500. Miscellaneous Info VPN FAQ

			Search:
	login · register

FAQs

how-to block ads

	Search for: in all FAQs
All FAQs » VPN FAQ » 500. Miscellaneous Info
FAQ Revisions	Editors: KeysCapt , DrTCP , SYNACK , jazzman916 Last modified on 2007-09-10 13:50:55 view: single page · printable

500. Miscellaneous Info ·How do I configure a Pix & a Zywall to build an IPSec Tunnel ·Can I use VPN with dynamic IP and Win2K? ·How can I verify that VPN is not blocked?
How do I configure a Pix & a Zywall to build an IPSec Tunnel (#8375)
The network layout, Lan 192.168.0.0 is connected to the Zywall. Lan 192.168.1.0 is connected to the Pix with a pool of public addresses x.x.x.192 /26 between it and a 1720 router. The Pix config. nameif ethernet0 outside security0 nameif ethernet1 inside security100 access-list To-Internet permit ip 192.168.1.0 255.255.255.0 any access-list To-Internet permit ip 192.168.2.0 255.255.255.0 any access-list To-Internet permit icmp any any access-list From-Internet permit tcp any host x.x.x.196 eq smtp access-list From-Internet permit icmp any x.x.x.192 255.255.255.192 echo access-list From-Internet permit icmp any x.x.x.192 255.255.255.192 echo-reply access-list From-Internet permit icmp any x.x.x.192 255.255.255.192 unreachable access-list From-Internet permit icmp any x.x.x.192 255.255.255.192 time-exceeded access-list NoNAT permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list NoNAT permit ip 192.168.1.0 255.255.255.0 192.168.0.0 255.255.255.0 access-list 110 permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0 //iS this necessary? access-list to-internet permit icmp any any ip address outside x.x.x.194 255.255.255.192 ip address inside 192.168.1.25 255.255.255.0 ip audit info action alarm reset ip audit attack action alarm reset ip local pool NONATippool 192.168.2.1-192.168.2.254 global (outside) 1 x.x.x.251 nat (inside) 0 access-list NoNAT nat (inside) 1 192.168.1.0 255.255.255.0 0 0 static (inside,outside) x.x.x.196 192.168.1.1 netmask 255.255.255.255 0 0 access-group From-Internet in interface outside access-group To-Internet in interface inside route outside 0.0.0.0 0.0.0.0 x.x.x.193 1 timeout xlate 1:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute sysopt connection permit-ipsec sysopt connection permit-pptp no sysopt route dnat crypto ipsec transform-set MyCOTransf esp-3des esp-md5-hmac crypto dynamic-map MYCOdynmap 10 set transform-set MYCOTransf crypto map MYCOmap 10 ipsec-isakmp dynamic MYCOdynmap crypto map MYCOmap client configuration address initiate crypto map MYCOmap client configuration address respond crypto map MYCOmap interface outside isakmp enable outside isakmp key ****** address 0.0.0.0 netmask 0.0.0.0 no-xauth no-config-mode isakmp identity address isakmp client configuration address-pool local MYCOippool outside isakmp policy 10 authentication pre-share isakmp policy 10 encryption 3des isakmp policy 10 hash md5 isakmp policy 10 group 2 isakmp policy 10 lifetime 28800 vpngroup MYCOvpn address-pool NONATippool vpngroup MYCOvpn dns-server 205.171.3.65 vpngroup MYCOvpn wins-server 192.168.1.1 vpngroup MYCOvpn default-domain MYCOMPANY.com vpngroup MYCOvpn idle-time 1800 vpngroup MYCOvpn password **** vpngroup MYCO address-pool NONATippool vpngroup MYCO dns-server 192.168.1.1 205.171.3.65 vpngroup MYCO wins-server 192.168.1.1 vpngroup MYCO default-domain MYCO.com vpngroup MYCO idle-time 1800 vpngroup MYCO password **** telnet 192.168.2.0 255.255.255.0 outside telnet 192.168.1.0 255.255.255.0 inside vpdn group 1 accept dialin pptp vpdn group 1 ppp authentication pap vpdn group 1 ppp authentication chap vpdn group 1 ppp authentication mschap vpdn group 1 client configuration address local NONATippool vpdn group 1 pptp echo 60 vpdn group 1 client authentication local vpdn username xxxx password xxxx vpdn username yyyy password yyyyy vpdn username zzzz password zzzzz vpdn enable outside terminal width 80 Cryptochecksum: : end [OK] MYCOFW# exit The Zywall config. Menu 27.1.1 - IPSec Setup Index #= 1 Name= Work Active= Yes Keep Alive= Yes Nat Traversal= No Local ID type= IP Content= My IP Addr= 0.0.0.0 Peer ID type= IP Content= x.x.x.194 Secure Gateway Address= x.x.x.194 Protocol= 17 Local: Addr Type= SUBNET IP Addr Start= 192.168.0.0 End/Subnet Mask= 255.255.255.0 Port Start= 0 End= N/A Remote: Addr Type= SUBNET IP Addr Start= 192.168.1.0 End/Subnet Mask= 255.255.255.0 Port Start= 0 End= N/A Enable Replay Detection= Yes Key Management= IKE Menu 27.1.1.1 - IKE Setup Phase 1 Negotiation Mode= Main PSK= ****** Encryption Algorithm= 3DES Authentication Algorithm= MD5 SA Life Time (Seconds)= 28800 Key Group= DH2 Phase 2 Active Protocol= ESP Encryption Algorithm= 3DES Authentication Algorithm= MD5 SA Life Time (Seconds)= 28800 Encapsulation= Tunnel Perfect Forward Secrecy (PFS)= None show feedback form
Can I use VPN with dynamic IP and Win2K? (#9122)
Im using an ADSL connection with Dynamic IP. Is it possible to setup a VPN server (eg WIn2000) using this type of connection? Yes. Dynamic DNS services such as »www.dyndns.org allow you to use a Domain Name - either your own or one they will allocate to you - in place of an IP address in your VPN setup. Set-up is simple. When a router wants to contact your router, a DNS look-up is performed and the current IP address for the remote router is provided. More on Dynamic IP and VPN here: »www.technopagan.org/dynamic/ In Win2K, go to My Network Places -> Properties -> Create a New Connection -> Accept Incoming Connections. In the dialog box for Devices for Incoming Connections, do not select any device. Click Next and check "Allow Private Connections", and then click Next again. In the dialog box for Allowed Users, select or add all users for whom you want to enable access. The accounts must exist on all computers that will be involved in establishing the VPN connection. In the New Connection Wizard, File and Printer Sharing for Microsoft Networks, Internet Protocol (TCP/IP) and Client for Microsoft Networks should all be enabled. "Allow callers to access my local area network" and "Assign TCP/IP address automatically using DHCP" are checked by default. To keep the default settings, just click Next. The "Incoming Connection" icon should then appear in My Network Places -> Properties and should be ready to use. show feedback form
How can I verify that VPN is not blocked? (#11596)
Check this Microsoft Article regarding some tools to verify that the network path for VPN is open. PPTP Ping referred in that article can be found here. show feedback form


Sunday, 20-Jul 07:12:03	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact 8th year online! © 1999-2008 dslreports.com.

All FAQs » VPN FAQ » 500. Miscellaneous Info

500. Miscellaneous Info

How do I configure a Pix & a Zywall to build an IPSec Tunnel (#8375)

Can I use VPN with dynamic IP and Win2K? (#9122)

How can I verify that VPN is not blocked? (#11596)