Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Cisco Pix 515E Configuration

From: "Eric Gunnett" <eric () zoovy com>
Date: Mon, 06 Dec 2004 07:33:20 -0800
        Yes, the two phones connect, but there is no audio coming from either side.

Eric Gunnett
System Administrator
Zoovy, Inc.
eric () zoovy com



"Lagula, Cecil" <clagula () taylorbean com> 12/06/04 06:54AM >>>

Do the phones actually make a connection and you get one-way audio?  
________

Cecil V. Lagula

-----Original Message-----
From: Eric Gunnett [mailto:eric () zoovy com] 
Sent: Friday, December 03, 2004 4:33 PM
To: firewall-wizards () honor icsalabs com 
Subject: [fw-wiz] Cisco Pix 515E Configuration

        I am hoping someone can help me with this problem. I have a
Cisco 515E with 6.3 on it. I have configured to pix for vpn connections
with authenticaiton through a radius. My connections from Client -> Pix
-> Internal Network, work great. But we are using a phone switch that is
trying to pass of the ip phone connection between two clients that are
connected through the pix, such as VPN Client 1 -> Pix -> VPN Client 2,
is this possible. I have attached my config below.

PIX Version 6.3(3)
interface ethernet0 10baset
interface ethernet1 10baset
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 8eATWrVtoJW4T5CL encrypted
passwd BGogFIdB6jmwTyg7 encrypted
hostname PIX
domain-name example.com
clock timezone PDT -8
clock summer-time PDT recurring
fixup protocol dns maximum-length 512
fixup protocol ftp 21
no fixup protocol h323 h225 1720
no fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol http 443
fixup protocol http 8080
no fixup protocol rsh 514
no fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
no fixup protocol skinny 2000
no fixup protocol smtp 25
no fixup protocol sqlnet 1521
no fixup protocol tftp 69
names
access-list acl_outbound permit tcp any any
access-list acl_outbound permit ip any any
access-list acl_outbound permit udp any any
access-list acl_outbound permit icmp any any
access-list 80 permit ip 192.168.1.0 255.255.255.0 host 192.168.99.50
access-list 80 permit ip 192.168.1.0 255.255.255.0 host 192.168.99.51
access-list 80 permit ip 192.168.1.0 255.255.255.0 host 192.168.99.52
access-list 80 permit ip 192.168.1.0 255.255.255.0 host 192.168.99.53
access-list 80 permit ip 192.168.1.0 255.255.255.0 host 192.168.99.54
access-list 80 permit ip 192.168.1.0 255.255.255.0 host 192.168.99.55
access-list 80 permit ip 192.168.1.0 255.255.255.0 host 192.168.99.56
access-list 80 permit ip 192.168.1.0 255.255.255.0 host 192.168.99.57
access-list 80 permit ip 192.168.1.0 255.255.255.0 host 192.168.99.58
access-list 80 permit ip 192.168.1.0 255.255.255.0 host 192.168.99.59
access-list 80 permit ip 192.168.1.0 255.255.255.0 host 192.168.99.60
access-list 80 permit ip 192.168.1.0 255.255.255.0 host 192.168.99.61
access-list 80 permit ip 192.168.1.0 255.255.255.0 host 192.168.99.62
access-list 80 permit ip 192.168.1.0 255.255.255.0 host 192.168.99.63
access-list 80 permit ip 192.168.1.0 255.255.255.0 host 192.168.99.64
access-list 80 permit ip 192.168.1.0 255.255.255.0 host 192.168.99.65
access-list 80 permit ip 192.168.1.0 255.255.255.0 host 192.168.99.66
access-list 80 permit ip 192.168.1.0 255.255.255.0 host 192.168.99.67
access-list 80 permit ip 192.168.1.0 255.255.255.0 host 192.168.99.68
access-list 80 permit ip 192.168.1.0 255.255.255.0 host 192.168.99.69
access-list 80 permit ip 192.168.1.0 255.255.255.0 host 192.168.99.70
access-list 80 permit ip 192.168.1.0 255.255.255.0 host 192.168.99.71
access-list 80 permit ip 192.168.1.0 255.255.255.0 host 192.168.99.72
access-list 80 permit ip 192.168.1.0 255.255.255.0 host 192.168.99.73
access-list 80 permit ip 192.168.1.0 255.255.255.0 host 192.168.99.74
access-list 80 permit ip 192.168.1.0 255.255.255.0 host 192.168.99.75
access-list 80 permit ip 192.168.99.0 255.255.255.0 192.168.99.0
255.255.255.0
access-list 80 permit ip host 192.168.99.56 host 192.168.99.57
access-list 80 permit ip host 192.168.99.57 host 192.168.99.56
access-list 80 permit ip 192.168.99.0 255.255.255.0 any
access-list split permit tcp 192.168.0.0 255.255.0.0 192.168.0.0
255.255.0.0
pager lines 40
logging on
logging timestamp
logging monitor notifications
logging trap notifications
icmp permit any outside
icmp permit any inside
mtu outside 1500
mtu inside 1500
ip address outside 66.67.68.69 255.255.255.224
ip address inside 192.168.99.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool VPN 192.168.99.50-192.168.99.75
no failover
failover timeout 0:00:00
failover poll 15
no failover ip address outside
no failover ip address inside
no pdm history enable
arp timeout 14400
global (outside) 1 63.108.93.25
nat (inside) 0 access-list 80
nat (inside) 1 192.168.1.0 255.255.255.0 0 0
access-group acl_outbound in interface outside
route outside 0.0.0.0 0.0.0.0 66.67.68.1 1
route inside 192.168.1.0 255.255.255.0 192.168.99.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server radius-authport 1812
aaa-server radius-acctport 1813
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server RADIUS (inside) host 192.168.1.12 secretpass timeout 15
aaa-server LOCAL protocol local
aaa-server local protocol radius
aaa-server partnerauth protocol radius
aaa-server partnerauth (inside) host 192.168.1.12 secretpass timeout 15
ntp server 130.126.24.24 source outside
snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-AES-256-MD5
crypto map outside_map 20 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map client configuration address initiate
crypto map outside_map client authentication partnerauth
crypto map outside_map interface outside
isakmp enable outside
isakmp key ******** address 0.0.0.0 netmask 0.0.0.0
isakmp client configuration address-pool local VPN outside
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption aes-256
isakmp policy 20 hash md5
isakmp policy 20 group 5
isakmp policy 20 lifetime 86400
vpngroup group idle-time 1800
vpngroup enable idle-time 1800
vpngroup Developers address-pool VPN
vpngroup Developers idle-time 1800
vpngroup Developers device-pass-through
telnet timeout 1
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 5
console timeout 15
terminal width 80
Cryptochecksum:c7f91c5bc5fef54edd6d720856a6429f
: end

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com 
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: