The software is available at http://www.cisco.com/kobayashi/sw-center/sw-vpn.shtml.
Once you have the VPN tunnel established, there should be no need for a dial in line. Here is a sample configuration for my VPN tunnel to my home 515 PIX - I use DES, I would recommend 3DES. PIX Version 6.2(2) nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 pix/intf2 security10 nameif ethernet3 pix/intf3 security15 nameif ethernet4 pix/intf4 security20 nameif ethernet5 pix/intf5 security25 enable password XXXXXXX encrypted passwd XXXXXXX encrypted hostname XXXXX fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol ils 389 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 names access-list 80 permit ip 10.0.0.0 255.255.255.0 10.0.0.0 255.255.255.0 pager lines 24 logging on logging timestamp logging trap debugging logging host inside 10.0.0.111 no logging message 305012 no logging message 305011 no logging message 302015 no logging message 302014 no logging message 302013 no logging message 302016 interface ethernet0 10full interface ethernet1 10full interface ethernet2 auto shutdown interface ethernet3 auto shutdown interface ethernet4 auto shutdown interface ethernet5 auto shutdown mtu outside 1500 mtu inside 1500 mtu pix/intf2 1500 mtu pix/intf3 1500 mtu pix/intf4 1500 mtu pix/intf5 1500 ip address outside dhcp setroute ip address inside 10.0.0.1 255.255.255.0 ip address pix/intf2 127.0.0.1 255.255.255.255 ip address pix/intf3 127.0.0.1 255.255.255.255 ip address pix/intf4 127.0.0.1 255.255.255.255 ip address pix/intf5 127.0.0.1 255.255.255.255 ip audit name IDSATTACK attack action alarm reset ip audit interface outside IDSATTACK ip audit info action alarm ip audit attack action alarm ip local pool REMOTEIPPOOLS 10.0.0.210-10.0.0.215 no failover failover timeout 0:00:00 failover poll 15 failover ip address outside 0.0.0.0 failover ip address inside 0.0.0.0 failover ip address pix/intf2 0.0.0.0 failover ip address pix/intf3 0.0.0.0 failover ip address pix/intf4 0.0.0.0 failover ip address pix/intf5 0.0.0.0 pdm location 10.0.0.4 255.255.255.255 inside pdm location 10.0.0.111 255.255.255.255 inside pdm location 10.0.0.0 255.0.0.0 inside pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list 80 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol local http server enable http 10.0.0.111 255.255.255.255 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec no sysopt route dnat crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto dynamic-map outside_dyn_map 10 set transform-set ESP-DES-MD5 crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map interface outside isakmp enable outside isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash md5 isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 vpngroup GROUPNAME address-pool REMOTEIPPOOLS vpngroup GROUPNAME idle-time 1800 vpngroup GROUPNAME password xxxxxx telnet 10.0.0.0 255.255.255.0 inside telnet timeout 60 ssh timeout 30 dhcpd address 10.0.0.2-10.0.0.200 inside dhcpd lease 3600 dhcpd ping_timeout 750 dhcpd auto_config outside dhcpd enable inside username XXXX password XXXX encrypted privilege 2 terminal width 80 Cryptochecksum:dc24ebe736764b81a98b1e78c3f9f326 : end Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65684&t=65666 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
