khanhcoi77
11-07-2005, 09:17 PM
chảo các bác,
các bác giúp mình với!
mình có mô hình mạng config VPN
Pix <-> internet <-> Router
-------------------------------------------
Cấu hình của Pix
----------------------------------------------
access-list out_vpn permit ip 10.20.0.0 255.255.0.0 10.16.0.0 255.255.0.0
nat (inside) 0 access-list out_vpn
sysopt connection permit-ipsec
isakmp key vietnam address 210.245.4.1 netmask 255.255.255.255
crypto ipsec transform-set tovietnam esp-des esp-md5-hmac
crypto map tovietnam 40 ipsec-isakmp
crypto map tovietnam 40 match address out_vpn
crypto map tovietnam 40 set peer 210.245.4.1
crypto map tovietnam 40 set transform-set tovietnam
crypto map tovietnam interface outside
isakmp enable outside
isakmp policy 40 authentication pre-share
isakmp policy 40 encryption des
isakmp policy 40 hash md5
isakmp policy 40 group 2
isakmp policy 40 lifetime 86400
----------------------------------------------
cau hinh Router (mình sài Megabiz)
đường này mình cho sử dụng internet và làm VPN luôn
------------------------------------------------
Current configuration : 2743 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname VPN-tomalayxia
!
enable secret 123456.
enable password 123456
!
username dumex password 123456
ip subnet-zero
!
!
!
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
!
!
!
crypto isakmp policy 40
hash md5
group 2
crypto isakmp key vietnam address 203.142.25.10
!
!
crypto ipsec transform-set to-malayxia esp-des esp-md5-hmac
!
crypto map vpn 40 ipsec-isakmp
set peer 203.142.25.10
set transform-set to-malayxia
match address 111
!
!
!
!
interface Ethernet0
no ip address
half-duplex
pppoe enable
pppoe-client dial-pool-number 1
!
interface FastEthernet0
ip address 10.16.1.1 255.255.0.0
ip nat inside
speed auto
!
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
!
interface Dialer1
mtu 1492
ip address negotiated
ip nat outside
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer idle-timeout 180 either
dialer hold-queue 100
dialer-group 1
ppp pap sent-username dsl-046868-86 password 4265311332
crypto map vpn
!
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source route-map nonat pool to-malay overload
ip nat inside source static 10.16.1.6 210.245.4.2
ip nat inside source static 10.16.1.12 210.245.4.3
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
ip http authentication local
!
!
access-list 1 permit 10.16.0.0 0.0.255.255
access-list 111 permit ip 10.16.0.0 0.0.255.255 10.20.0.0 0.0.255.255
!
route-map nonat permit 10
match ip address 111
!
snmp-server community public RO
snmp-server enable traps tty
!
line con 0
password 123456
login
line aux 0
line vty 0 4
password 123456
login local
!
end
-----------------------------------------------------------
các bác xem giúp với mình vẫn không thấy duọc IKE connect voi Malayxia!
pix và router cấu hình site to site đuọc không? ngoài ra mình còn có cách nào config router và pix không?
các bác giúp mình với!
mình có mô hình mạng config VPN
Pix <-> internet <-> Router
-------------------------------------------
Cấu hình của Pix
----------------------------------------------
access-list out_vpn permit ip 10.20.0.0 255.255.0.0 10.16.0.0 255.255.0.0
nat (inside) 0 access-list out_vpn
sysopt connection permit-ipsec
isakmp key vietnam address 210.245.4.1 netmask 255.255.255.255
crypto ipsec transform-set tovietnam esp-des esp-md5-hmac
crypto map tovietnam 40 ipsec-isakmp
crypto map tovietnam 40 match address out_vpn
crypto map tovietnam 40 set peer 210.245.4.1
crypto map tovietnam 40 set transform-set tovietnam
crypto map tovietnam interface outside
isakmp enable outside
isakmp policy 40 authentication pre-share
isakmp policy 40 encryption des
isakmp policy 40 hash md5
isakmp policy 40 group 2
isakmp policy 40 lifetime 86400
----------------------------------------------
cau hinh Router (mình sài Megabiz)
đường này mình cho sử dụng internet và làm VPN luôn
------------------------------------------------
Current configuration : 2743 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname VPN-tomalayxia
!
enable secret 123456.
enable password 123456
!
username dumex password 123456
ip subnet-zero
!
!
!
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
!
!
!
crypto isakmp policy 40
hash md5
group 2
crypto isakmp key vietnam address 203.142.25.10
!
!
crypto ipsec transform-set to-malayxia esp-des esp-md5-hmac
!
crypto map vpn 40 ipsec-isakmp
set peer 203.142.25.10
set transform-set to-malayxia
match address 111
!
!
!
!
interface Ethernet0
no ip address
half-duplex
pppoe enable
pppoe-client dial-pool-number 1
!
interface FastEthernet0
ip address 10.16.1.1 255.255.0.0
ip nat inside
speed auto
!
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
!
interface Dialer1
mtu 1492
ip address negotiated
ip nat outside
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer idle-timeout 180 either
dialer hold-queue 100
dialer-group 1
ppp pap sent-username dsl-046868-86 password 4265311332
crypto map vpn
!
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source route-map nonat pool to-malay overload
ip nat inside source static 10.16.1.6 210.245.4.2
ip nat inside source static 10.16.1.12 210.245.4.3
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
ip http authentication local
!
!
access-list 1 permit 10.16.0.0 0.0.255.255
access-list 111 permit ip 10.16.0.0 0.0.255.255 10.20.0.0 0.0.255.255
!
route-map nonat permit 10
match ip address 111
!
snmp-server community public RO
snmp-server enable traps tty
!
line con 0
password 123456
login
line aux 0
line vty 0 4
password 123456
login local
!
end
-----------------------------------------------------------
các bác xem giúp với mình vẫn không thấy duọc IKE connect voi Malayxia!
pix và router cấu hình site to site đuọc không? ngoài ra mình còn có cách nào config router và pix không?