/
Forside
/
Teknologi
/
Netværk
/
TCP/IP
/
Nyhedsindlæg
Login
Glemt dit kodeord?
Brugernavn
*
Kodeord
*
Husk mig
Brugerservice
Kom godt i gang
Bliv medlem
Seneste indlæg
Find en bruger
Stil et spørgsmål
Skriv et tip
Fortæl en ven
Pointsystemet
Kontakt Kandu.dk
Emnevisning
Kategorier
Alfabetisk
Karriere
Interesser
Teknologi
Reklame
Top 10 brugere
TCP/IP
#
Navn
Point
1
Per.Frede..
4668
2
BjarneD
4017
3
severino
2804
4
pallebhan..
1680
5
EXTERMINA..
1525
6
xou
1455
7
strarup
1430
8
Manse9933
1419
9
o.v.n.
1400
10
Fijala
1204
PIX to PIX VPN tunnel ?
Fra :
Brian Ipsen
Dato :
08-10-03 09:17
Hej!
Jeg forsøger at få en VPN tunnel op at køre mellem 2 PIX'er,,, men når man
laver ping fra en maskine (192.168.19.34) på site 1 til site 2 skriver site
1 pix'en på konsollen: IPSEC(sa_initiate): ACL = deny; no sa created
Site1 Pix (har 192.168.19.1 på inside):
access-list 110 permit ip host 192.168.19.34 host 192.168.1.2
access-list 110 permit ip host 192.168.19.34 host 192.168.1.3
access-list 110 permit ip host 192.168.19.34 host 192.168.2.2
access-list 100 permit ip host 192.168.19.34 host 192.168.1.2
access-list 100 permit ip host 192.168.19.34 host 192.168.1.3
access-list 100 permit ip host 192.168.19.34 host 192.168.2.2
nat (inside) 0 access-list 110
sysopt connection permit-ipsec
crypto ipsec transform-set vpnset esp-3des esp-sha-hmac
crypto map mymap 5 ipsec-isakmp
crypto map mymap 5 match address 100
crypto map mymap 5 set peer W.X.Y.Z
crypto map mymap 5 set transform-set vpnset
crypto map mymap interface outside
isakmp enable outside
isakmp key ******** address W.X.Y.Z netmask 255.255.255.255
isakmp identity address
isakmp nat-traversal 20
isakmp policy 5 authentication pre-share
isakmp policy 5 encryption 3des
isakmp policy 5 hash sha
isakmp policy 5 group 2
isakmp policy 5 lifetime 28800
Site2 Pix (har 192.168.1.1 på DMZ og 192.168.2.1 på inside):
access-list 100 line 1 permit ip host 192.168.1.2 host 172.21.19.34
access-list 100 line 2 permit ip host 192.168.1.3 host 172.21.19.34
access-list 100 line 3 permit ip host 192.168.2.2 host 172.21.19.34
access-list dmz_nonat permit ip host 192.168.1.2 host 192.168.19.34
access-list dmz_nonat permit ip host 192.168.1.3 host 192.168.19.34
access-list inside_nonat permit ip host 192.168.2.2 host 192.168.19.34
nat (inside) 0 access-list inside_nonat
nat (dmz) 0 access-list dmz_nonat
sysopt connection permit-ipsec
crypto ipsec transform-set vpnset esp-3des esp-sha-hmac
crypto map mymap 5 ipsec-isakmp
crypto map mymap 5 match address 100
crypto map mymap 5 set peer A.B.C.D
crypto map mymap 5 set transform-set vpnset
crypto map mymap interface outside
isakmp enable outside
isakmp key ******** address A.B.C.D netmask 255.255.255.255
isakmp identity address
isakmp nat-traversal 20
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 28800
Hvorfor får jeg den fejl på oprettelse af tunellen ?
/Brian
Brian Ipsen (
08-10-2003
)
Kommentar
Fra :
Brian Ipsen
Dato :
08-10-03 09:36
"Brian Ipsen" <bipsen@andebakken.dk> wrote in message
news:3f83c824$0$13209$edfadb0f@dread15.news.tele.dk...
> Site2 Pix (har 192.168.1.1 på DMZ og 192.168.2.1 på inside):
> access-list 100 line 1 permit ip host 192.168.1.2 host 172.21.19.34
> access-list 100 line 2 permit ip host 192.168.1.3 host 172.21.19.34
> access-list 100 line 3 permit ip host 192.168.2.2 host 172.21.19.34
Skulle have været (er det også i pix'en) - blot en trykfejl fra min side:
access-list 100 line 1 permit ip host 192.168.1.2 host 192.168.19.34
access-list 100 line 2 permit ip host 192.168.1.3 host 192.168.19.34
access-list 100 line 3 permit ip host 192.168.2.2 host 192.168.19.34
/Brian
Søg
Alle emner
Teknologi
Netværk
TCP/IP
Indstillinger
Spørgsmål
Tips
Usenet
Reklame
Statistik
Spørgsmål :
177560
Tips :
31968
Nyheder :
719565
Indlæg :
6408946
Brugere :
218888
Månedens bedste
Årets bedste
Sidste års bedste
Copyright © 2000-2024 kandu.dk. Alle rettigheder forbeholdes.