PIC

[ РАЗРАБОТКИ РЭА
CISCO ]
Cisco PIX <-> PIX LAN-to-LAN
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
hostname pix
access-list inside_nat0_outbound permit ip 192.168.1.0 255.255.255.0 10.10.10.0 255.255.255.0
access-list outside_cryptomap_10 permit ip 192.168.1.0 255.255.255.0 10.10.10.0 255.255.255.0
!
access-list outside_access_in permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list inside_access_in permit ip 192.168.1.0 255.255.255.0 10.1.1.10 255.255.255.0
!
mtu outside 1500
mtu inside 1500
!
ip address outside *.*.*.* 255.255.255.240
ip address inside 192.168.1.1 255.255.255.0
!
nat (inside) 0 access-list inside_nat0_outbound
!
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
!
route outside 0.0.0.0 0.0.0.0 *.*.*.* 1
aaa authentication ssh console LOCAL
floodguard enable
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto map outside_map 10 ipsec-isakmp
crypto map outside_map 10 match address outside_cryptomap_10
crypto map outside_map 10 set pfs group2
crypto map outside_map 10 set peer *.*.*.*
crypto map outside_map 10 set transform-set ESP-AES-256-SHA
crypto map outside_map interface outside
isakmp enable outside
isakmp key ******** address *.*.*.* netmask 255.255.255.255 no-xauth
isakmp identity address
isakmp keepalive 60 10
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption aes-256
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 10
management-access inside