Shakthi777
asked on
Trying to get working L2TP over IPSec on local user authentication plz HELP ???
Hi Experts,
I'm trying to get working L2TP over IPSec on local user authentication in my PIX fail over setup.
(I need to use windows VPN clients)
Please advice !
I'm trying to get working L2TP over IPSec on local user authentication in my PIX fail over setup.
(I need to use windows VPN clients)
Please advice !
fw01(config)# sh run
: Saved
:
PIX Version 8.0(4)
!
hostname fw01
domain-name company.local
enable password DRoOs2EWSVtHzPat encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0
nameif outside
security-level 0
ip address 2x1.12x.5x.2 255.255.255.224
ospf cost 10
!
interface Ethernet1
nameif inside
security-level 100
ip address 192.168.2.254 255.255.255.0
ospf cost 10
!
interface Ethernet2
description LAN/STATE Failover Interface
!
interface Ethernet3
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet4
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet5
shutdown
no nameif
no security-level
no ip address
!
ftp mode passive
clock timezone EST 10
clock summer-time EDT recurring last Sun Oct 2:00 last Sun Mar 3:00
dns server-group DefaultDNS
domain-name company.local
access-list inside_nat0_outbound extended permit ip any 192.168.3.0 255.255.255.192
access-list 110 extended permit tcp any host 2x1.12x.5x.28 eq 3389
access-list 110 extended permit tcp any host 2x1.12x.5x.8 eq ftp
access-list 110 extended permit tcp any host 2x1.12x.5x.8 eq www
access-list 110 extended permit tcp any host 2x1.12x.5x.8 eq 3389
access-list 110 extended permit tcp any host 2x1.12x.5x.10 eq 3389
access-list 110 extended permit tcp any host 2x1.12x.5x.13 eq www
access-list 110 extended permit tcp any host 2x1.12x.5x.14 eq www
access-list 110 extended permit tcp any host 2x1.12x.5x.15 eq www
access-list 110 extended permit tcp any host 2x1.12x.5x.16 eq www
access-list 110 extended permit tcp any host 2x1.12x.5x.18 eq www
access-list 110 extended permit tcp any host 2x1.12x.5x.9 eq https
access-list 110 extended permit tcp any host 2x1.12x.5x.9 eq smtp
access-list 110 extended permit tcp any host 2x1.12x.5x.9 eq pop3
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
ip local pool VPN-POOL1 192.168.3.1-192.168.3.50 mask 255.255.255.0
failover
failover lan unit primary
failover lan interface LANFALL Ethernet2
failover lan enable
failover key *****
failover link LANFALL Ethernet2
failover interface ip LANFALL 172.17.100.1 255.255.255.0 standby 172.17.100.7
icmp unreachable rate-limit 1 burst-size 1
asdm image flash:/asdm-615.bin
no asdm history enable
arp timeout 14400
global (outside) 1 2x1.12x.5x.25-2x1.12x.5x.26 netmask 255.255.255.224
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 2x1.12x.5x.28 192.168.2.199 netmask 255.255.255.255
static (inside,outside) 2x1.12x.5x.8 192.168.2.47 netmask 255.255.255.255
static (inside,outside) 2x1.12x.5x.10 192.168.2.90 netmask 255.255.255.255
static (inside,outside) 2x1.12x.5x.13 192.168.2.80 netmask 255.255.255.255
static (inside,outside) 2x1.12x.5x.14 192.168.2.81 netmask 255.255.255.255
static (inside,outside) 2x1.12x.5x.15 192.168.2.11 netmask 255.255.255.255
static (inside,outside) 2x1.12x.5x.16 192.168.2.68 netmask 255.255.255.255
static (inside,outside) 2x1.12x.5x.18 192.168.2.111 netmask 255.255.255.255
static (inside,outside) 2x1.12x.5x.19 192.168.2.69 netmask 255.255.255.255
static (inside,outside) 2x1.12x.5x.9 192.168.2.14 netmask 255.255.255.255
access-group 110 in interface outside
route outside 0.0.0.0 0.0.0.0 2x1.12x.5x.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.2.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set TRANS_ESP_3DES_SHA ESP-3DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 28800
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime kilobytes 4608000
crypto map outside_map 65535 set security-association lifetime seconds 28800
crypto map outside_map 65535 set security-association lifetime kilobytes 4608000
crypto map outside_map0 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map0 interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
telnet 192.168.2.0 255.255.255.0 inside
telnet timeout 60
ssh 0.0.0.0 0.0.0.0 outside
ssh 192.168.2.0 255.255.255.255 inside
ssh timeout 60
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 192.168.2.14
vpn-tunnel-protocol IPSec l2tp-ipsec
default-domain value company..local
username test password OfDn5Zvl2478ObbvgermPQ== nt-encrypted privilege 0
username test attributes
vpn-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup general-attributes
address-pool VPN-POOL1
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
tunnel-group DefaultRAGroup ppp-attributes
no authentication chap
!
!
prompt hostname context
Cryptochecksum:f2b6204da6a3851ae7930c3c8f43e44a
: end
fw01(config)#
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Forgot to mention add "sysopt connection permit-vpn" if you haven't already.
ASKER
This is the latest config, can you please advise on what to change or add exactly ???
Thanks a lot for you time !
Thanks a lot for you time !
FW1(config)# sh run
: Saved
:
PIX Version 8.0(4)
!
hostname FW1
domain-name company.local
enable password DRoOs2EWSVtHzPat encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0
nameif outside
security-level 0
ip address 2xx.xx.44.2 255.255.255.224
ospf cost 10
!
interface Ethernet1
nameif inside
security-level 100
ip address 192.168.2.254 255.255.255.0
ospf cost 10
!
interface Ethernet2
description LAN/STATE Failover Interface
!
interface Ethernet3
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet4
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet5
shutdown
no nameif
no security-level
no ip address
!
ftp mode passive
clock timezone EST 10
clock summer-time EDT recurring last Sun Oct 2:00 last Sun Mar 3:00
dns server-group DefaultDNS
domain-name company.local
access-list inside_nat0_outbound extended permit ip any 192.168.3.0 255.255.255.192
access-list 110 extended permit tcp any host 2xx.xx.44.28 eq 3389
access-list 110 extended permit tcp any host 2xx.xx.44.8 eq ftp
access-list 110 extended permit tcp any host 2xx.xx.44.8 eq www
access-list 110 extended permit tcp any host 2xx.xx.44.8 eq 3389
access-list 110 extended permit tcp any host 2xx.xx.44.10 eq 3389
access-list 110 extended permit tcp any host 2xx.xx.44.14 eq www
access-list 110 extended permit tcp any host 2xx.xx.44.15 eq www
access-list 110 extended permit tcp any host 2xx.xx.44.16 eq www
access-list 110 extended permit tcp any host 2xx.xx.44.18 eq www
access-list 110 extended permit tcp any host 2xx.xx.44.9 eq https
access-list 110 extended permit tcp any host 2xx.xx.44.9 eq smtp
access-list 110 extended permit tcp any host 2xx.xx.44.9 eq pop3
access-list 110 extended permit tcp any host 2xx.xx.44.20 eq 8080
access-list 110 extended permit tcp any host 2xx.xx.44.20 eq 8081
access-list 110 extended permit tcp any host 2xx.xx.44.21 eq www
access-list 110 extended permit tcp any host 2xx.xx.44.19 eq 8080
access-list 110 extended permit tcp any host 2xx.xx.44.23 eq www
access-list 110 extended permit tcp any host 2xx.xx.44.13 eq www
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
ip local pool VPN-POOL1 192.168.3.1-192.168.3.50 mask 255.255.255.0
failover
failover lan unit primary
failover lan interface LANFALL Ethernet2
failover lan enable
failover key *****
failover link LANFALL Ethernet2
failover interface ip LANFALL 172.17.100.1 255.255.255.0 standby 172.17.100.7
icmp unreachable rate-limit 1 burst-size 1
asdm image flash:/asdm-615.bin
no asdm history enable
arp timeout 14400
global (outside) 1 2xx.xx.44.25-2xx.xx.44.26 netmask 255.255.255.224
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 2 192.168.220.0 255.255.255.0
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp 2xx.xx.44.19 8080 192.168.2.69 www netmask 255.255.255.255
static (inside,outside) tcp 2xx.xx.44.22 www 192.168.2.82 8080 netmask 255.255.255.255
static (inside,outside) tcp 2xx.xx.44.13 www 192.168.2.82 4000 netmask 255.255.255.255
static (inside,outside) 2xx.xx.44.8 192.168.2.47 netmask 255.255.255.255
static (inside,outside) 2xx.xx.44.10 192.168.2.90 netmask 255.255.255.255
static (inside,outside) 2xx.xx.44.14 192.168.2.81 netmask 255.255.255.255
static (inside,outside) 2xx.xx.44.15 192.168.2.11 netmask 255.255.255.255
static (inside,outside) 2xx.xx.44.16 192.168.2.68 netmask 255.255.255.255
static (inside,outside) 2xx.xx.44.18 192.168.2.111 netmask 255.255.255.255
static (inside,outside) 2xx.xx.44.9 192.168.2.14 netmask 255.255.255.255
static (inside,outside) 2xx.xx.44.20 192.168.2.13 netmask 255.255.255.255
static (inside,outside) 2xx.xx.44.21 192.168.2.112 netmask 255.255.255.255
access-group 110 in interface outside
route outside 0.0.0.0 0.0.0.0 2xx.xx.44.1 1
route inside 192.168.220.0 255.255.255.0 192.168.2.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.2.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 mode transport
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set TRANS_ESP_3DES_SHA ESP-3DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 28800
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime kilobytes 4608000
crypto map outside_map 65535 set security-association lifetime seconds 28800
crypto map outside_map 65535 set security-association lifetime kilobytes 4608000
crypto map outside_map0 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map0 interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
telnet 192.168.2.0 255.255.255.0 inside
telnet timeout 60
ssh 0.0.0.0 0.0.0.0 outside
ssh 192.168.2.0 255.255.255.255 inside
ssh timeout 60
console timeout 0
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 192.168.2.14
vpn-tunnel-protocol IPSec l2tp-ipsec
default-domain value company.local
username test password OfDn5Zvl2478ObbvgermPQ== nt-encrypted privilege 0
username test attributes
vpn-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup general-attributes
address-pool VPN-POOL1
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
tunnel-group DefaultRAGroup ppp-attributes
no authentication chap
authentication ms-chap-v2
!
!
prompt hostname context
Cryptochecksum:a457a5a0bc930a2380f192573778b8b8
: end
FW1(config)#
Hi,
What windows version running on client computers?
What windows version running on client computers?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
# crypto map outside_map0 65535 ipsec-isakmp dynamic SYSTEM_$
WARNING: Existing map is being linked to dynamic-map: SYSTEM_DEFAULT_CRYPTO_MAP.
All static attributes in existing map will be inactive!
I got a WARNING please advise ?????
WARNING: Existing map is being linked to dynamic-map: SYSTEM_DEFAULT_CRYPTO_MAP.
All static attributes in existing map will be inactive!
I got a WARNING please advise ?????
ASKER
still no luck, same situation...
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 mode transport
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set TRANS_ESP_3DES_SHA ESP-3DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 28800
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime kilobytes 4608000
crypto map outside_map 65535 set security-association lifetime seconds 28800
crypto map outside_map 65535 set security-association lifetime kilobytes 4608000
crypto map outside_map0 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map0 interface outside
crypto isakmp enable outside
crypto isakmp policy 10
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
# no crypto map outside_map0 65535 ipsec-isakmp dynamic SYST$
WARNING: The crypto map entry is incomplete!
I got another warning.. please let me know how to remove it..
Did you add "sysopt connection permit-vpn"?
YES
What is your client OS
WIndows XP
and are you certain that it is able to reach the outside IP of the PIX?
YEP
WARNING: The crypto map entry is incomplete!
I got another warning.. please let me know how to remove it..
Did you add "sysopt connection permit-vpn"?
YES
What is your client OS
WIndows XP
and are you certain that it is able to reach the outside IP of the PIX?
YEP
ASKER
Latest config
FW1(config)# sh run
: Saved
:
PIX Version 8.0(4)
!
hostname FW1
domain-name company.local
enable password DRoOs2EWSVtHzPat encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0
nameif outside
security-level 0
ip address 2xx.xx.44.2 255.255.255.224
ospf cost 10
!
interface Ethernet1
nameif inside
security-level 100
ip address 192.168.2.254 255.255.255.0
ospf cost 10
!
interface Ethernet2
description LAN/STATE Failover Interface
!
interface Ethernet3
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet4
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet5
shutdown
no nameif
no security-level
no ip address
!
ftp mode passive
clock timezone EST 10
clock summer-time EDT recurring last Sun Oct 2:00 last Sun Mar 3:00
dns server-group DefaultDNS
domain-name company.local
access-list inside_nat0_outbound extended permit ip any 192.168.3.0 255.255.255.192
access-list 110 extended permit tcp any host 2xx.xx.44.28 eq 3389
access-list 110 extended permit tcp any host 2xx.xx.44.8 eq ftp
access-list 110 extended permit tcp any host 2xx.xx.44.8 eq www
access-list 110 extended permit tcp any host 2xx.xx.44.8 eq 3389
access-list 110 extended permit tcp any host 2xx.xx.44.10 eq 3389
access-list 110 extended permit tcp any host 2xx.xx.44.14 eq www
access-list 110 extended permit tcp any host 2xx.xx.44.15 eq www
access-list 110 extended permit tcp any host 2xx.xx.44.16 eq www
access-list 110 extended permit tcp any host 2xx.xx.44.18 eq www
access-list 110 extended permit tcp any host 2xx.xx.44.9 eq https
access-list 110 extended permit tcp any host 2xx.xx.44.9 eq smtp
access-list 110 extended permit tcp any host 2xx.xx.44.9 eq pop3
access-list 110 extended permit tcp any host 2xx.xx.44.20 eq 8080
access-list 110 extended permit tcp any host 2xx.xx.44.20 eq 8081
access-list 110 extended permit tcp any host 2xx.xx.44.21 eq www
access-list 110 extended permit tcp any host 2xx.xx.44.19 eq 8080
access-list 110 extended permit tcp any host 2xx.xx.44.23 eq www
access-list 110 extended permit tcp any host 2xx.xx.44.13 eq www
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
ip local pool VPN-POOL1 192.168.3.1-192.168.3.50 mask 255.255.255.0
failover
failover lan unit primary
failover lan interface LANFALL Ethernet2
failover lan enable
failover key *****
failover link LANFALL Ethernet2
failover interface ip LANFALL 172.17.100.1 255.255.255.0 standby 172.17.100.7
icmp unreachable rate-limit 1 burst-size 1
asdm image flash:/asdm-615.bin
no asdm history enable
arp timeout 14400
global (outside) 1 2xx.xx.44.25-2xx.xx.44.26 netmask 255.255.255.224
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp 2xx.xx.44.19 8080 192.168.2.69 www netmask 255.255.255.255
static (inside,outside) tcp 2xx.xx.44.22 www 192.168.2.82 8080 netmask 255.255.255.255
static (inside,outside) tcp 2xx.xx.44.13 www 192.168.2.83 4000 netmask 255.255.255.255
static (inside,outside) 2xx.xx.44.8 192.168.2.47 netmask 255.255.255.255
static (inside,outside) 2xx.xx.44.10 192.168.2.90 netmask 255.255.255.255
static (inside,outside) 2xx.xx.44.14 192.168.2.81 netmask 255.255.255.255
static (inside,outside) 2xx.xx.44.15 192.168.2.11 netmask 255.255.255.255
static (inside,outside) 2xx.xx.44.16 192.168.2.68 netmask 255.255.255.255
static (inside,outside) 2xx.xx.44.18 192.168.2.111 netmask 255.255.255.255
static (inside,outside) 2xx.xx.44.9 192.168.2.14 netmask 255.255.255.255
static (inside,outside) 2xx.xx.44.20 192.168.2.13 netmask 255.255.255.255
static (inside,outside) 2xx.xx.44.21 192.168.2.112 netmask 255.255.255.255
access-group 110 in interface outside
route outside 0.0.0.0 0.0.0.0 2xx.xx.44.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.2.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 mode transport
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set TRANS_ESP_3DES_SHA ESP-3DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 28800
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime kilobytes 4608000
crypto map outside_map 65535 set security-association lifetime seconds 28800
crypto map outside_map 65535 set security-association lifetime kilobytes 4608000
crypto map outside_map0 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map0 interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
telnet 192.168.2.0 255.255.255.0 inside
telnet timeout 60
ssh 0.0.0.0 0.0.0.0 outside
ssh 192.168.2.0 255.255.255.255 inside
ssh timeout 60
console timeout 0
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 192.168.2.14
vpn-tunnel-protocol IPSec l2tp-ipsec
default-domain value company.local
username test password OfDn5Zvl2478ObbvgermPQ== nt-encrypted privilege 0
username test attributes
vpn-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup general-attributes
address-pool VPN-POOL1
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
tunnel-group DefaultRAGroup ppp-attributes
no authentication chap
authentication ms-chap-v2
!
!
prompt hostname context
Cryptochecksum:06de1410245db0f0cb11f98609634c62
: end
FW1(config)#
ASKER
ikalmar:
Windows XP, Windows 7
Windows XP, Windows 7
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Tnx a lot for you time !