Tweet
Diagram: VPN Client (HOME)----ADSL-------INTERNET-------(66.21.10.25/24)PIX525------LAN(66.21.12.64/192)
!
interface Ethernet0
description OUTSIDE interface
nameif outside
security-level 0
ip address 66.21.10.25 255.255.255.0
!
interface Ethernet1
description INSIDE interface, Connect to LAN
nameif inside
security-level 100
ip address 66.21.12.65 255.255.255.192
!
access-list no-nat-list extended permit ip any any
access-list acl_out extended permit ip any any
access-list 90 standard permit 66.21.12.64 255.255.255.192
access-list nonat extended permit ip 66.21.12.64 255.255.255.192 192.168.100.0 255.255.255.0
!
ip local pool VPN 192.168.100.1-192.168.100.255 mask 255.255.255.0
failover
!
nat (outside) 0 access-list no-nat-list
nat (inside) 0 access-list nonat
access-group acl_out in interface outside
route outside 0.0.0.0 0.0.0.0 66.21.10.1 1
!
group-policy cisco internal
group-policy cisco attributes
vpn-simultaneous-logins 50
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value 90
username cisco1 password cisco1
username cisco2 password cisco2
vpn-sessiondb max-session-limit 100
vpn-addr-assign local
!
crypto ipsec transform-set strong-des esp-3des esp-sha-hmac
crypto dynamic-map cisco 4 set transform-set strong-des
crypto map mymap 20 ipsec-isakmp dynamic cisco
crypto map mymap interface outside
isakmp enable outside
isakmp policy 8 authentication pre-share
isakmp policy 8 encryption 3des
isakmp policy 8 hash md5
isakmp policy 8 group 2
isakmp policy 8 lifetime 86400
!
tunnel-group cisco type ipsec-ra
tunnel-group cisco general-attributes
address-pool VPN
default-group-policy cisco
tunnel-group cisco ipsec-attributes
pre-shared-key cisco
---------------
Cisco PIX Security Appliance Software Version 7.0(1)
Device Manager Version 5.0(1)
Compiled on Thu 31-Mar-05 14:37 by builders
System image file is "flash:/tftp"
Config file at boot was "startup-config"
pixfirewall up 22 hours 39 mins
Hardware: PIX-525, 256 MB RAM, CPU Pentium III 600 MHz
Flash E28F128J3 @ 0xfff00000, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB
Encryption hardware device : VAC+ (Crypto5823 revision 0x1)
0: Ext: Ethernet0 : media index 0: irq 10
1: Ext: Ethernet1 : media index 1: irq 11
Licensed features for this platform:
Maximum Physical Interfaces : 10
Maximum VLANs : 100
Inside Hosts : Unlimited
Failover : Active/Standby
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : Unlimited
This platform has a Failover Only-Active/Standby (FO) license.
Serial Number: 809160868
Running Activation Key: 0x1ec6198f 0x80b003d5 0x02825531 0x3dafefb9
Configuration last modified by enable_15 at 10:20:52.128 UTC Sun Jun 24 2007
--------------------
Problem: Chỉ 1 session được thiết lập giữa VPN Client và PIX525 với IP cấp cho client là IP đầu trong range 192.168.100.1. Khi Client thứ 2 connect VPN thì session thứ 1 bị terminate.
Hỏi: 1. License này có hạn chế chỉ 1 VPN session?
2. Làm thế nào cấu hình để VPN Server cho phép nhiều session đồng thời?
Bạn có biết giúp mình với, Thanks
!
interface Ethernet0
description OUTSIDE interface
nameif outside
security-level 0
ip address 66.21.10.25 255.255.255.0
!
interface Ethernet1
description INSIDE interface, Connect to LAN
nameif inside
security-level 100
ip address 66.21.12.65 255.255.255.192
!
access-list no-nat-list extended permit ip any any
access-list acl_out extended permit ip any any
access-list 90 standard permit 66.21.12.64 255.255.255.192
access-list nonat extended permit ip 66.21.12.64 255.255.255.192 192.168.100.0 255.255.255.0
!
ip local pool VPN 192.168.100.1-192.168.100.255 mask 255.255.255.0
failover
!
nat (outside) 0 access-list no-nat-list
nat (inside) 0 access-list nonat
access-group acl_out in interface outside
route outside 0.0.0.0 0.0.0.0 66.21.10.1 1
!
group-policy cisco internal
group-policy cisco attributes
vpn-simultaneous-logins 50
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value 90
username cisco1 password cisco1
username cisco2 password cisco2
vpn-sessiondb max-session-limit 100
vpn-addr-assign local
!
crypto ipsec transform-set strong-des esp-3des esp-sha-hmac
crypto dynamic-map cisco 4 set transform-set strong-des
crypto map mymap 20 ipsec-isakmp dynamic cisco
crypto map mymap interface outside
isakmp enable outside
isakmp policy 8 authentication pre-share
isakmp policy 8 encryption 3des
isakmp policy 8 hash md5
isakmp policy 8 group 2
isakmp policy 8 lifetime 86400
!
tunnel-group cisco type ipsec-ra
tunnel-group cisco general-attributes
address-pool VPN
default-group-policy cisco
tunnel-group cisco ipsec-attributes
pre-shared-key cisco
---------------
Cisco PIX Security Appliance Software Version 7.0(1)
Device Manager Version 5.0(1)
Compiled on Thu 31-Mar-05 14:37 by builders
System image file is "flash:/tftp"
Config file at boot was "startup-config"
pixfirewall up 22 hours 39 mins
Hardware: PIX-525, 256 MB RAM, CPU Pentium III 600 MHz
Flash E28F128J3 @ 0xfff00000, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB
Encryption hardware device : VAC+ (Crypto5823 revision 0x1)
0: Ext: Ethernet0 : media index 0: irq 10
1: Ext: Ethernet1 : media index 1: irq 11
Licensed features for this platform:
Maximum Physical Interfaces : 10
Maximum VLANs : 100
Inside Hosts : Unlimited
Failover : Active/Standby
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : Unlimited
This platform has a Failover Only-Active/Standby (FO) license.
Serial Number: 809160868
Running Activation Key: 0x1ec6198f 0x80b003d5 0x02825531 0x3dafefb9
Configuration last modified by enable_15 at 10:20:52.128 UTC Sun Jun 24 2007
--------------------
Problem: Chỉ 1 session được thiết lập giữa VPN Client và PIX525 với IP cấp cho client là IP đầu trong range 192.168.100.1. Khi Client thứ 2 connect VPN thì session thứ 1 bị terminate.
Hỏi: 1. License này có hạn chế chỉ 1 VPN session?
2. Làm thế nào cấu hình để VPN Server cho phép nhiều session đồng thời?
Bạn có biết giúp mình với, Thanks
Comment