pinks
Guest
|
 Posted: Sun Jul 29, 2007 6:06 pm Post subject: Pix with Internet leased line and adsl as backup |
 |
|
HI , could Some help me out , I have a Pix Firewall connected to a
1800 Series router with Internet leased line, I am able to connect to
internet and through VPN connect remote desktop with the server for
the many applications. My concerns are
1. The remote desktop gets disconnected frequently, is there any
problem with the configuration.
2. I have an ADSL line and Cisco 837 Router how can i use this router
to act as a backup for the laesed line
Thanks and Regards
The Configuration are as follows
interface ethernet0 10baset
interface ethernet1 10baset
nameif ethernet0 outside security0
nameif ethernet1 inside security100
hostname pix
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
access-list inside_outbound_nat0_acl permit ip 192.168.1.0
255.255.255.0 192.1
68.2.0 255.255.255.0
access-list outside_cryptomap_20 permit ip 192.168.1.0 255.255.255.0
192.168.2.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside A.B.C.114 255.255.255.240
ip address inside 192.168.1.254 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location 192.168.2.0 255.255.255.0 outside
pdm location 192.168.1.1 255.255.255.255 inside
pdm history enable
arp timeout 14400
global (outside) 10 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 10 0.0.0.0 0.0.0.0 0 0
route outside 0.0.0.0 0.0.0.0 A.B.C.113 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto map outside_map 20 ipsec-isakmp
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set pfs group2
crypto map outside_map 20 set peer public ip
crypto map outside_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 20 set security-association lifetime seconds
3600 kilobyt
es 100000
crypto map outside_map interface outside
isakmp enable outside
isakmp key ******** address public ip netmask 255.255.255.255 no-
xauth no-con
fig-mode
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash sha
isakmp policy 20 group 2
isakmp policy 20 lifetime 28800
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:d0eee9eae59e01ef0c2b304f9b93c6fb
: end
pix# sh runn
!
Router
!
!
interface FastEthernet0/0
ip address A.B.C.113 255.255.255.240
speed 10
half-duplex
no mop enabled
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
ip address X.Y.Z.W 255.255.255.252
!
router rip
redistribute connected
network A.B.C.0
network X.Y.Z.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0/0
!
ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
access-list 23 permit 10.10.10.0 0.0.0.7
dialer-list 1 protocol ip permit
!
control-plane
! |
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Private messages
Log in
