CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide, Second Edition [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide, Second Edition [Electronic resources] - نسخه متنی

Greg Bastien; Earl Carter; Christian Degu

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات
توضیحات
افزودن یادداشت جدید












  • Task 6: Configuring a Remote Access VPN to HQ


    Similar to the remote sites, the remote users must also have a secure mechanism to connect to the Reston location. The remote users, however, do not use fixed VPN tunnels. Instead, the remote users use Easy VPN remote to connect to the headquarters location and dynamically establish a VPN tunnel. The configuration process involves performing the following tasks:

    • Create an IP address pool

    • Define a group policy for mode configuration push

    • Enable IKE dead peer detection (DPD)



    Create an IP Address Pool


    For instance, suppose that you want to assign the remote clients addresses in the range from 10.20.100.1 through 10.20.100.254. Using a pool name of vpn-pool , the command line would be as follows:


    ip local pool vpn-pool 10.10.10.154-10.10.10.200


    Define a Group Policy for Mode Configuration Push


    When remote VPN clients connect to HQ-PIX, the firewall must push certain configuration information to them. You configure these parameters using the vpngroup command.


    vpngroup remote-users password B#!42Dd
    vpngroup remote-users dns-server 10.200.10.35
    vpngroup remote-users wins-server 10.100.10.25
    vpngroup remote-users default-domain dukem.com
    vpngroup remote-users address-pool vpn-pool
    vpngroup remote-users idle-time 10

    Note

    You also need to configure the VPN client software on the remote user PCs. This configuration involves identifying the IP address of HQ-PIX and indicating the VPN group name (remote-users) and group password (B#!42Dd).


    Enable IKE Dead Peer Detection


    You need to specify the number of seconds between DPD messages and the number of seconds between retries (if a DPD message does not receive a response). The syntax for this command is as follows:


    isakmp keepalive seconds [ retry-seconds ]


    • / 191