PIX TO PIX 防火墙站到站V..

                                                     PIX TO PIX 防火墙站到站VPN配置

Pix1# config t

（Config）#   inter e0 pixfirewall(config-if)# ip add 192.168.2.1 255.255.255.0 pixfirewall(config-if)# nameif outside pixfirewall(config-if)# security-level 0 pixfirewall(config-if)# no shut pixfirewall(config-if)# exit pixfirewall(config)# inter e1 pixfirewall(config-if)# ip add 192.168.1.1 255.255.255.0 pixfirewall(config-if)# nameif inside pixfirewall(config-if)# security-level 100 pixfirewall(config-if)# no shut pixfirewall(config-if)# exit pixfirewall(config)# exit pixfirewall(config)# access-list 103 extended permit icmp any any pixfirewall(config)# access-list 103 extended permit ip 192.168.3.0 255.255.255.0 192.168.1.0 255.255.255.0 pixfirewall(config)# access-list 101 extended permit ip 192.168.1.0 255.255.250 192.168.3.0 255.255.255.0 pixfirewall(config)# access-list ipnat extended permit ip 192.168.1.0 255.255.255.0 any pixfirewall(config)# global (outside) 1 interface pixfirewall(config)# nat (inside) 1 access-list ipnat pixfirewall(config)# nat (inside) 0 access-list 101 pixfirewall(config)# access-group 103 in interface outside pixfirewall(config)# route outside 0.0.0.0 0.0.0.0 192.168.2.2 pixfirewall(config)# crypto ipsec transform-set ccsp esp-3des esp-sha-hmac pixfirewall(config)# crypto map cisco 10 match add 101 pixfirewall(config)# crypto map cisco 10 set peer 192.168.2.2 pixfirewall(config)# crypto map cisco 10 set transform-set ccsp pixfirewall(config)# crypto map cisco interface outside pixfirewall(config)# crypto isakmp identity address pixfirewall(config)# crypto isakmp enable outside pixfirewall(config)# crypto isakmp policy 10 pixfirewall(config-isakmp-policy)# authentication pre-share pixfirewall(config-isakmp-policy)# encryption 3des pixfirewall(config-isakmp-policy)# hash sha pixfirewall(config-isakmp-policy)# group 2 pixfirewall(config-isakmp-policy)# lifetime 86400 pixfirewall(config)# crypto isakmp nat-traversal 10                                                            ^ pixfirewall(config)# tunnel-group 192.168.2.2 type ipsec-l2l pixfirewall(config)#tunnel-group192.168.2.2 ipsec-attributes pixfirewall(config-tunnel-ipsec)# pre-share pixfirewall(config-tunnel-ipsec)# pre-shared-key cisco123 pixfirewall(config-tunnel-ipsec)# exit pixfirewall(config)# passwd 2KFQnbNIdI.2KYOU encrypted   pix2 pixfirewall# config t pixfirewall(config)# inter e0 pixfirewall(config-if)# ip add 192.168.2.2 255.255.255.0 pixfirewall(config-if)# nameif outside pixfirewall(config-if)# security-level 0  pixfirewall(config-if)# no shut pixfirewall(config-if)# exit pixfirewall(config)# inter e1 pixfirewall(config-if)# ip add 192.168.3.1 255.255.255.0 pixfirewall(config-if)# security-level 100 pixfirewall(config-if)# nameif inside pixfirewall(config-if)# no shut pixfirewall(config-if)# exit pixfirewall(config)# passwd 2KFQnbNIdI.2KYOU encrypted pixfirewall(config)# access-list 103 extended permit icmp any any pixfirewall(config)# access-list 103 extended permit ip 192.168.1.0 255.255.255.0 192.168.3.0 pixfirewall(config)# access-list 101 extended permit ip 192.168.3.0 255.255.255.0 192.168.1.0 255.255.255.0 pixfirewall(config)# access-list ipnat extended permit ip 192.168.3.0 255.255.255.0 any pixfirewall(config)# global (outside) 1 interface pixfirewall(config)# nat (inside) 0 access-list 101 pixfirewall(config)# nat (inside) 1 access-list ipnat pixfirewall(config)# access-group 103 in interface outside pixfirewall(config)# route outside 0.0.0.0 0.0.0.0 192.168.2.1 pixfirewall(config)# crypto ipsec transform-set ccsp esp-3des esp-sha-hmac pixfirewall(config)# crypto map cisco 10 match add 101 pixfirewall(config)# crypto map cisco 10 set peer 192.168.2.1 pixfirewall(config)# crypto map cisco 10 set transform-set ccsp pixfirewall(config)# crypto map cisco interface outside pixfirewall(config)# crypto isakmp identity address pixfirewall(config)# crypto isakmp enable outside pixfirewall(config)# crypto isakmp policy 10 pixfirewall(config-isakmp-policy)# authentication pre-share pixfirewall(config-isakmp-policy)# encryption 3des pixfirewall(config-isakmp-policy)# hash sha pixfirewall(config-isakmp-policy)# group 2 pixfirewall(config-isakmp-policy)# lifetime 86400 pixfirewall(config)# crypto isakmp nat-traversal 10 pixfirewall(config)# tunnel-group 192.168.2.1 type ipsec-l2l pixfirewall(config)#tunnel-group 192.168.2.1 ipsec-attributes pixfirewall(config-tunnel-ipsec)# pre-shared-key cisco123