Pagina 1 di 1
Script per VPN L2L IPSec su PIX\ASA 7-8
Inviato: mer 16 lug , 2008 9:17 am
da Wizard
Codice: Seleziona tutto
crypto isakmp enable OUTSIDE
access-list INSIDE_NAT0 line 1 extended permit ip 172.26.65.0 255.255.255.0 192.168.0.0 255.255.255.0
access-list OUTSIDE_20_cryptomap line 1 extended permit ip 172.26.65.0 255.255.255.0 192.168.0.0 255.255.255.0
tunnel-group 1.1.1.1 type ipsec-l2l
tunnel-group 1.1.1.1 ipsec-attributes
pre-shared-key l2l10xhtw%
isakmp keepalive threshold 10 retry 2
crypto isakmp policy 10 authen pre-share
crypto isakmp policy 10 encrypt 3des
crypto isakmp policy 10 hash md5
crypto isakmp policy 10 group 2
crypto isakmp policy 10 lifetime 86400
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto map OUTSIDE_map 20 match address OUTSIDE_20_cryptomap
crypto map OUTSIDE_map 20 set pfs group2
crypto map OUTSIDE_map 20 set peer 1.1.1.1
crypto map OUTSIDE_map 20 set transform-set ESP-3DES-MD5
crypto map OUTSIDE_map interface OUTSIDE
nat (INSIDE) 0 access-list INSIDE_NAT0 tcp 0 0 udp 0
Inviato: lun 29 set , 2008 3:50 pm
da luca.prina
Ciao a tutti.
Ho usato lo script di wizard per realizzare una vpn tra un ASA 8 e un PIX 6.3 .. sperando di fare cosa gradita allego lo script lato PIX
Codice: Seleziona tutto
crypto isakmp enable outside
access-list NoNat_Inside permit ip LOCAL_LAN REMOTE_LAN
access-list outside_cryptomap_20 permit ip LOCAL_LAN REMOTE_LAN
nat (inside) 0 access-list NoNat_Inside
crypto map outside_map 20 ipsec-isakmp
crypto map outside_map 20 set peer 88.xx.yy.zz
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set transform-set ESP-3DES-MD5
crypto map outside_map 20 set security-association lifetime seconds 28800 kilobytes 4608000
crypto map outside_map interface outside
isakmp enable outside
isakmp key SECRET_KEY address 88.xx.yy.zz netmask 255.255.255.255
isakmp nat-traversal 20
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
sysopt connection permit-ipsec
saluti
Luca
Re: Script per VPN L2L IPSec su PIX\ASA 7-8
Inviato: mar 20 nov , 2012 7:53 am
da mimmo85
Ciao mi potete dire le parti del primo script da omettere in caso devo fare una terza VPN, o meglio, sul terzo asa eseguo lo script, mentre sul primo gia in vpn con un altro che parti devo omettere?
grazie