04-22-2007 10:50 PM - edited 02-21-2020 02:59 PM
Dear All,
Please find below the entries i found in the script of pix 515E alogwith the site-to-site vpn config. Could u explain what this entries are meant for?
I could not understand it.
#ip local pool vpn-dynamic 20.x.x.1-20.20.1-254
#crypto dynamic-map dyn 20 set pfs group2
#crypto dynamic-map dyn 20 set transform-set dynamic-3des
#crypto map dyn 20 ip-sec-isakmp dynamic vpn
#crypto map dyn client configuration address initiate
#crypto map dyn client configuration address respond
#crypto map dyn client authentication radius
#crypto map dyn interface outside
i need to know what the above entriesare?
swami
04-23-2007 08:45 AM
Here a short explanation for every rule, you can goole/search for more specific answers. Everything can be found on the Cisco website :)
#ip local pool vpn-dynamic 20.20.1.1-20.20.1-254
--> This is a pool of addresses which are available for users who dial in via remote access vpn
#crypto dynamic-map dyn 20 set pfs group2
--> This enables the Perfect Forwarding Secrecy option
#crypto dynamic-map dyn 20 set transform-set dynamic-3des
--> Assigns a transformset to a dynamic map
#crypto map dyn 20 ip-sec-isakmp dynamic vpn
--> links the dynamic map to the ipsec/isakmp protocol and assigns it a priority number (20)
#crypto map dyn client configuration address initiate
#crypto map dyn client configuration address respond
--> These two rules make sure the Pix handles remote access vpn requests
#crypto map dyn client authentication radius
--> This says that the authentication will be handled by a RADIUS server, this server is configured somewhere else in the configuration with the aaa-server commands.
#crypto map dyn interface outside
--> Places the crypto map to the outside interface, so the pix starts waiting for vpn client
All the commands you posted can be found in the following document, decribing how to configura a Pix for VPN Cliens with RADIUS authentication:
Please rate if the posts helps!
Regards,
Michael
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide