Re: re: OT: PIX, Router VPN vs PC VPN

From: David (david_knot@xxxxxxxxx)
Date: Fri May 24 2002 - 13:34:11 GMT-3

• Next message: Ian.C.Stong@xxxxxxxxxxxxxxx: "RE: Saudi job"
• Previous message: Edmund Roche-Kelly: "Re: Saudi job"
• Maybe in reply to: David: "re: OT: PIX, Router VPN vs PC VPN"
• Next in thread: Church, Chuck: "RE: OT: PIX, Router VPN vs PC VPN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
have got working VPN for Router to PIX
also can have VPN for PC based VPN 3000 Client to PIX

But is it possible to do BOTH, (1) VPN for Router to
PIX AND (2) VPN for PC based VPN 3000 Client to PIX?

can samples for this please?

--- David <david_knot@yahoo.com> wrote:
> it was name resultion issue. used a lmhost file all
> is
> ok
>
> thanks all for help
>
>
> --- p729@cox.net wrote:
> > It might be caused by a host or NetBIOS (can't
> > remember what Exchange uses) name resolution
> > problem. Are all of the resources (users' message
> > store/inbox, public and private folders) on one
> > machine reachable by the same name?
> >
> > Try populating the hosts and lmhosts files on the
> > client with the name(s) and IP address(es) of the
> > relavant hosts as an experiment and see if that
> > helps. Remember to reboot the client or at least
> > reload the NetBIOS name cache (nbtstat -R) before
> > testing.
> >
> > Regards,
> >
> > Mas Kato
> > https://ecardfile.com/id/mkato
> >
>
============================================================
> > From: David <david_knot@yahoo.com>
> > Date: 2002/05/22 Wed AM 10:01:30 EDT
> > To: ccielab@groupstudy.com
> > Subject: re: OT: PIX, Router VPN vs PC VPN
> >
> > As per discussion below, I've got PIX --> PC VPN
> > working all fine, except for Exchnage email. When
> > clicking on the user folder in Outlook it reports
> > "folder can't be displayed"
> >
> > here is the config, if you have any ideas
> >
> > fw# wr t
> > Building configuration...
> > : Saved
> > :
> > PIX Version 6.0(2)
> > nameif ethernet0 outside security0
> > nameif ethernet1 inside security100
> > nameif ethernet2 intf2 security10
> > nameif ethernet3 intf3 security15
> > nameif ethernet4 intf4 security20
> > nameif ethernet5 intf5 security25
> > hostname fw
> > domain-name dott.com
> > fixup protocol ftp 21
> > fixup protocol http 80
> > fixup protocol h323 1720
> > fixup protocol rsh 514
> > fixup protocol smtp 25
> > fixup protocol sqlnet 1521
> > fixup protocol sip 5060
> > fixup protocol skinny 2000
> > fixup protocol rtsp 554
> > names
> > access-list 100 permit icmp any any echo
> > access-list 100 permit icmp any any echo-reply
> > access-list 100 permit icmp any any time-exceeded
> > access-list 100 permit icmp any any unreachable
> > access-list 100 permit tcp any host 198.22.129.147
> > eq
> > smtp
> > access-list 100 permit tcp any host 198.22.129.147
> > eq
> > www
> > access-list 100 permit tcp any host 198.22.129.148
> > eq
> > telnet
> > access-list 100 permit tcp any host 198.22.129.148
> > gt
> > 2000
> >
> > access-list 101 permit ip 172.16.0.0 255.255.0.0
> > 172.17.0.0 255.255.0.0
> > pager lines 24
> > logging on
> > logging buffered errors
> > logging trap notifications
> > logging history notifications
> > interface ethernet0 10baset
> > interface ethernet1 10baset
> > interface ethernet2 auto shutdown
> > interface ethernet3 auto shutdown
> > interface ethernet4 auto shutdown
> > interface ethernet5 auto shutdown
> > mtu outside 1500
> > mtu inside 1500
> > mtu intf2 1500
> > mtu intf3 1500
> > mtu intf4 1500
> > mtu intf5 1500
> > ip address outside 198.22.129.146 255.255.255.240
> > ip address inside 172.16.6.100 255.255.0.0
> > ip address intf2 127.0.0.1 255.255.255.255
> > ip address intf3 127.0.0.1 255.255.255.255
> > ip address intf4 127.0.0.1 255.255.255.255
> > ip address intf5 127.0.0.1 255.255.255.255
> > ip audit info action alarm
> > ip audit attack action alarm
> > ip local pool ippool 172.17.255.0-172.17.255.254
> > no failover
> > failover timeout 0:00:00
> > failover poll 15
> > failover ip address outside 0.0.0.0
> > failover ip address inside 0.0.0.0
> > failover ip address intf2 0.0.0.0
> > failover ip address intf3 0.0.0.0
> > failover ip address intf4 0.0.0.0
> > failover ip address intf5 0.0.0.0
> > pdm history enable
> > arp timeout 14400
> > global (outside) 1 198.22.129.158
> > nat (inside) 0 access-list 101
> > nat (inside) 1 0.0.0.0 0.0.0.0 0 0
> > static (inside,outside) 198.22.129.148
> > 172.16.255.148
> > netmask 255.255.255.255 0 0
> >
> > static (inside,outside) 198.22.129.147 172.16.6.21
> > netmask 255.255.255.255 0 0
> > static (inside,outside) 198.22.129.155
> > 172.16.255.155
> > netmask 255.255.255.255 0 0
> >
> > access-group 100 in interface outside
> > route outside 0.0.0.0 0.0.0.0 198.22.129.145 1
> > timeout xlate 3:00:00
> > timeout conn 1:00:00 half-closed 0:10:00 udp
> 0:02:00
> > rpc 0:10:00 h323 0:05:00 si
> > p 0:30:00 sip_media 0:02:00
> > timeout uauth 0:05:00 absolute
> > aaa-server TACACS+ protocol tacacs+
> > aaa-server RADIUS protocol radius
> > no snmp-server location
> > no snmp-server contact
> > snmp-server community public
> > no snmp-server enable traps
> > floodguard enable
> > sysopt connection permit-ipsec
> > no sysopt route dnat
> > crypto ipsec transform-set myset esp-des
> > esp-md5-hmac
> > crypto dynamic-map dynmap 10 set transform-set
> myset
> > crypto map mymap 10 ipsec-isakmp dynamic dynmap
> > crypto map mymap interface outside
> > isakmp enable outside
> > isakmp identity address
> > isakmp policy 10 authentication pre-share
> > isakmp policy 10 encryption des
> > isakmp policy 10 hash md5
> > isakmp policy 10 group 2
> > isakmp policy 10 lifetime 86400
> > vpngroup vpn3000 address-pool ippool
> > vpngroup vpn3000 dns-server 172.16.6.20
> > vpngroup vpn3000 wins-server 172.16.6.20
> > vpngroup vpn3000 default-domain dott.com
> > vpngroup vpn3000 split-tunnel 101
> > vpngroup vpn3000 idle-time 1800
> > vpngroup vpn3000 password ???????
> > telnet 172.16.0.0 255.255.0.0 inside
> > telnet timeout 5
> > ssh timeout 5
> > terminal width 80
> > : end
> >
> >
> > --------------------
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com
> > [mailto:nobody@groupstudy.com]On Behalf Of
> > David
> > Sent: 14 May 2002 10:35
> > To: ccielab@groupstudy.com
> > Subject: OT: PIX, Router VPN vs PC VPN
> >
> >
> > Guys
> > Need some input on this.
> >
> > Office ADSL to Internet. 1750 with ADSL interface
> > connects to ISP. PIX 520 used.
> >
> > Employees have ADSL at home to Internet with 1750
> > ADSL
> > router interface.
> >
> > The question= to grant access to employees (from
> > their
> > homes) to office LAN,
> >
>
=== message truncated ===

• Next message: Ian.C.Stong@xxxxxxxxxxxxxxx: "RE: Saudi job"
• Previous message: Edmund Roche-Kelly: "Re: Saudi job"
• Maybe in reply to: David: "re: OT: PIX, Router VPN vs PC VPN"
• Next in thread: Church, Chuck: "RE: OT: PIX, Router VPN vs PC VPN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:59:08 GMT-3