Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Will this config work?

I am about to program my pix 501 to allow vpn to our private network. I plan on plugging the pix directly into the switch where all of the networked pc's are located. The pc's addresses are 192.168.1.X. Of course I will have to re-enter everyone's default gateway to the inside address of the pix. Please review the following code to see if it would work. Thanks in advance.

PIX Version 6.1(3)

nameif ethernet0 ouside security0

nameif ethernet1 inside security100

enable password ************************

passwd **************************

hostname *********

domain-name cisco.com

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 1720

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000

names

access-list 100 permit ip 192.168.1.0 255.255.255.0 192.168.1.0 255.255.255.0

pager lines 24

interface ethernet0 10baset

interface ehternet1 10full

mtu outside 1500

mtu inside 1500

ip address outside X.X.X.X

ip address inside 192.168.1.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

ip local pool vpn 192.168.1.50-192.168.1.55

no pdm history enable

arp timeout 14400

global (oustide) 1 interface

nat (inside) 0 access-list 100

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

route outside 0.0.0.0 0.0.0.0 X.X.X.X 1

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si

p 0:30:00 sip_media 0:2:00

timeout uauth 0:5:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

http server enable

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt connection permit-ipsec

sysopt conneciton permit-pptp

no sysopt route dnat

telnet 192.168.1.0 255.255.255.0

telnet timeout 5

ssh timeout 5

vpdn group 1 accept dialin pptp

vpdn group 1 ppp authentication pap

vpdn group 1 ppp authentication mschap

vpdn group 1 ppp encryption mppe auto

vpdn group 1 client configuration address local vpn

vpdn group 1 pptp echo 60

vpdn group 1 client authentication local

vpdn username ************* password *************

vpdn enable outside

terminal width 80

1 REPLY
Cisco Employee

Re: Will this config work?

Looks OK except for a few typos:

1) nameif ethernet0 ouside security0 ; "ouside" should be " outside"

2)global (oustide) 1 interface ; "oustide" should be " outside"

Give it a run.

Nelson

103
Views
0
Helpful
1
Replies
CreatePlease to create content