Home > Archive > Cisco Security exams > February 2004 > NewBe Needs Help!





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author NewBe Needs Help!
ZenMuster

2004-02-05, 9:46 am

NewBe need your help. Hi guys, I have PIX501 version 6.2 and I would like to connect to it from home using cisco client software. So far I'm not successful. I'm using PAt on the PIX may that is creating problem. Could someone check my config and tell me what I'm missing?

Thank you,

Alex.

PIX Version 6.2(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password QB.o4qtAUf2x8nuB encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname pixfirewall
domain-name ciscopix.com
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
name 192.168.1.3 MAILServer
object-group service MailServices tcp
description SMTP and Secure IMAP
port-object eq 993
port-object eq smtp
port-object eq pop3
port-object eq pop2
port-object eq imap4
port-object eq https
port-object eq www
port-object eq 1723
access-list inside_access_in permit tcp any host xx.xx.xxx.xxx object-group Mail
Services
access-list 80 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
pager lines 24
interface ethernet0 10baset
interface ethernet1 10full
mtu outside 1500
mtu inside 1500
ip address outside xx.xx.xxx.xxx 255.255.255.240
ip address inside 192.168.1.1 255.255.255.0
ip verify reverse-path interface outside
ip verify reverse-path interface inside
ip audit info action alarm
ip audit attack action alarm
ip local pool local2 192.168.2.1-192.168.2.254
pdm location 192.168.1.0 255.255.255.0 inside
pdm location MAILServer 255.255.255.255 inside
pdm location 192.168.1.200 255.255.255.248 outside
pdm location 192.168.2.0 255.255.255.0 outside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
global (outside) 1 xx.xx.xxx.xxx
nat (inside) 0 access-list 80
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) interface MAILServer netmask 255.255.255.255 0 0
access-group inside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 68.72.225.181 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
aaa-server authserver protocol radius
aaa-server authserver (inside) host 192.168.1.4 abcdef timeout 5
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
sysopt connection permit-pptp
no sysopt route dnat
crypto ipsec transform-set strong esp-3des esp-sha-hmac
crypto map mymap 20 ipsec-isakmp dynamic cisco
crypto map mymap client configuration address initiate
crypto map partner-map 20 ipsec-isakmp dynamic cisco
crypto map partner-map client configuration address initiate
crypto map partner-map client configuration address respond
crypto map partner-map client authentication authserver
crypto map partner-map interface outside
crypto map map-partner 20 ipsec-isakmp dynamic cisco
isakmp enable outside
isakmp key ******** address 0.0.0.0 netmask 0.0.0.0
isakmp identity address
isakmp client configuration address-pool local local2 outside
isakmp policy 10 authentication rsa-sig
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup client address-pool local2
vpngroup client dns-server 192.168.1.4
vpngroup client wins-server 192.168.1.4
vpngroup client default-domain cisco.com
vpngroup client split-tunnel 80
vpngroup client idle-time 1800
vpngroup client password ********
vpngroup local idle-time 1800
vpngroup local2 idle-time 1800
vpngroup cliant idle-time 1800
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
vpdn group PPTP-VPDN-GROUP accept dialin pptp
vpdn group PPTP-VPDN-GROUP ppp authentication pap
vpdn group PPTP-VPDN-GROUP ppp authentication chap
vpdn group PPTP-VPDN-GROUP ppp authentication mschap
vpdn group PPTP-VPDN-GROUP ppp encryption mppe auto
vpdn group PPTP-VPDN-GROUP client configuration address local local2
vpdn group PPTP-VPDN-GROUP client configuration dns 192.168.1.4
vpdn group PPTP-VPDN-GROUP client configuration wins 192.168.1.4
vpdn group PPTP-VPDN-GROUP pptp echo 60
vpdn group PPTP-VPDN-GROUP client authentication local
vpdn username xxxxxxxxx password ********
vpdn enable outside
username Administrator password 9mwY2PwxvSXALQE5 encrypted privilege 15
terminal width 80
Sponsored Links





Free Braindumps | MCSE braindumps software forum

Copyright 2003 - 2008 examnotes.net