How do I configure a Pix & a Zywall to build an IPSec Tunnel VPN FAQ

republican-creole			Search:
	login · register

FAQs

how-to block ads

	Search for: in all FAQs
All FAQs » VPN FAQ » 500. Miscellaneous Info » 8375


How do I configure a Pix & a Zywall to build an IPSec Tunnel (#8375)
The network layout, Lan 192.168.0.0 is connected to the Zywall. Lan 192.168.1.0 is connected to the Pix with a pool of public addresses x.x.x.192 /26 between it and a 1720 router. The Pix config. nameif ethernet0 outside security0 nameif ethernet1 inside security100 access-list To-Internet permit ip 192.168.1.0 255.255.255.0 any access-list To-Internet permit ip 192.168.2.0 255.255.255.0 any access-list To-Internet permit icmp any any access-list From-Internet permit tcp any host x.x.x.196 eq smtp access-list From-Internet permit icmp any x.x.x.192 255.255.255.192 echo access-list From-Internet permit icmp any x.x.x.192 255.255.255.192 echo-reply access-list From-Internet permit icmp any x.x.x.192 255.255.255.192 unreachable access-list From-Internet permit icmp any x.x.x.192 255.255.255.192 time-exceeded access-list NoNAT permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list NoNAT permit ip 192.168.1.0 255.255.255.0 192.168.0.0 255.255.255.0 access-list 110 permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0 //iS this necessary? access-list to-internet permit icmp any any ip address outside x.x.x.194 255.255.255.192 ip address inside 192.168.1.25 255.255.255.0 ip audit info action alarm reset ip audit attack action alarm reset ip local pool NONATippool 192.168.2.1-192.168.2.254 global (outside) 1 x.x.x.251 nat (inside) 0 access-list NoNAT nat (inside) 1 192.168.1.0 255.255.255.0 0 0 static (inside,outside) x.x.x.196 192.168.1.1 netmask 255.255.255.255 0 0 access-group From-Internet in interface outside access-group To-Internet in interface inside route outside 0.0.0.0 0.0.0.0 x.x.x.193 1 timeout xlate 1:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute sysopt connection permit-ipsec sysopt connection permit-pptp no sysopt route dnat crypto ipsec transform-set MyCOTransf esp-3des esp-md5-hmac crypto dynamic-map MYCOdynmap 10 set transform-set MYCOTransf crypto map MYCOmap 10 ipsec-isakmp dynamic MYCOdynmap crypto map MYCOmap client configuration address initiate crypto map MYCOmap client configuration address respond crypto map MYCOmap interface outside isakmp enable outside isakmp key ****** address 0.0.0.0 netmask 0.0.0.0 no-xauth no-config-mode isakmp identity address isakmp client configuration address-pool local MYCOippool outside isakmp policy 10 authentication pre-share isakmp policy 10 encryption 3des isakmp policy 10 hash md5 isakmp policy 10 group 2 isakmp policy 10 lifetime 28800 vpngroup MYCOvpn address-pool NONATippool vpngroup MYCOvpn dns-server 205.171.3.65 vpngroup MYCOvpn wins-server 192.168.1.1 vpngroup MYCOvpn default-domain MYCOMPANY.com vpngroup MYCOvpn idle-time 1800 vpngroup MYCOvpn password **** vpngroup MYCO address-pool NONATippool vpngroup MYCO dns-server 192.168.1.1 205.171.3.65 vpngroup MYCO wins-server 192.168.1.1 vpngroup MYCO default-domain MYCO.com vpngroup MYCO idle-time 1800 vpngroup MYCO password **** telnet 192.168.2.0 255.255.255.0 outside telnet 192.168.1.0 255.255.255.0 inside vpdn group 1 accept dialin pptp vpdn group 1 ppp authentication pap vpdn group 1 ppp authentication chap vpdn group 1 ppp authentication mschap vpdn group 1 client configuration address local NONATippool vpdn group 1 pptp echo 60 vpdn group 1 client authentication local vpdn username xxxx password xxxx vpdn username yyyy password yyyyy vpdn username zzzz password zzzzz vpdn enable outside terminal width 80 Cryptochecksum: : end [OK] MYCOFW# exit The Zywall config. Menu 27.1.1 - IPSec Setup Index #= 1 Name= Work Active= Yes Keep Alive= Yes Nat Traversal= No Local ID type= IP Content= My IP Addr= 0.0.0.0 Peer ID type= IP Content= x.x.x.194 Secure Gateway Address= x.x.x.194 Protocol= 17 Local: Addr Type= SUBNET IP Addr Start= 192.168.0.0 End/Subnet Mask= 255.255.255.0 Port Start= 0 End= N/A Remote: Addr Type= SUBNET IP Addr Start= 192.168.1.0 End/Subnet Mask= 255.255.255.0 Port Start= 0 End= N/A Enable Replay Detection= Yes Key Management= IKE Menu 27.1.1.1 - IKE Setup Phase 1 Negotiation Mode= Main PSK= ****** Encryption Algorithm= 3DES Authentication Algorithm= MD5 SA Life Time (Seconds)= 28800 Key Group= DH2 Phase 2 Active Protocol= ESP Encryption Algorithm= 3DES Authentication Algorithm= MD5 SA Life Time (Seconds)= 28800 Encapsulation= Tunnel Perfect Forward Secrecy (PFS)= None show feedback form


Thursday, 24-Jul 04:11:31	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact 8th year online! © 1999-2008 dslreports.com.

All FAQs » VPN FAQ » 500. Miscellaneous Info » 8375

How do I configure a Pix & a Zywall to build an IPSec Tunnel (#8375)