthigh=80
typelow=0
typehigh=255
protocol=6
action=2
established=2
slist=0
dlist=0
[filterrules 17]
name=Incoming HTTP Out
direction=2
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=80
sporthigh=80
dportlow=0
dporthigh=65535
typelow=0
typehigh=255
protocol=6
action=2
established=2
slist=0
dlist=0
[filterrules 18]
name=VRRP In
direction=1
saddr=0.0.0.0
smask=255.255.255.255
daddr=224.0.0.18
dmask=0.0.0.0
sportlow=0
sporthigh=65535
dportlow=0
dporthigh=65535
typelow=0
typehigh=255
protocol=112
action=2
established=2
slist=0
dlist=0
[filterrules 19]
name=VRRP Out
direction=2
saddr=0.0.0.0
smask=255.255.255.255
daddr=224.0.0.18
dmask=0.0.0.0
sportlow=0
sporthigh=65535
dportlow=0
dporthigh=65535
typelow=0
typehigh=255
protocol=112
action=2
established=2
slist=0
dlist=0
[filterrules 20]
name=Any In
direction=1
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=0
sporthigh=65535
dportlow=0
dporthigh=65535
typelow=0
typehigh=255
protocol=255
action=2
established=2
slist=0
dlist=0
[filterrules 21]
name=Any Out
direction=2
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=0
sporthigh=65535
dportlow=0
dporthigh=65535
typelow=0
typehigh=255
protocol=255
action=2
established=2
slist=0
dlist=0
[filterrules 22]
name=Incoming HTTPS In
direction=1
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=0
sporthigh=65535
dportlow=443
dporthigh=443
typelow=0
typehigh=255
protocol=6
action=2
established=2
slist=0
dlist=0
[filterrules 23]
name=Incoming HTTPS Out
direction=2
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=443
sporthigh=443
dportlow=0
dporthigh=65535
typelow=0
typehigh=255
protocol=6
action=2
established=2
slist=0
dlist=0
[filterrules 24]
name=LDAP In
direction=1
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=0
sporthigh=65535
dportlow=389
dporthigh=389
typelow=0
typehigh=255
protocol=6
action=2
established=2
slist=0
dlist=0
[filterrules 25]
name=LDAP Out
direction=2
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=389
sporthigh=389
dportlow=0
dporthigh=65535
typelow=0
typehigh=255
protocol=6
action=2
established=2
slist=0
dlist=0
[filterrules 26]
name=Telnet/SSL In
direction=1
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=0
sporthigh=65535
dportlow=992
dporthigh=992
typelow=0
typehigh=255
protocol=6
action=2
established=2
slist=0
dlist=0
[filterrules 27]
name=Telnet/SSL Out
direction=2
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=992
sporthigh=992
dportlow=0
dporthigh=65535
typelow=0
typehigh=255
protocol=6
action=2
established=2
slist=0
dlist=0
[filterrules 28]
name=Outgoing HTTP In
direction=1
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=80
sporthigh=80
dportlow=0
dporthigh=65535
typelow=0
typehigh=255
protocol=6
action=2
established=2
slist=0
dlist=0
[filterrules 29]
name=Outgoing HTTP Out
direction=2
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=0
sporthigh=65535
dportlow=80
dporthigh=80
typelow=0
typehigh=255
protocol=6
action=2
established=2
slist=0
dlist=0
[filterrules 30]
name=Outgoing HTTPS In
direction=1
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=443
sporthigh=443
dportlow=0
dporthigh=65535
typelow=0
typehigh=255
protocol=6
action=2
established=2
slist=0
dlist=0
[filterrules 31]
name=Outgoing HTTPS Out
direction=2
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=0
sporthigh=65535
dportlow=443
dporthigh=443
typelow=0
typehigh=255
protocol=6
action=2
established=2
slist=0
dlist=0
[filterrules 32]
name=CRL over LDAP In
direction=1
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=389
sporthigh=389
dportlow=0
dporthigh=65535
typelow=0
typehigh=255
protocol=6
action=2
established=2
slist=0
dlist=0
[filterrules 33]
name=CRL over LDAP Out
direction=2
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=0
sporthigh=65535
dportlow=389
dporthigh=389
typelow=0
typehigh=255
protocol=6
action=2
established=2
slist=0
dlist=0
[filterrules 34]
name=SSH In
direction=1
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=0
sporthigh=65535
dportlow=22
dporthigh=22
typelow=0
typehigh=255
protocol=6
action=2
established=2
slist=0
dlist=0
[filterrules 35]
name=SSH Out
direction=2
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=22
sporthigh=22
dportlow=0
dporthigh=65535
typelow=0
typehigh=255
protocol=6
action=2
established=2
slist=0
dlist=0
[filterrules 36]
name=VCA In
direction=1
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=0
sporthigh=65535
dportlow=9023
dporthigh=9023
typelow=0
typehigh=255
protocol=17
action=2
established=2
slist=0
dlist=0
[filterrules 37]
name=VCA Out
direction=2
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=9023
sporthigh=9023
dportlow=0
dporthigh=65535
typelow=0
typehigh=255
protocol=17
action=2
established=2
slist=0
dlist=0
[filterrules 38]
name=NAT-T In
direction=1
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=0
sporthigh=65535
dportlow=4500
dporthigh=4500
typelow=0
typehigh=255
protocol=17
action=2
established=2
slist=0
dlist=0
[filterrules 39]
name=NAT-T Out
direction=2
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=4500
sporthigh=4500
dportlow=0
dporthigh=65535
typelow=0
typehigh=255
protocol=17
action=2
established=2
slist=0
dlist=0
[filterrules 40]
name=DHCP In
direction=1
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=67
sporthigh=68
dportlow=0
dporthigh=65535
typelow=0
typehigh=255
protocol=17
action=2
established=2
slist=0
dlist=0
[filterrules 41]
name=DHCP Out
direction=2
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=67
sporthigh=68
dportlow=0
dporthigh=65535
typelow=0
typehigh=255
protocol=17
action=2
established=2
slist=0
dlist=0
[filterrules 42]
name=L2L: pix01 In
direction=1
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=0
sporthigh=65535
dportlow=0
dporthigh=65535
typelow=0
typehigh=255
protocol=255
action=8
established=2
slist=1
dlist=1
[filterrules 43]
name=L2L: pix01 Out
direction=2
saddr=0.0.0.0
smask=255.255.255.255
daddr=0.0.0.0
dmask=255.255.255.255
sportlow=0
sporthigh=65535
dportlow=0
dporthigh=65535
typelow=0
typehigh=255
protocol=255
action=8
established=2
slist=1
dlist=1
[filterlink 1.1]
ipsecsaid=0
rulenumber=20
[filterlink 1.2]
ipsecsaid=0
rulenumber=21
[filterlink 2.1]
ipsecsaid=9
rulenumber=42
[filterlink 2.2]
ipsecsaid=9
rulenumber=43
[filterlink 2.3]
ipsecsaid=0
rulenumber=1
[filterlink 2.4]
ipsecsaid=0
rulenumber=3
[filterlink 2.5]
ipsecsaid=0
rulenumber=4
[filterlink 2.6]
ipsecsaid=0
rulenumber=6
[filterlink 2.7]
ipsecsaid=0
rulenumber=8
[filterlink 2.8]
ipsecsaid=0
rulenumber=10
[filterlink 2.9]
ipsecsaid=0
rulenumber=18
[filterlink 2.10]
ipsecsaid=0
rulenumber=38
[filterlink 2.11]
ipsecsaid=0
rulenumber=2
[filterlink 2.12]
ipsecsaid=0
rulenumber=5
[filterlink 2.13]
ipsecsaid=0
rulenumber=7
[filterlink 2.14]
ipsecsaid=0
rulenumber=9
[filterlink 2.15]
ipsecsaid=0
rulenumber=11
[filterlink 2.16]
ipsecsaid=0
rulenumber=19
[filterlink 2.17]
ipsecsaid=0
rulenumber=39
[filterlink 4.1]
ipsecsaid=0
rulenumber=21
[ip 1]
enable=1
address=10.0.1.7
mask=255.255.255.0
filternumber=0
ripin=4
ripout=1
speed=3
duplex=1
lsignore=2
ispublic=2
mtu=1500
pre_frag=1
https_admin=1
https_proxy=1
pop3s_proxy=2
imap4s_proxy=2
smtps_proxy=2
http_redirect=2
ospf_auth_keyid=1
interface_name=private
[ip 2]
enable=1
address=66.37.242.27
mask=255.255.255.240
filternumber=2
ripin=1
ripout=1
speed=3
duplex=1
lsignore=2
ispublic=1
mtu=1500
pre_frag=1
https_admin=1
https_proxy=2
pop3s_proxy=2
imap4s_proxy=2
smtps_proxy=2
http_redirect=2
ospf_auth_keyid=1
interface_name=
[event]
logsev=5
consolesev=3
syslogsev=0
emailsev=0
trapsev=0
logformat=3
ftpenable=2
ftphost=
ftpuser=
ftppass=0xD8
savelog=2
ftpdir=
emailfrom=
syslogformat=1
sysloglistid=0
emaillistid=0
traplistid=0
consolelistid=0
loglistid=0
[eventclass 1]
enable=1
logsev=5
consolesev=3
syslogsev=0
emailsev=0
trapsev=3
sysloguselist=0
emailuselist=0
trapuselist=0
consoleuselist=0
loguselist=0
[authgbl]
grplookenable=2
delimit=1
grpstripflag=1
[auth 1]
priority=3
name=10.0.1.4
password=0xCD.0xA6.0x65.0x92.0x1A.0x57.0x44
type=1
port=1645
retries=2
timeout=4
groupid=0
login=
base=
pdc=
protocol=4
realm=
strip_domain=1
usage=1
[auth 2]
priority=2
name=Internal
password=0x82
type=5
port=0
retries=1
timeout=30
groupid=0
login=
base=
pdc=
protocol=4
realm=
strip_domain=1
usage=1
[user 0.1]
value=0x1D.0x50.0xDD.0x69.0xB6.0xEF.0x55.0xBD.0xA8.0xAF.0xF6.0xFA.0x53.0x28.0x82.0x17
[user 0.2]
value=0x4B
[user 0.11]
value=0x4B
[user 0.27]
value=0x7B.0x00
[user 0.28]
value=0x78.0x30.0x93
[user 0.4097]
value=0x4B
[user 0.4098]
value=0x7A.0x00
[user 0.4099]
value=0x73.0x00
[user 0.4100]
value=0x7A.0x00
[user 0.4101]
value=0x7A.0x30.0xBD.0x1A.0xC7.0x9C.0x1A.0xFA.0xCD
[user 0.4103]
value=0x7A.0x30.0xBD.0x1A.0xC7.0x9C.0x1A.0xFA.0xCD
[user 0.4105]
value=0x7A.0x35.0x93
[user 0.4106]
value=0x7A.0x00
[user 0.4107]
value=0x79.0x30.0x93
[user 0.4108]
value=0x0E.0x53.0xC3.0x07.0xDA.0xE9.0x71.0x9D.0xE0.0xBD.0xF5.0xBD.0x3C
[user 0.4109]
value=0x7E.0x00
[user 0.4111]
value=0x4B
[user 0.4112]
value=0x7B.0x00
[user 0.4123]
value=0x1D.0x50.0xDD.0x0A.0xAA.0xC1.0x5D.0xAB.0xA3.0x84.0x91.0xC4.0x53.0x3E.0x93.0x7B.0x0B.0xDA.0x63.0x7D.0xCA.0xCE.0x96.0xF2.0x6A.0x92.0x18.0x2F.0x4D.0xDC.0xB2
[user 0.4124]
value=0x23.0x61.0xE3.0x5A.0x90.0xCE.0x55.0xAC.0xAE.0x9F.0xDC.0xF8.0x5D.0x33.0x8B.0x39.0x47.0xF9.0x41.0x52.0x86.0xE6
[user 0.4125]
value=0x4B
[user 0.4126]
value=0x79.0x00
[user 0.4127]
value=0x7A.0x00
[user 0.4129]
value=0x7B.0x00
[user 0.4130]
value=0x7B.0x00
[user 0.4131]
value=0x7A.0x30.0xA3.0x1A.0xD9.0xAD
[user 0.4132]
value=0x4B
[user 0.4135]
value=0x7B.0x00
[user 0.4136]
value=0x79.0x00
[user 0.4137]
value=0x7A.0x00
[user 0.4138]
value=0x7B.0x00
[user 0.4140]
value=0x4B
[user 0.4141]
value=0x7B.0x00
[user 0.4142]
value=0x7B.0x00
[user 0.4143]
value=0x4B
[user 0.4144]
value=0x7B.0x00
[user 0.4145]
value=0x7B.0x00
[user 0.4146]
value=0x78.0x30.0x93
[user 0.4147]
value=0x7B.0x00
[user 0.4148]
value=0x7A.0x30.0xBD.0x1A.0xC7.0x9C.0x1A.0xF9.0xCD
[user 0.4149]
value=0x7A.0x36.0xA7.0x1F.0xE9
[user 0.4150]
value=0x7A.0x30.0xBD.0x1A.0xC7.0x9C.0x1A.0xF9.0xCD
[user 0.4151]
value=0x7A.0x00
[user 0.4152]
value=0x7A.0x00
[user 0.4153]
value=0x4B
[user 0.4154]
value=0x7B.0x00
[user 0.4155]
value=0x7A.0x00
[user 0.4156]
value=0x4B
[user 0.4158]
value=0x7B.0x00
[user 0.4159]
value=0x79.0x35.0xA6.0x04.0xDB.0x98.0x01.0xE0.0xFF.0xC5.0x84.0xA6.0x0E.0x68.0xC7.0x17
[user 0.4160]
value=0x7B.0x00
[user 0.4161]
value=0x7B.0x00
[user 0.4162]
value=0x7B.0x00
[user 0.4163]
value=0x08.0x4E.0xB8.0x65.0xBC.0xAD
[user 0.4164]
value=0x78.0x30.0xA3.0x2A
[user 0.4165]
value=0x7B.0x00
[user 0.4166]
value=0x7A.0x00
[user 0.4171]
value=0x7B.0x00
[user 0.4172]
value=0x4B
[user 0.4173]
value=0x4B
[user 0.4175]
value=0x0A.0x70.0xE3.0x46.0x80.0xCE.0x55.0xBA.0xA4.0x9F.0xDF.0xA8.0x7D.0x3E.0x91.0x72.0x58.0xE5.0x22
[user 0.4176]
value=0x4B
[user 0.4177]
value=0x78.0x00
[user 0.4178]
value=0x4B
[user 0.4179]
value=0x7B.0x00
[user 0.4185]
value=0x7B.0x00
[user 0.4186]
value=0x78.0x30.0xA3.0x2A
[user 0.4187]
value=0x78.0x36.0xA3.0x1A.0xD9.0xAD
[user 0.4188]
value=0x7B.0x00
[user 0.4203]
value=0x78.0x30.0x93
[user 0.4218]
value=0x7A.0x00
[user 0.4231]
value=0x7B.0x00
[user 1.1]
value=0x23.0x61.0xE3.0x5A.0x90.0xDB.0x44.0xA0.0xCD
[user 1.2]
value=0x04.0x6D.0xD3.0x42.0xA9.0x8C.0x34
[user 1.4109]
value=0x7A.0x00
[user 1.4126]
value=0x79.0x00
[user 2.1]
value=0x7D.0x36.0xBD.0x19.0xDE.0x83.0x06.0xFA.0xFF.0xDE.0x83.0xBE.0x3C
[user 2.2]
value=0x04.0x6D.0xD3.0x42.0xA9.0x8C.0x34
[user 2.11]
value=0x4B
[user 2.28]
value=0x7B.0x00
[user 2.4107]
value=0x7F.0x00
[user 2.4108]
value=0x07.0x32.0xDF.0x10.0xC9.0xDD.0x5D.0xB6.0xFD.0xC1.0xB1
[user 2.4126]
value=0x7A.0x00
[user 2.4164]
value=0x7A.0x30.0x93
[group 1]
name=happyvpn
password=0xCD.0xA6.0x65.0x92.0x1A.0x57.0x44
type=1
[group 2]
name=66.37.242.26
password=0xCD.0xA6.0x65.0x92.0x1A.0x57.0x44
type=1
[ppp]
lcpEnable=1
lcpMru=1500
lcpMagicNumber=2
lcpFcsSize=1
lcpLocalAuthType=7
lcpRemoteAuthType=7
lcpProtocolComp=2
lcpAcfcComp=2
lcpQualityProt=1
lcpQualityProtPeriod=100
lcpLocalAccm=0
lcpChapAlg=5
lcpEapConfigAlg=4
ccpEnable=2
ccpCompType=18
ccpMppcEncryptStrength=1
ipcpEnable=1
ipcpCompType=2
ipcpMaxSlotId=15
ipcpCompSlotId=2
pptpEncrypt=6
pptpMinAuth=34
l2tpEncrypt=6
l2tpMinAuth=34
pptpCompress=2
l2tpCompress=2
[telnet]
enable=1
port=23
maxconn=5
[pptp]
enable=2
tunnelidlemax=5
windowsize=16
maxtunnels=0
maxsessionspertunnel=0
ppd=1
ackdelaytime=500
peeracktimeout=3
honorxmitwin=2
[l2tp]
enable=2
tunnelidlemax=60
controlwindowsize=4
rexmitinterval=1
rexmitcount=4
maxtunnels=0
maxsessionspertunnel=0
hellointerval=60
[hours 2]
name=Never
sunctrl=2
sunstart=0
sunend=86399
monctrl=2
monstart=0
monend=86399
tuectrl=2
tuestart=0
tueend=86399
wedctrl=2
wedstart=0
wedend=86399
thuctrl=2
thustart=0
thuend=86399
frictrl=2
fristart=0
friend=86399
satctrl=2
satstart=0
satend=86399
[hours 3]
name=Business Hours
sunctrl=2
sunstart=0
sunend=86399
monctrl=1
monstart=32400
monend=61200
tuectrl=1
tuestart=32400
tueend=61200
wedctrl=1
wedstart=32400
wedend=61200
thuctrl=1
thustart=32400
thuend=61200
frictrl=1
fristart=32400
friend=61200
satctrl=2
satstart=0
satend=86399
[dns]
enable=1
DomainName=happycabcompany.local
PrimaryServer=10.0.1.4
SecondaryServer=0.0.0.0
TerciaryServer=0.0.0.0
QueryTimeout=2
QueryRetry=2
[routes 1]
rowstatus=1
address=0.0.0.0
mask=0.0.0.0
gate=66.37.242.17
metric=1
ifindex=0
[tftp]
enable=2
port=69
maxconns=5
timeout=10
[ftp]
enable=1
port=21
maxconns=5
[ipaddrgbl]
useClientAddr=2
useAuthAddr=2
useDhcpAddr=1
useLocalAddr=2
reuseDelayTime=0
[watchdog]
enable=1
timeout=5
reset=1
[ospf]
routerId=0.0.0.0
adminstat=2
auto=2
[ospfArea 0.0.0.0]
ImportASExtern=1
AreaSummary=2
AreaStatus=1
[ipglobals]
deftunnelgateway=10.0.1.2
rtrDiscEnable=2
natEnable=1
natTunnelEnable=2
syncall=1
locDefGwPref=2
redistClients=2
redistNetExt=2
synCookies=1
[dhcp]
enable=1
LeaseTimeout=120
Port=67
RetransmissionTimeout=2
RetryLimit=2
[dhcpserver 1]
Priority=1
Name=10.0.1.4
Port=67
[dhcp_server]
enable=1
LeaseTimeout=120
Relay=2
RelayAddr=0.0.0.0
RelayMask=0.0.0.0
IntMSHack=1
[natrules 2.1]
rowstatus=1
name=
srcIp=10.0.1.0
srcMsk=255.255.255.0
dstIp=66.37.242.27
dstMsk=255.255.255.255
RemoteIp=0.0.0.0
RemoteMask=255.255.255.255
action=7
portmin=49152
portmax=65535
direct=2
protocol=255
tunneled=2
type=3
[ospfif 10.0.1.7.0]
adminstat=2
areaid=0.0.0.0
priority=1
retrans=5
hello=10
dead=40
type=0
key=0xE7.0xAF.0x96.0x13.0x08.0x18.0x2F.0x78
transit=1
[ospfif 66.37.242.27.0]
adminstat=2
areaid=0.0.0.0
priority=1
retrans=5
hello=10
dead=40
type=0
key=0xE7.0xAF.0x96.0x13.0x08.0x18.0x2F.0x78
transit=1
[ospfifmetric 10.0.1.7.0.0]
metric=1
[ospfifmetric 66.37.242.27.0.0]
metric=1
[ipseclan2lan 2.1]
name=pix01
peer=66.37.242.26
group=2
inbound=42
outbound=43
sa=9
discovery=2
autoinbound=0
autooutbound2=0
autonetlist=0
rri=2
enable=1
[ssl]
ciphers=31
clientauth=2
version=1
generate=1
keysize=3
rekey=86400
[ntp]
SyncFrequency=60
[networklistname 1]
displayname=VPN Client Local LAN (Default)
[networklistaddress 1.1]
ipaddress=10.0.1.0
wcmask=0.0.0.255
[ikeproposal 1]
pri=2
name=IKE-3DES-MD5
authmode=1
authalg=2
encralg=2
lifemode=1
lifekbytes=10000
lifeseconds=86400
dhgroup=2
keylength=0
[ikeproposal 2]
pri=4
name=IKE-DES-MD5
authmode=1
authalg=2
encralg=1
lifemode=1
lifekbytes=10000
lifeseconds=86400
dhgroup=1
keylength=0
[ikeproposal 3]
pri=6
name=IKE-3DES-MD5-RSA
authmode=2
authalg=2
encralg=2
lifemode=1
lifekbytes=10000
lifeseconds=86400
dhgroup=2
keylength=0
[ikeproposal 4]
pri=0
name=IKE-3DES-SHA-DSA
authmode=3
authalg=3
encralg=2
lifemode=1
lifekbytes=10000
lifeseconds=86400
dhgroup=2
keylength=0
[ikeproposal 5]
pri=3
name=IKE-3DES-MD5-DH1
authmode=1
authalg=2
encralg=2
lifemode=1
lifekbytes=10000
lifeseconds=86400
dhgroup=1
keylength=0
[ikeproposal 6]
pri=0
name=IKE-3DES-MD5-RSA-DH1
authmode=2
authalg=2
encralg=2
lifemode=1
lifekbytes=10000
lifeseconds=86400
dhgroup=1
keylength=0
[ikeproposal 7]
pri=5
name=IKE-3DES-MD5-DH7
authmode=1
authalg=2
encralg=2
lifemode=1
lifekbytes=10000
lifeseconds=86400
dhgroup=7
keylength=0
[ikeproposal 8]
pri=0
name=IKE-DES-MD5-DH7
authmode=1
authalg=2
encralg=1
lifemode=1
lifekbytes=10000
lifeseconds=86400
dhgroup=7
keylength=0
[ikeproposal 9]
pri=0
name=CiscoVPNClient-3DES-MD5-RSA
authmode=5
authalg=2
encralg=2
lifemode=1
lifekbytes=10000
lifeseconds=86400
dhgroup=2
keylength=0
[ikeproposal 10]
pri=0
name=CiscoVPNClient-3DES-SHA-DSA
authmode=6
authalg=3
encralg=2
lifemode=1
lifekbytes=10000
lifeseconds=86400
dhgroup=2
keylength=0
[ikeproposal 11]
pri=1
name=CiscoVPNClient-3DES-MD5
authmode=4
authalg=2
encralg=2
lifemode=1
lifekbytes=10000
lifeseconds=86400
dhgroup=2
keylength=0
[ikeproposal 12]
pri=7
name=CiscoVPNClient-3DES-MD5-DH5
authmode=4
authalg=2
encralg=2
lifemode=1
lifekbytes=10000
lifeseconds=86400
dhgroup=5
keylength=0
[ikeproposal 13]
pri=0
name=CiscoVPNClient-3DES-MD5-RSA-DH5
authmode=5
authalg=2
encralg=2
lifemode=1
lifekbytes=10000
lifeseconds=86400
dhgroup=5
keylength=0
[ikeproposal 14]
pri=0
name=CiscoVPNClient-3DES-SHA-DSA-DH5
authmode=6
authalg=3
encralg=2
lifemode=1
lifekbytes=10000
lifeseconds=86400
dhgroup=5
keylength=0
[ikeproposal 15]
pri=8
name=CiscoVPNClient-AES128-SHA
authmode=4
authalg=3
encralg=3
lifemode=1
lifekbytes=10000
lifeseconds=86400
dhgroup=2
keylength=128
[ikeproposal 16]
pri=9
name=IKE-AES128-SHA
authmode=1
authalg=3
encralg=3
lifemode=1
lifekbytes=10000
lifeseconds=86400
dhgroup=2
keylength=128
[ikeproposal 17]
pri=0
name=CiscoVPNClient-AES256-SHA
authmode=4
authalg=3
encralg=3
lifemode=1
lifekbytes=10000
lifeseconds=86400
dhgroup=2
keylength=256
[ikeproposal 18]
pri=0
name=IKE-AES256-SHA
authmode=1
authalg=3
encralg=3
lifemode=1
lifekbytes=10000
lifeseconds=86400
dhgroup=2
keylength=256
[ikeproposal 142]
pri=12
name=HYBRID_AES256_SHA_RSA_DH5
authmode=10
authalg=3
encralg=3
lifemode=1
lifekbytes=10000
lifeseconds=86400
dhgroup=5
keylength=256
[ikeproposal 143]
pri=13
name=HYBRID_AES256_SHA_RSA_DH2
authmode=10
authalg=3
encralg=3
lifemode=1
lifekbytes=10000
lifeseconds=86400
dhgroup=2
keylength=256
[ikeproposal 144]
pri=14
name=HYBRID_AES192_SHA_RSA_DH2
authmode=10
authalg=3
encralg=3
lifemode=1
lifekbytes=10000
lifeseconds=86400
dhgroup=2
keylength=192
[ikeproposal 145]
pri=15
name=HYBRID_3DES_SHA_RSA_DH5
authmode=10
authalg=3
encralg=2
lifemode=1
lifekbytes=10000
lifeseconds=86400
dhgroup=5
keylength=0
[ikeproposal 146]
pri=16
name=HYBRID_3DES_SHA_RSA_DH2
authmode=10
authalg=3
encralg=2
lifemode=1
lifekbytes=10000
lifeseconds=86400
dhgroup=2
keylength=0
[ikeproposal 147]
pri=0
name=HYBRID_AES128_SHA_RSA_DH2
authmode=10
authalg=3
encralg=3
lifemode=1
lifekbytes=10000
lifeseconds=86400
dhgroup=2
keylength=128
[ikeproposal 148]
pri=0
name=HYBRID_3DES_MD5_RSA_DH5
authmode=10
authalg=2
encralg=2
lifemode=1
lifekbytes=10000
lifeseconds=86400
dhgroup=5
keylength=0
[ikeproposal 149]
pri=0
name=HYBRID_3DES_MD5_RSA_DH2
authmode=10
authalg=2
encralg=2
lifemode=1
lifekbytes=10000
lifeseconds=86400
dhgroup=2
keylength=0
[ikeproposal 150]
pri=10
name=CRACK-3DES-SHA-DH2
authmode=14
authalg=3
encralg=2
lifemode=1
lifekbytes=10000
lifeseconds=86400
dhgroup=2
keylength=0
[ikeproposal 151]
pri=11
name=CRACK-AES128-SHA-DH2
authmode=14
authalg=3
encralg=3
lifemode=1
lifekbytes=10000
lifeseconds=86400
dhgroup=2
keylength=128
[ikeproposal 152]
pri=0
name=CRACK-AES256-SHA-DH5
authmode=14
authalg=3
encralg=3
lifemode=1
lifekbytes=10000
lifeseconds=86400
dhgroup=5
keylength=256
[ikeproposal 153]
pri=0
name=CRACK-3DES-SHA1-DH5
authmode=14
authalg=3
encralg=2
lifemode=1
lifekbytes=10000
lifeseconds=86400
dhgroup=5
keylength=0
[hardware]
CpuVoltageLow=242
CpuVoltageHigh=297
Ps1Voltage3vLow=324
Ps1Voltage3vHigh=396
Ps1Voltage5vLow=476
Ps1Voltage5vHigh=582
Ps2Voltage3vLow=324
Ps2Voltage3vHigh=396
Ps2Voltage5vLow=476
Ps2Voltage5vHigh=582
BoardVoltage3vLow=297
BoardVoltage3vHigh=362
BoardVoltage5vLow=450
BoardVoltage5vHigh=550
CageTempLow=0
CageTempHigh=50
CpuTempLow=0
CpuTempHigh=50
Fan1RpmLow=3000
Fan2RpmLow=3000
Fan3RpmLow=3000
[ssh]
enable=2
port=22
maxsess=4
encrypt=44
keyregen=60
scp=1
[lbssf]
enable=2
sskey=0x2C
port=9023
address=0.0.0.0
priority=1
keepaliveinterval=2
natmapping=0.0.0.0
arptimeout=1
securedata=1
faultzone=1
dupmastercheck=30
webvpnfqdnredir=1
webvpnmaxcache=0
[session]
sessionLimit=200
webvpnSessionLimit=50
[auto_update]
AutoUpdateEnabled=1
RetryLimit=20
RetryInterval=300
ClientLimit=10
ClientInterval=180
[group_match]
Enabled=2
GroupFromOu=1
DefaultAction=2
DefaultGroup=0
[xml]
enable=1
[iphold 1]
net=10.0.2.0
mask=255.255.255.0
[fwgbl]
port=5054
failclose=2
timeout=5
clientauth=2
[ctcp]
enable=2
[ctcp_port 10000]
port=1
[natt]
enable=1
[intfbw 1]
linkrate=1544000
policy=0
enbw=2
[intfbw 2]
linkrate=1544000
policy=0
enbw=2
[intfbw 3]
linkrate=1544000
policy=0
enbw=2
[grpbw 2.2]
mingrpbw=0
mingrpbwu=1
intf=0
[notify]
discevents=1
[fips]
FipsCertsRequired=2
[webvpnportal]
title=WebVPN Services
login=Please enter your username and password.
loginprompt=Username
passwordprompt=Password
logout=Your session has been terminated.
titlecolor=#9999CC
secondarycolor=#CCCCFF
titletextcolor=2
secondarytextcolor=1
logo=1
encoding=2
[email]
servdelimitor=@
namedelimitor=:
defaultdomain=
pop3port=995
pop3defserver=
pop3auth=5
imapport=993
imapdefserver=
imapauth=5
smtpport=988
smtpdefserver=
smtpauth=4
[nbns]
Enabled=1
PrimaryServer=10.0.1.4
SecondaryServer=0.0.0.0
TertiaryServer=0.0.0.0
QueryTimeout=2
QueryRetry=2
ServerType=2
[securedesktop]
securedesktop=2
[stc]
stc=2
[nac]
retxtimer=3
holdtimer=180
eouretries=3
eouport=21862
clientlessenable=1
clientlessuser=clientless
clientlesspassword=0xD3.0x9A.0x51.0x7E.0x8E.0x1E.0xAB.0x97.0xEF.0x78.0x82
[End]



0
Comment
Question by:chrisglissman
  • 4
  • 3
8 Comments
 
LVL 28

Expert Comment

by:batry_boy
ID: 22809764
0
 

Author Comment

by:chrisglissman
ID: 22809824
i do not need to connet the cisco vpn 3005 behind the pix i am using the pix for remote location to connect to the vpn 3005.

thanks
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22811362
Here's a good guide
http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a00800949d2.shtml

Your acls reference inside and outside interfaces and they should reference local and remote networks.
i.e.
NO:
access-list inside_outbound_nat0_acl permit ip interface inside interface outside
access-list outside_cryptomap_20 permit ip interface inside interface outside

YES:
access-list inside_outbound_nat0_acl permit ip <local subnet> <mask> <remote subnet> <mask>
access-list outside_cryptomap_20 permit ip <local subnet> <mask> <remote subnet> <mask>

One of your problems is that both the VPN3000 and the PIX have the same IP subnet inside
VPN3000 address=10.0.1.7
PIX Inside = ip address inside 10.0.1.23
They need to be different IP subnets
0
 

Author Comment

by:chrisglissman
ID: 22826645
Can the pix at the remote site have a standrd cable modem via dhcp on the outside interface and still connect to the corp site??

0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 79

Expert Comment

by:lrmoore
ID: 22826888
Yes, it can, no problem. Cable IP addresses don't change very often like DSL dynamic addresses do.

Making the PIX a EZVPN client with ASA5500 at HQ as EZVPN Server is best option for remote sites that get dynamic public IP addresses.

0
 

Author Comment

by:chrisglissman
ID: 22827025
i am not using a asa5500 device i am using a cisco vpn consentrator 3005

can the 3005 be a easy vpn server??
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22827214
No, but like I said, cable connected end devices do not change IP address very often, if ever, so it is not generally a problem.
This document shows how to setup the VPn3000 as EzVPN with router as client. Same concept and almost same config on PIX
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800945cf.shtml
0
 

Accepted Solution

by:
chrisglissman earned 0 total points
ID: 22827341
lrmoore i thank you for your help in getting this set up on my network.

i would like to tell you all the hardware that i am using and what goes to what before i move on because i am not understanding.

Here is a visio layout of my set up


visco-data-1.gif
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now