Microsoft
Software
Hardware
Network
Question : Problem: pix 515e firewall vpn to netgear with existing vpn's on the firewall
Hello all I have a pix 515e firewall. we have had vpn configs on this firewall already I am trying to get a point to point connection to a netgear router/firewall. I found some real nice configs to do so on the pix but when evebr i use the command crypto map vpnconnection interdace outside it takes away from another set of vpns coming in mas-idx. and stops my boss from vpning in. below i will put my configs i am not sure what iu need to take out so please dont kill me worse then i am already,
PIX Version 6.2(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 intf2 security10
enable password 2k9J.wpKv3oHMoTS encrypted
passwd H9lE/QgkAWLTcSC/ encrypted
hostname bloomPix
domain-name med-act-svcs.com
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
names
name 64.0.107.144 KEN
name 207.41.173.194 moises
name 192.168.30.14 Bloomfield3
name 192.168.30.10 bloomfield
name 192.168.31.42 LouiseB
name 167.206.229.178 KenJ
name 68.194.62.58 LouiseB-Home
name 207.156.182.195 EdMendez
name 192.168.31.6 Wantagh2
name 192.168.31.5 Wantagh1
name 192.168.31.20 JoePC
name 207.202.92.200 MASJCMC
name 207.156.182.196 EdMendez1
name 24.47.246.159 JoeHome
name 205.231.238.2 Meridian
name 68.196.193.203 RayT-Home
name 68.38.253.206 Nor-Home
name 67.82.176.34 GinaK-Home
name 209.66.57.100 PABALA1
name 209.66.57.102 PABala3
name 209.66.57.101 PABala2
name 209.66.57.103 PABala4
name 209.66.57.105 PABala6
name 209.66.57.104 PAbala5
name 68.195.161.115 DinaHome1
name 69.33.129.190 CTI
name 68.36.28.177 Nor-Home1
name 68.37.72.18 Nor
name 138.88.164.189 RandySpringer
name 198.181.235.49 Columbia-VPN
name 156.111.224.180 Columbia-VPN1
name 20.137.68.46 SVCMC
name 10.20.30.45 nor-on-the-road
name 68.196.203.149 RayT-Home1
name 138.89.42.147 Ray-Home-DSL
object-group service public tcp
description ftp-smtp-pop-www
port-object eq ftp
port-object eq pop3
port-object eq ftp-data
port-object eq www
port-object eq https
port-object eq smtp
object-group service domain tcp-udp
description dns
port-object eq domain
access-list outside_access_in permit tcp any host 208.44.183.11 object-group pub
lic
access-list outside_access_in permit tcp any host 208.44.183.2 eq telnet
access-list outside_access_in permit udp any any object-group domain
access-list outside_access_in permit ip host moises any
access-list outside_access_in permit ip KEN 255.255.255.248 any
access-list outside_access_in permit ip host RandySpringer any
access-list outside_access_in permit ip host JoeHome any
access-list outside_access_in permit ip host PABALA1 any
access-list outside_access_in permit ip host PABala2 any
access-list outside_access_in permit ip host PABala3 any
access-list outside_access_in permit ip host PABala4 any
access-list outside_access_in permit ip host PAbala5 any
access-list outside_access_in permit ip host PABala6 any
access-list outside_access_in permit ip host RayT-Home1 any
access-list outside_access_in permit ip host Ray-Home-DSL any
access-list outside_access_in permit ip host 69.141.116.59 any
access-list outside_access_in permit ip host nor-on-the-road any
access-list outside_access_in permit ip host MASJCMC any
access-list outside_access_in permit ip host LouiseB-Home any
access-list outside_access_in permit ip host DinaHome1 any
access-list outside_access_in permit ip host SVCMC any
access-list outside_access_in permit ip host Meridian any
access-list outside_access_in permit ip host EdMendez1 any
access-list outside_access_in permit ip host GinaK-Home any
access-list outside_access_in permit ip host CTI any
access-list inside_outbound_nat0_acl permit ip any 192.168.200.0 255.255.255.0
access-list medical_splitTunnelAcl permit ip 192.168.30.0 255.255.255.0 192.168.
200.0 255.255.255.0
access-list 100 permit ip 192.168.31.0 255.255.255.0 host Columbia-VPN
access-list 100 permit ip 192.168.30.0 255.255.255.0 host Columbia-VPN
access-list no-nat permit ip 192.168.31.0 255.255.255.0 host Columbia-VPN
access-list no-nat permit ip 192.168.30.0 255.255.255.0 192.168.200.0 255.255.25
5.0
access-list no-nat permit ip 192.168.30.0 255.255.255.0 host Columbia-VPN
pager lines 24
logging on
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto shutdown
icmp permit any outside
icmp permit any inside
mtu outside 1500
mtu inside 1500
mtu intf2 1500
ip address outside 208.44.183.8 255.255.255.0
ip address inside 192.168.30.1 255.255.255.0
ip address intf2 127.0.0.1 255.255.255.255
ip audit info action alarm
ip audit attack action alarm
ip local pool 200pool 192.168.200.2-192.168.200.
254
pdm location 192.168.30.125 255.255.255.255 inside
pdm location bloomfield 255.255.255.255 inside
pdm location KEN 255.255.255.248 outside
pdm location Bloomfield3 255.255.255.255 inside
pdm location 192.168.30.7 255.255.255.255 inside
pdm location 192.168.30.21 255.255.255.255 inside
pdm location 192.168.30.22 255.255.255.255 inside
pdm location 192.168.30.23 255.255.255.255 inside
pdm location 192.168.30.24 255.255.255.255 inside
pdm location 192.168.30.25 255.255.255.255 inside
pdm location moises 255.255.255.255 outside
pdm location 192.168.31.0 255.255.255.0 inside
pdm location 192.168.15.0 255.255.255.0 inside
pdm location 192.168.16.0 255.255.255.0 inside
pdm location 192.168.17.0 255.255.255.0 inside
pdm location 192.168.10.0 255.255.255.0 inside
pdm location 192.168.11.0 255.255.255.0 inside
pdm location 192.168.12.0 255.255.255.0 inside
pdm location 192.168.20.0 255.255.255.0 inside
pdm location 192.168.30.2 255.255.255.255 inside
pdm location LouiseB 255.255.255.255 inside
pdm location Wantagh2 255.255.255.255 inside
pdm location 192.168.31.55 255.255.255.255 inside
pdm location JoePC 255.255.255.255 inside
pdm location 192.168.32.1 255.255.255.255 inside
pdm location 192.168.32.0 255.255.255.0 inside
pdm location 192.168.100.0 255.255.255.0 inside
pdm location 192.168.30.36 255.255.255.255 inside
pdm location KenJ 255.255.255.255 outside
pdm location LouiseB-Home 255.255.255.255 outside
pdm location EdMendez 255.255.255.255 outside
pdm location Wantagh1 255.255.255.255 inside
pdm location MASJCMC 255.255.255.255 outside
pdm location EdMendez1 255.255.255.255 outside
pdm location 192.168.31.21 255.255.255.255 inside
pdm location 192.168.31.22 255.255.255.255 inside
pdm location 192.168.31.23 255.255.255.255 inside
pdm location 192.168.31.24 255.255.255.255 inside
pdm location 192.168.30.95 255.255.255.255 inside
pdm location 192.168.31.25 255.255.255.255 inside
pdm location 192.168.31.26 255.255.255.255 inside
pdm location 192.168.31.27 255.255.255.255 inside
pdm location JoeHome 255.255.255.255 outside
pdm location 192.168.31.28 255.255.255.255 inside
pdm location 192.168.200.0 255.255.255.0 outside
pdm location Meridian 255.255.255.255 outside
pdm location RayT-Home 255.255.255.255 outside
pdm location Nor-Home 255.255.255.255 outside
pdm location 192.168.30.52 255.255.255.255 inside
pdm location GinaK-Home 255.255.255.255 outside
pdm location 192.168.30.20 255.255.255.255 inside
pdm location 192.168.31.4 255.255.255.255 inside
pdm location PABALA1 255.255.255.255 outside
pdm location PABala2 255.255.255.255 outside
pdm location PABala3 255.255.255.255 outside
pdm location PABala4 255.255.255.255 outside
pdm location PAbala5 255.255.255.255 outside
pdm location PABala6 255.255.255.255 outside
pdm location DinaHome1 255.255.255.255 outside
pdm location CTI 255.255.255.255 outside
pdm location Nor-Home1 255.255.255.255 outside
pdm location 192.168.31.29 255.255.255.255 inside
pdm location Nor 255.255.255.255 outside
pdm location RandySpringer 255.255.255.255 outside
pdm location 192.168.30.45 255.255.255.255 inside
pdm location Columbia-VPN 255.255.255.255 outside
pdm location Columbia-VPN1 255.255.255.255 outside
pdm location 206.126.161.134 255.255.255.255 outside
pdm location SVCMC 255.255.255.255 outside
pdm location 200.9.49.66 255.255.255.255 outside
pdm location 206.126.161.161 255.255.255.255 outside
pdm location nor-on-the-road 255.255.255.255 outside
pdm location RayT-Home1 255.255.255.255 outside
pdm location 69.141.116.59 255.255.255.255 outside
pdm location Ray-Home-DSL 255.255.255.255 outside
pdm logging critical 100
pdm history enable
arp timeout 14400
global (outside) 10 interface
nat (inside) 0 access-list no-nat
nat (inside) 10 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 208.44.183.11 bloomfield netmask 255.255.255.255 0 0
static (inside,outside) 208.44.183.14 Bloomfield3 netmask 255.255.255.255 0 0
static (inside,outside) 208.44.183.9 192.168.30.36 netmask 255.255.255.255 0 0
static (inside,outside) 208.44.183.7 192.168.30.7 netmask 255.255.255.255 0 0
static (inside,outside) 208.44.183.20 192.168.30.20 netmask 255.255.255.255 0 0
static (inside,outside) 208.44.183.21 192.168.30.21 netmask 255.255.255.255 0 0
static (inside,outside) 208.44.183.22 192.168.30.22 netmask 255.255.255.255 0 0
static (inside,outside) 208.44.183.23 192.168.30.23 netmask 255.255.255.255 0 0
static (inside,outside) 208.44.183.24 192.168.30.24 netmask 255.255.255.255 0 0
static (inside,outside) 208.44.183.25 192.168.30.25 netmask 255.255.255.255 0 0
static (inside,outside) 208.44.183.2 192.168.30.2 netmask 255.255.255.255 0 0
static (inside,outside) 208.44.183.222 192.168.31.28 netmask 255.255.255.255 0 0
static (inside,outside) 208.44.183.194 Wantagh1 netmask 255.255.255.255 0 0
static (inside,outside) 208.44.183.193 Wantagh2 netmask 255.255.255.255 0 0
static (inside,outside) 208.44.183.204 192.168.31.55 netmask 255.255.255.255 0 0
static (inside,outside) 208.44.183.243 JoePC netmask 255.255.255.255 0 0
static (inside,outside) 208.44.183.31 192.168.31.21 netmask 255.255.255.255 0 0
static (inside,outside) 208.44.183.32 192.168.31.22 netmask 255.255.255.255 0 0
static (inside,outside) 208.44.183.33 192.168.31.23 netmask 255.255.255.255 0 0
static (inside,outside) 208.44.183.34 192.168.31.24 netmask 255.255.255.255 0 0
static (inside,outside) 208.44.183.36 192.168.31.25 netmask 255.255.255.255 0 0
static (inside,outside) 208.44.183.37 192.168.31.26 netmask 255.255.255.255 0 0
static (inside,outside) 208.44.183.38 192.168.31.27 netmask 255.255.255.255 0 0
static (inside,outside) 208.44.183.39 192.168.31.29 netmask 255.255.255.255 0 0
static (inside,outside) 208.44.183.26 192.168.30.52 netmask 255.255.255.255 0 0
static (inside,outside) 208.44.183.18 192.168.30.45 netmask 255.255.255.255 0 0
static (inside,outside) 208.44.183.239 192.168.31.4 netmask 255.255.255.255 0 0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 208.44.183.1 1
route inside 192.168.10.0 255.255.255.0 192.168.30.2 1
route inside 192.168.11.0 255.255.255.0 192.168.30.2 1
route inside 192.168.12.0 255.255.255.0 192.168.30.2 1
route inside 192.168.15.0 255.255.255.0 192.168.30.2 1
route inside 192.168.16.0 255.255.255.0 192.168.30.2 1
route inside 192.168.17.0 255.255.255.0 192.168.30.2 1
route inside 192.168.20.0 255.255.255.0 192.168.30.2 1
route inside 192.168.31.0 255.255.255.0 192.168.30.2 1
route inside 192.168.32.0 255.255.255.0 192.168.30.2 1
route inside 192.168.100.0 255.255.255.0 192.168.30.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 192.168.30.125 255.255.255.255 inside
http 192.168.30.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
no sysopt route dnat
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set MAS-IDX esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-DES-MD5
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-DES-MD5
crypto map MAS-IDX 1 ipsec-isakmp
crypto map MAS-IDX 1 match address 100
crypto map MAS-IDX 1 set peer Columbia-VPN1
crypto map MAS-IDX 1 set transform-set MAS-IDX
crypto map MAS-IDX 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map MAS-IDX interface outside
isakmp enable outside
isakmp key ******** address Columbia-VPN1 netmask 255.255.255.255 no-xauth no-co
nfig-mode
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 3600
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
isakmp policy 40 authentication pre-share
isakmp policy 40 encryption 3des
isakmp policy 40 hash sha
isakmp policy 40 group 2
isakmp policy 40 lifetime 86400
isakmp policy 50 authentication pre-share
isakmp policy 50 encryption 3des
isakmp policy 50 hash sha
isakmp policy 50 group 1
isakmp policy 50 lifetime 86400
vpngroup medical address-pool 200pool
vpngroup medical dns-server 216.111.65.217
vpngroup medical wins-server Bloomfield3 bloomfield
vpngroup medical default-domain med-act-svcs.com
vpngroup medical split-tunnel medical_splitTunnelAcl
vpngroup medical idle-time 1800
vpngroup medical password ********
telnet 192.168.30.0 255.255.255.0 inside
telnet 192.168.32.1 255.255.255.255 inside
telnet 192.168.32.1 255.255.255.255 intf2
telnet timeout 30
ssh 206.126.161.134 255.255.255.255 outside
ssh 200.9.49.66 255.255.255.255 outside
ssh 206.126.161.161 255.255.255.255 outside
ssh timeout 30
terminal width 80
Cryptochecksum:0d8919955ce
9317198042
4280a475f5
7
: end
Answer : Problem: pix 515e firewall vpn to netgear with existing vpn's on the firewall
you can only have one crypto "map" command applied to the outside interface at any point in time.
You need to create another crypto sequence with the same name. So that it might look something like this (this is from a PIX that I have, although I've changed the IP addresses):
crypto map mymap 12 ipsec-isakmp
crypto map mymap 12 match address 120
crypto map mymap 12 set peer 2.2.2.2
crypto map mymap 12 set transform-set myset
crypto map mymap 13 ipsec-isakmp
crypto map mymap 13 match address 130
crypto map mymap 13 set peer 3.3.3.3
crypto map mymap 13 set transform-set myset
crypto map mymap 14 ipsec-isakmp
crypto map mymap 14 match address 140
crypto map mymap 14 set peer 4.4.4.4
crypto map mymap 14 set transform-set myset
crypto map mymap 15 ipsec-isakmp
crypto map mymap 15 match address 150
crypto map mymap 15 set peer 5.5.5.5
crypto map mymap 15 set transform-set myset
crypto map mymap 16 ipsec-isakmp
crypto map mymap 16 match address 160
crypto map mymap 16 set peer 6.6.6.6
crypto map mymap 16 set transform-set myset
crypto map mymap 17 ipsec-isakmp
crypto map mymap 17 match address 170
crypto map mymap 17 set peer 7.7.7.7
crypto map mymap 17 set transform-set myset
Random Solutions
Problem: Server contains documents
Problem: my display turn to green colour
Problem: Using Nt backup to backup two 2003 std. servers to a single external drive
Problem: SHI-TEC PE-NET/CT driver?
Problem: please help
Problem: How to convert animated gifs to mov for use in powerpoint
Problem: Nvidea 7600gt vs 9800gt
Problem: Unsaturate Cisco 1700 without reboot?
Problem: Can i put a password lock on that external disk which remains in place no matter which PC I connect it to?
Problem: ERROR Expansion ROM not Initialized-PCI Network Controller on Motherboard Bus: 06, Device:1D, Function:00