ChicagoTech>En
Password:
ChicagoTech#conf terminal
Enter configuration commands, one per line. End with CNTL/Z.
ChicagoTech(config)#hostname ChicagoTech
ChicagoTech(config)#ip domain-name howtocisco.com
ChicagoTech(config)#crypto key generate rsa
ChicagoTech(config)#ip ssh time-out 60
ChicagoTech(config)#ip ssh authentication-retries 4
ChicagoTech(config)#end
ChicagoTech#wr mem
1. Change to global mode: config t
2. To Set enable password: enable password “chicagotech’
3. To set secret password: enable secret “ms-mvp”
Note 1: Enable secret password is encrypted by default. Enable password is not.
2. If both enable secret and enable password are specified, the enable secret overrides the enable password.
More…
1. Set a console password to chicagotech
1) [...]
Complete these steps in order to assign static IP addresses to the VPN Client:
Choose Configuration > System > Address Management > Assignment.
Check Use Address from Authentication Server.
Choose Configuration > User Management > Users > Modify > Identity and assign a static IP address.
Choose Configuration > User Management > Groups > Modify > [...]
In many instances, you need to enable routing on the PIX Firewall to connect to devices on networks that are not directly connected. This is accomplished by manually configuring static routes or by using Routing Information Protocol (RIP) or Open Shortest Path First (OSPF) to dynamically learn routes.
The PIX Firewall supports static routing, RIP and [...]
A pair of identical PIX Firewall devices must be used for failover to function. To determine the system requirements and the steps needed to configure failover with a failover cable or LAN-based failover, refer to Using PIX Firewall Failover for PIX operating on code 6.x and earlier.
For PIX operating on code 7.x and later, refer [...]
The crypto map set pfs command sets IPSec to ask for Perfect Forward Secrecy (PFS) when new security associations are requested for this crypto map entry. Alternatively, it asks that IPSec requires PFS when requests are received for new security associations.
To specify that IPSec not request PFS, issue the no crypto map set pfs command. [...]
The Internet Serivice Provider (ISP) provides only one IP address, which must be assigned to the PIX Firewall outside interface and be used as the Port Address Translation (PAT) address to allow outbound connections
Assign the IP address supplied by the ISP to the outside interface of the PIX. Then issue the global (outside) 1 interface [...]
The IPsec Network Address Translation (NAT) Transparency feature introduces support for IPsec traffic. This support allows IPsec traffic to travel through NAT or Port Address Translation (PAT) points in the network. This is done when you address many known incompatibilities between NAT, PAT, and IPsec.
IPsec NAT Transparency delivers these benefits:
Simplified deployment eliminates the need to [...]
To specify advanced TCP settings to set Maximum Segment Size (MSS), perform these steps:
To configure the MSS, issue the sysopt connection tcpmss 1460 command.
Configure these advanced TCP settings: Hostname(config)# access-list < http-list > extended permit tcp host x.x.x.x eq 80
Hostname(config)# class-map < http >
Hostname(config-cmap)# match access-list < http-list >
Hostname(config)# Tcp-map < tmap >
[...]
To configure Easy VPN using the PIX Device Manager (PDM), you must have PIX Firewall software version 6.2 or later and PDM version 2.0 or later. The PDM Help tab contains the operation and configuration guide for PDM. There is also a VPN Wizard that guides you through the setup.
The Easy VPN remote panel lets [...]
