您所在的位置:cisco专区 > 思科技术 > PIX 7.0 dynamic VPN using Digital Certificate with Split Tunnel

PIX 7.0 dynamic VPN using Digital Certificate with Split Tunnel

2006-06-30 10:23 y7975 net130.com论坛 字号:T | T
一键收藏,随时查看,分享好友!

PIX 7.0 dynamic VPN using Digital Certificate with Split Tunnel

AD:

PIX Version 7.0(1) 
names
!
interface Ethernet0
nameif outside
security-level 0
ip address 172.29.6.1 255.255.255.0
!
interface Ethernet1
nameif inside
security-level 100
ip address 172.29.131.1 255.255.255.0
!
interface Ethernet2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet3
shutdown
no nameif
no security-level
no ip address
!
enable password 90RBsEWodTGO2XFL encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname pix
domain-name test.com
ftp mode passive
access-list nonat extended permit ip 172.29.131.0 255.255.255.0 10.1.1.0 255.255.255.0
access-list split standard permit 172.29.131.0 255.255.255.0
pager lines 24
logging console debugging
mtu outside 1500
mtu inside 1500
ip local pool testpool 10.1.1.1-10.1.1.15
no failover
monitor-interface outside
monitor-interface inside
no asdm history enable
arp timeout 14400
nat (inside) 0 access-list nonat
route outside 172.29.0.0 255.255.0.0 172.29.6.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
group-policy test internal
group-policy test attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split
username peter password eiLX8yKuiZqgo6C8 encrypted
username tcytech password HTEt2RXRBqicQQ2g encrypted
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp
crypto ipsec transform-set test esp-aes esp-sha-hmac
crypto dynamic-map mymap 10 set transform-set test
crypto map test 10 ipsec-isakmp dynamic mymap
crypto map test interface outside
crypto ca trustpoint test
enrollment url http://172.29.1.154:80/certsrv/mscep/mscep.dll
crl configure
crypto ca certificate chain test
certificate 15baa55d000000000005
308204f5 308203dd a0030201 02020a15 baa55d00 00000000 05300d06 092a8648
86f70d01 01050500 30273113 3011060a 09922689 93f22c64 01191603 69747331
10300e06 03550403 1307736e 6f6f7079 32301e17 0d303530 35313731 39323432
325a170d 30363035 31373139 33343232 5a301d31 1b301906 092a8648 86f70d01
0902130c 7069782e 74657374 2e636f6d 30819f30 0d06092a 864886f7 0d010101
05000381 8d003081 89028181 00ca0fa8 57b56df5 0c6ddb8b d8087b75 7bda105b
a83928f1 a7b69d82 e925f636 ae497fba 149222f8 54554ad6 f3c92539 49eb330b
b5003205 f88b24fa fcff71fd bb15a3b4 79062840 9c48411e c029a490 744fef81
d5ec85f7 dede424f 5fd4d9a7 debfef9e 953d1ced 1215df3f 34e290b2 598078be
298754a9 c4acc420 c56a719e 9b020301 0001a382 02af3082 02ab300b 0603551d
0f040403 0205a030 17060355 1d110410 300e820c 7069782e 74657374 2e636f6d
301d0603 551d0e04 1604146a d9d20c34 cac5131b 206f29d9 1aee0844 30a2b530
1f060355 1d230418 30168014 1c28175f d3292d4d 4acc4093 4ac5c5ab 45e5734d
3081f606 03551d1f 0481ee30 81eb3081 e8a081e5 a081e286 81ad6c64 61703a2f
2f2f434e 3d736e6f 6f707932 2c434e3d 4e595044 434c4153 532c434e 3d434450
2c434e3d 5075626c 69632532 304b6579 25323053 65727669 6365732c 434e3d53
65727669 6365732c 434e3d43 6f6e6669 67757261 74696f6e 2c44433d 4e595044
2c44433d 4c4f433f 63657274 69666963 61746552 65766f63 6174696f 6e4c6973
743f6261 73653f6f 626a6563 74436c61 73733d63 524c4469 73747269 62757469
6f6e506f 696e7486 30687474 703a2f2f 6e797064 636c6173 732e6e79 70642e6c
6f632f43 65727445 6e726f6c 6c2f736e 6f6f7079 322e6372 6c308201 0706082b
06010505 07010104 81fa3081 f73081a3 06082b06 01050507 30028681 966c6461
703a2f2f 2f434e3d 736e6f6f 7079322c 434e3d41 49412c43 4e3d5075 626c6963
2532304b 65792532 30536572 76696365 732c434e 3d536572 76696365 732c434e
3d436f6e 66696775 72617469 6f6e2c44 433d4e59 50442c44 433d4c4f 433f6341
43657274 69666963 6174653f 62617365 3f6f626a 65637443 6c617373 3d636572
74696669 63617469 6f6e4175 74686f72 69747930 4f06082b 06010505 07300286
43687474 703a2f2f 6e797064 636c6173 732e6e79 70642e6c 6f632f43 65727445
6e726f6c 6c2f4e59 5044434c 4153532e 4e595044 2e4c4f43 5f736e6f 6f707932
2e637274 303f0609 2b060104 01823714 0204321e 30004900 50005300 45004300
49006e00 74006500 72006d00 65006400 69006100 74006500 4f006600 66006c00
69006e00 65300d06 092a8648 86f70d01 01050500 03820101 00a96509 440798ef
20746741 38376e48 8d8f40a1 97c23ff4 bf044b1d ccb62426 4914d7a5 873d1cfd
429fbee6 6404b25d 355f7232 da63f3c4 f34e84ad 6a47c50a c00d5c0d 9d5dac9c
829c9e53 82891959 1879592c a479781f 00f8e008 7875a9a9 e22fd798 e50b2d1d
40ecba85 4f9f15c1 35cb5913 1443eba4 798d7e1f f4fb60f5 a295b2c9 7607363c
8fca8756 4879dbb7 713c5f8d 04fac683 619d83b5 e8790f01 2597be32 ddc0b162
d1977c5d de7905d3 d80976fe c0ac653c a41b75f5 73ed9d2a b861f8e7 620fe947
8d7e6e83 5c176918 473461b8 612d2f2c f7ad2dbd 33a97bea b0e22848 8126169f
9cb1494c 53dcd4cd bc3f95df 56fb3e95 050f10e6 e52c7024 56
quit
certificate ca 1e5f511f372ca7a74a4b8bafefb047cc
30820426 3082030e a0030201 0202101e 5f511f37 2ca7a74a 4b8bafef b047cc30
0d06092a 864886f7 0d010105 05003027 31133011 060a0992 268993f2 2c640119
16036974 73311030 0e060355 04031307 736e6f6f 70793230 1e170d30 35303531
36323335 3635365a 170d3130 30353137 30303034 30385a30 27311330 11060a09
92268993 f22c6401 19160369 74733110 300e0603 55040313 07736e6f 6f707932
30820122 300d0609 2a864886 f70d0101 01050003 82010f00 3082010a 02820101
00bc2318 2d7bff9d 314da6c1 19907da7 f03fecfe af0dd894 d41b64b1 3349511b
bfee3694 4784526c 4949afaa 0766b1ca 357e317b 4840b72b 86a2a7ed 36c9c35a
13b5c9f1 e089fd69 cb259fd6 5f0bfbf6 f7f677dd 9f93c2aa 1e8fd275 c4e6ea1c
d96ef32c 2a68380c ef43cb33 83ef9ff8 94004aa0 b3c623c7 70134326 11322ee9
b0b1281b f827e6bf 861a1700 e5f89934 adb64cb0 4f59f613 30cb45c8 737702ea
d4b287cc 58c22376 f4700681 1b2fe321 5bdc63eb 362670b5 7bf8f864 9642c8a6
5d94f960 ccdd89af b2185bb7 deeaaca5 3af34d0d 70a337f3 8156e135 16f68506
18602bcb b3276b02 375feef3 160da22a b42ba088 711b30aa 074d1ee1 a7327f9f
4b020301 0001a382 014c3082 0148300b 0603551d 0f040403 02018630 0f060355
1d130101 ff040530 030101ff 301d0603 551d0e04 1604141c 28175fd3 292d4d4a
cc40934a c5c5ab45 e5734d30 81f60603 551d1f04 81ee3081 eb3081e8 a081e5a0
81e28681 ad6c6461 703a2f2f 2f434e3d 736e6f6f 7079322c 434e3d4e 59504443
4c415353 2c434e3d 4344502c 434e3d50 75626c69 63253230 4b657925 32305365
72766963 65732c43 4e3d5365 72766963 65732c43 4e3d436f 6e666967 75726174
696f6e2c 44433d4e 5950442c 44433d4c 4f433f63 65727469 66696361 74655265
766f6361 74696f6e 4c697374 3f626173 653f6f62 6a656374 436c6173 733d6352
4c446973 74726962 7574696f 6e506f69 6e748630 68747470 3a2f2f6e 79706463
6c617373 2e6e7970 642e6c6f 632f4365 7274456e 726f6c6c 2f736e6f 6f707932
2e63726c 30100609 2b060104 01823715 01040302 0100300d 06092a86 4886f70d
01010505 00038201 0100b7ff 7c4aec88 5a9372d6 6ad4a038 5e482317 c0f944ab
726ed287 3f7ee51c ae19e1d7 3db46113 53244af1 03c1aa99 f5584494 38620398
ce617b42 364bf715 2b320356 1805e010 c00cbbdc 5b39902a e43a7792 886afb9c
aa52e46f aae4b409 8e4bf00f 70f3bc4a cd2c2c35 b0f2d74a b8cf7b5a d122ca77
7812a537 5a84ac91 143fc996 9d087fd5 a50bd5a0 a27b5bde 7cb5a2cf 592df5ac
0ed625b2 4b3e9e7c 410ceca6 f51832d6 97e78233 d4b79f96 4da84393 0bef3fcf
5e53154d 84b727ee 30a23eb4 c6a13221 7cde7323 9c000c87 b59fdc8a ab2b2db1
81476857 07d4968d 900209fd b0ea7cf4 e4ca3dd9 26795d01 bfc9bd4f fb7f35f2
7e8c3d59 8e69fb5e 3077
quit
isakmp enable outside
isakmp policy 20 authentication rsa-sig
isakmp policy 20 encryption aes
isakmp policy 20 hash sha
isakmp policy 20 group 2
isakmp policy 20 lifetime 3600
isakmp policy 65535 authentication pre-share
isakmp policy 65535 encryption 3des
isakmp policy 65535 hash sha
isakmp policy 65535 group 2
isakmp policy 65535 lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
tunnel-group test type ipsec-ra
tunnel-group test general-attributes
address-pool testpool
default-group-policy test
tunnel-group test ipsec-attributes
trust-point test
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
 
(责任编辑: 51CTO.com TEL:010-68476606)



分享到:

栏目热门

更多>>

  • 关注 锐捷智慧小镇E日游
  • 随着云计算、物联网、大数据、移动互联网的大发展,你应该知道这些。
  1. 5G 速度已经逆天,6G网络要来了?
  2. 教你几招提高无线路由器的安全性-再也不用担心蹭网了

热点职位

更多>>

热点专题

更多>>

读书

用户体验要素
本书是AJAX之父的经典之作。本书用简洁的语言系统化地诠释了设计、技术和商业融合是最重要的发展趋势。全书共8章,包括关于用户

51CTO旗下网站

领先的IT技术网站 51CTO 中国首个CIO网站 CIOage 中国首家数字医疗网站 HC3i 51CTO学院 区块链第一聚合媒体 zhijiapro