Hiện tại Minh đang cấu hình PIX515E dùng VPN site-to-site qua Hà Lan. Bây giờ muốn đồng thời cấu hình cho nó la VPN server cho các VPN client Remote Access. Xác thực trên PIX 515 luôn.

phần mình cấu hình cho site-to-site như sau:
sysopt connection permit-ipsec
no sysopt route dnat
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto map outside_map 20 ipsec-isakmp
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set peer 194.104.95.2
crypto map outside_map 20 set transform-set ESP-DES-SHA
crypto map outside_map 20 set security-association lifetime seconds
3600 kilobyt
es 50000
crypto map outside_map interface outside
isakmp enable outside
isakmp key ******** address 194.104.95.2 netmask 255.255.255.252
no-xauth no-con
fig-mode
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
telnet timeout 5

..........
bây giờ nếu cấu hình thêm phần VPN server cho các VPN client remote access thì làm thế nào. xin các sư phụ chỉ giúp em với.

tranhaiminh,

Bạn thử xem link này:

http://vnpro.org/forum/viewtopic.php?t=1025

cheers,

Neu dung VPN su dung mIcorsoft thi lam nhu sau :
sysopt connection permit-pptp
vpdn group PPTP-VPDN-GROUP accept dialin pptp
vpdn group PPTP-VPDN-GROUP ppp authentication pap
vpdn group PPTP-VPDN-GROUP ppp authentication chap
vpdn group PPTP-VPDN-GROUP ppp authentication mschap
vpdn group PPTP-VPDN-GROUP ppp encryption mppe auto required
vpdn group PPTP-VPDN-GROUP client configuration address local vpn_pool
vpdn group PPTP-VPDN-GROUP pptp echo 60
vpdn group PPTP-VPDN-GROUP client authentication local
vpdn username cisco password *********
vpdn enable outside

Neu dung cua Cisco VPN thi lam nhu sau:

sysopt connection permit-ipsec
no sysopt route dnat
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
isakmp enable outside
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
vpngroup cisco_vpn address-pool vpn_pool
vpngroup cisco_vpn idle-time 1800
vpngroup cisco_vpn password ********

Tat nhien con may lenh Access-list nua. tuy thuoc vao dia chi mang cua ban ma config.