isakmp enable outside
在外部接口启用IKE协商
isakmp key ******** address 10.1.1.41 netmask 255.255.255.255
指定预共享密钥和远端对等体的地址
isakmp identity address
IKE身份设置成接口的IP地址
isakmp client configuration address-pool local yy outside
isakmp policy 10 authentication pre-share
指定预共享密钥作为认证手段
isakmp policy 10 encryption des
指定56位DES作为将被用于IKE策略的加密算法
isakmp policy 10 hash md5
指定MD5 (HMAC变种)作为将被用于IKE策略的散列算法
isakmp policy 10 group 2
指定1024比特Diffie-Hellman组将被用于IKE策略
isakmp policy 10 lifetime 86400
每个安全关联的生存周期为86400秒(一天)
vpngroup cisco idle-time 1800
vpngroup pix_vpn address-pool yy
vpngroup pix_vpn idle-time 1800
vpngroup pix_vpn password ********
vpngroup 123 address-pool yy
vpngroup 123 idle-time 1800
vpngroup 123 password ********
vpngroup 456 address-pool yy
vpngroup 456 idle-time 1800
vpngroup 456 password ********
telnet 192.168.88.144 255.255.255.255 inside
telnet 192.168.88.154 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group 1 accept dialin pptp
vpdn group 1 ppp authentication pap
vpdn group 1 ppp authentication chap
vpdn group 1 ppp authentication mschap
vpdn group 1 ppp encryption mppe 40
vpdn group 1 client configuration address local hhyy
vpdn group 1 pptp echo 60
vpdn group 1 client authentication local
vpdn username cisco password *********
vpdn enable outside
username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 2
vpnclient vpngroup cisco_vpn password ********
vpnclient username pix password ********
terminal width 80
Cryptochecksum:9524a589b608c79d50f7c302b81bdfa4b
