/
Forside
/
Teknologi
/
Netværk
/
TCP/IP
/
Nyhedsindlæg
Login
Brugernavn
*
Kodeord
*
Husk mig
Brugerservice
Kom godt i gang
Bliv medlem
Seneste indlæg
Stil et spørgsmål
Skriv et tip
Pointsystemet
Kontakt Kandu.dk
Emnevisning
Kategorier
Alfabetisk
Karriere
Interesser
Teknologi
Reklame
Top 10 brugere
TCP/IP
#
Navn
Point
1
Per.Frede..
4668
2
BjarneD
4017
3
severino
2804
4
pallebhan..
1680
5
EXTERMINA..
1525
6
xou
1455
7
strarup
1430
8
Manse9933
1419
9
o.v.n.
1400
10
Fijala
1204
PIX to PIX VPN tunnel ?
Fra :
Brian Ipsen
Dato :
08-10-03 09:17
Hej!
Jeg forsøger at få en VPN tunnel op at køre mellem 2 PIX'er,,, men når man
laver ping fra en maskine (192.168.19.34) på site 1 til site 2 skriver site
1 pix'en på konsollen: IPSEC(sa_initiate): ACL = deny; no sa created
Site1 Pix (har 192.168.19.1 på inside):
access-list 110 permit ip host 192.168.19.34 host 192.168.1.2
access-list 110 permit ip host 192.168.19.34 host 192.168.1.3
access-list 110 permit ip host 192.168.19.34 host 192.168.2.2
access-list 100 permit ip host 192.168.19.34 host 192.168.1.2
access-list 100 permit ip host 192.168.19.34 host 192.168.1.3
access-list 100 permit ip host 192.168.19.34 host 192.168.2.2
nat (inside) 0 access-list 110
sysopt connection permit-ipsec
crypto ipsec transform-set vpnset esp-3des esp-sha-hmac
crypto map mymap 5 ipsec-isakmp
crypto map mymap 5 match address 100
crypto map mymap 5 set peer W.X.Y.Z
crypto map mymap 5 set transform-set vpnset
crypto map mymap interface outside
isakmp enable outside
isakmp key ******** address W.X.Y.Z netmask 255.255.255.255
isakmp identity address
isakmp nat-traversal 20
isakmp policy 5 authentication pre-share
isakmp policy 5 encryption 3des
isakmp policy 5 hash sha
isakmp policy 5 group 2
isakmp policy 5 lifetime 28800
Site2 Pix (har 192.168.1.1 på DMZ og 192.168.2.1 på inside):
access-list 100 line 1 permit ip host 192.168.1.2 host 172.21.19.34
access-list 100 line 2 permit ip host 192.168.1.3 host 172.21.19.34
access-list 100 line 3 permit ip host 192.168.2.2 host 172.21.19.34
access-list dmz_nonat permit ip host 192.168.1.2 host 192.168.19.34
access-list dmz_nonat permit ip host 192.168.1.3 host 192.168.19.34
access-list inside_nonat permit ip host 192.168.2.2 host 192.168.19.34
nat (inside) 0 access-list inside_nonat
nat (dmz) 0 access-list dmz_nonat
sysopt connection permit-ipsec
crypto ipsec transform-set vpnset esp-3des esp-sha-hmac
crypto map mymap 5 ipsec-isakmp
crypto map mymap 5 match address 100
crypto map mymap 5 set peer A.B.C.D
crypto map mymap 5 set transform-set vpnset
crypto map mymap interface outside
isakmp enable outside
isakmp key ******** address A.B.C.D netmask 255.255.255.255
isakmp identity address
isakmp nat-traversal 20
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 28800
Hvorfor får jeg den fejl på oprettelse af tunellen ?
/Brian
Brian Ipsen (
08-10-2003
)
Kommentar
Fra :
Brian Ipsen
Dato :
08-10-03 09:36
"Brian Ipsen" <bipsen@andebakken.dk> wrote in message
news:3f83c824$0$13209$edfadb0f@dread15.news.tele.dk...
> Site2 Pix (har 192.168.1.1 på DMZ og 192.168.2.1 på inside):
> access-list 100 line 1 permit ip host 192.168.1.2 host 172.21.19.34
> access-list 100 line 2 permit ip host 192.168.1.3 host 172.21.19.34
> access-list 100 line 3 permit ip host 192.168.2.2 host 172.21.19.34
Skulle have været (er det også i pix'en) - blot en trykfejl fra min side:
access-list 100 line 1 permit ip host 192.168.1.2 host 192.168.19.34
access-list 100 line 2 permit ip host 192.168.1.3 host 192.168.19.34
access-list 100 line 3 permit ip host 192.168.2.2 host 192.168.19.34
/Brian
Søg
Alle emner
Teknologi
Netværk
TCP/IP
Indstillinger
Spørgsmål
Tips
Usenet
Reklame
Statistik
Spørgsmål :
177818
Tips :
31980
Nyheder :
719565
Indlæg :
6410969
Brugere :
218912
Månedens bedste
Årets bedste
Sidste års bedste
Copyright © 2000-2026 kandu.dk. Alle rettigheder forbeholdes.