郁闷了两天的动态×××配置在今天拉下帷幕咯~~满怀欣喜的上图。。。
PIX23:
interface Ethernet1
nameif outside
security-level 0
ip address 13.1.1.3 255.255.255.0
interface Ethernet0
nameif inside
security-level 100
ip address 3.3.3.254 255.255.255.0
access-list nonat extended permit ip 3.3.3.0 255.255.255.0 4.4.4.0 255.255.255.0
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto dynamic-map dmap 5 set transform-set myset
crypto dynamic-map dmap 5 set reverse-route
crypto map mymap 10 ipsec-isakmp dynamic dmap
crypto map mymap interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption des
hash md5
group 2
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 13.1.1.254
重头戏来啦~~~就被这东西整死了两天!!!!!!!
tunnel-group DefaultL2LGroup ipsec-attributes
pre-shared-key cisco
(正确的- -)
crypto isakmp key cisco address 0.0.0.0 netmask 0.0.0.0(就是他~~害我错了两天)
配完以后show run 出来的结果是一样- - 但是匹配不对- -
debug出现Removing peer from correlator table failed, no match害本菜鸟检查了半天的ACL!
=================================================================
PIX24:
vpdn group cisco request dialout pppoe
vpdn group cisco localname cisco
vpdn group cisco ppp authentication chap
vpdn username cisco password cisco 这个是题外话- - 跟×××没关系,防火墙接PPPOE上网的配置
-------------------------------------------------------------------------------------------------
interface Ethernet1
nameif outside
security-level 0
pppoe client vpdn group cisco
ip address pppoe setroute
interface Ethernet0
nameif inside
security-level 100
ip address 4.4.4.254 255.255.255.0
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map mymap 10 match address ***
crypto map mymap 10 set peer 13.1.1.3
crypto map mymap 10 set transform-set myset
crypto map mymap interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption des
hash md5
group 2
tunnel-group 13.1.1.3 type ipsec-l2l
tunnel-group 13.1.1.3 ipsec-attributes
pre-shared-key cisco
=================================================================
路由器:
vpdn-group cisco
accept-dialin
protocol pppoe
virtual-template 1
interface FastEthernet0/0
description 24pixe1
ip address 1.1.1.1 255.255.255.0
duplex auto
speed auto
pppoe enable
interface FastEthernet0/1
description 23pix1
ip address 13.1.1.254 255.255.255.0
duplex auto
speed auto
interface Virtual-Template1
ip address 14.1.1.254 255.255.255.0
peer default ip address pool cisco
ppp authentication chap pap
ppp pap sent-username cisco password 0 cisco
ip local pool cisco 14.1.1.1 14.1.1.10
username cisco password 0 cisco
转载于:https://blog.51cto.com/cdong/860041