1. Home
  2. Cisco Systems
  3. vpn through internal network

vpn through internal network

I have people in my private network I who would like to separate all their traffic to the internet and encrypt it in like a site to site VPN through my internal network to the internet like so.

outside people->Inside--PIX->Outside---internal network--->Inside---Pix----->outside---->internet

192.168.20.0/24-192.168.20.1-192.168.10.4-192.168.10.0/24-192.168.10.1-68.166.7.8 all traffic to internet---------------encrypted--------------------------------Decrypted---------------------->

here are the configs I last time I tried to bring this up

PIX 1 192.168.10.1

PIX Version 6.3(4) interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password encrypted passwd hostname pixfirewall fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names access-list vpn permit ip host 192.168.10.1 192.168.20.0 255.255.255.0 access-list nonat permit ip host 192.168.10.1 192.168.20.0

255.255.255.0 pager lines 24 icmp permit any outside mtu outside 1500 mtu inside 1500 ip address outside 192.168.10.1 255.255.255.0 ip address inside 68.166.7.8 255.255.255.248 ip audit info action alarm ip audit attack action alarm pdm logging informational 100 pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 0 0 nat(inside) 0 access-list nonat route outside 0.0.0.0 0.0.0.0 68.166.7.9 1 timeout xlate 0:05:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local no snmp-server location no snmp-server contact snmp-server community public snmp-server enable traps floodguard enable sysopt connection permit-ipsec crypto ipsec transform-set esp-aes-128 esp-aes esp-md5-hmac crypto map ocmap 1 ipsec-isakmp crypto map ocmap 1 match address vpn crypto map ocmap 1 set peer 192.168.10.4 crypto map ocmap 1 set transform-set esp-aes-128 crypto map ocmap interface inside isakmp enable inside isakmp key ******** address 192.168.10.4 netmask 255.255.255.255 isakmp policy 1 authentication pre-share isakmp policy 1 encryption aes isakmp policy 1 hash md5 isakmp policy 1 group 5 telnet timeout 5 ssh timeout 5 console timeout 0 terminal width 80 Cryptochecksum:e6d992c812f4e500b1485de574daa652 : end

PIX #2 people to be segmented off PIX Version 6.3(4) interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable passwor encrypted passwd encrypted hostname pixfirewall fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names access-list vpn permit ip 192.168.20.0 255.255.255.0 host 192.168.10.1 access-list nonat permit ip 192.168.20.0 255.255.255.0 host

192.168.10.1 pager lines 24 icmp permit any outside mtu outside 1500 mtu inside 1500 ip address outside 192.168.10.4 255.255.255.0 ip address inside 192.168.20.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm logging informational 100 pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 0 0 nat(inside) 0 access-list nonat route outside 0.0.0.0 0.0.0.0 192.168.10.1 1 timeout xlate 0:05:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local no snmp-server location no snmp-server contact snmp-server community public snmp-server enable traps floodguard enable sysopt connection permit-ipsec crypto ipsec transform-set esp-aes-128 esp-aes esp-md5-hmac crypto map ocmap 1 ipsec-isakmp crypto map ocmap 1 match address vpn crypto map ocmap 1 set peer 192.168.10.1 crypto map ocmap 1 set transform-set esp-aes-128 crypto map ocmap interface outside isakmp enable outside isakmp key ******** address 192.168.10.1 netmask 255.255.255.255 isakmp policy 1 authentication pre-share isakmp policy 1 encryption aes isakmp policy 1 hash md5 isakmp policy 1 group 5 telnet timeout 5 ssh timeout 5 console timeout 0 terminal width 80 Cryptochecksum:e6d992c812f4e500b1485de574daa652 : end
Reply to
jspr
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.