User manual ASUS MS248H
Lastmanuals offers a socially driven service of sharing, storing and searching manuals related to use of hardware and software : user guide, owner's manual, quick start guide, technical datasheets... DON'T FORGET : ALWAYS READ THE USER GUIDE BEFORE BUYING !!!
If this document matches the user guide, instructions manual or user manual, feature sets, schematics you are looking for, download it now. Lastmanuals provides you a fast and easy access to the user manual ASUS MS248H. We hope that this ASUS MS248H user guide will be useful to you.
Lastmanuals help download the user guide ASUS MS248H.
Manual abstract: user guide ASUS MS248H
Detailed instructions for use are in the User's Guide.
[. . . ] 1 2. 2 Setup CISCO PIX Firewall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 2. 2. 1 Setup IP address of LAN interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 2. 2. 2 Setup IP address of WAN interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [. . . ] 1 2. 2. 2 Setup IP address of WAN interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 2. 2. 3 Setup Routing Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 2. 3 Setup SL1000/MS248H system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 2. 3. 1 Setup IP address of LAN interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 2. 3. 2 Setup IP address of WAN interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 2. 3. 3 Setup Routing Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3 Establish VPN Tunnel using Automatic Keying. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. 1 Configure VPN Policy on PIX 501 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Figure 3. 5 Verify VPN tunnel establishment on the PIX firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Figure 3. 6 Verify the VPN tunnel establishment on the SL1000/MS248H . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Copyright 2006, ASUSTek Computer, Inc.
iii
1 Introduction
This application note details the steps for creating an IPSec VPN tunnel between an ASUS Internet Security Router and a CISCO PIX Firewall device. It is assumed that both devices have static IP address on the WAN interface, and a default route configured. All settings and screen dumps contained in this document are taken from a CISCO PIX 501 device running firmware PIX Firewall Version 6. 3(4), and an ASUS SL1000/MS248H running firmware 1. 1. 72A. 410.
2 Network Setup
This section describes how to setup the network to carry out the SL1000/MS248H and CISCO PIX 501 Network Configuration as illustrated in Figure 2. 1.
Cross Ethernet Cable WAN: 10. 64. 2. 145 WAN: 10. 64. 2. 130
LAN: 10. 64. 3. 1
Internet Security Router
LAN: 192. 168. 30. 1
CISCO PIX501
PC2: 10. 64. 3. 11
PC1: 192. 168. 30. 2
Figure 2. 1 Network Connections
2. 1 Setup Description
PC1 and PC2 are hosts in protected networks running Windows NT/98/2000/XP or Redhat Linux. Both SL1000/MS248H and PIX Firewall will protect their traffic from external network. NAT is not required for traffic between the two intranets, which can be transmitted using a VPN tunnel over the public Internet (in this setup example, a direct connection between two WAN interfaces serves as public network). However, NAT is required for connections to public Internet.
2. 2 Setup CISCO PIX Firewall
2. 2. 1 Setup IP address of LAN interface
pixfirewall# configure terminal pixfirewall(config)# ip address inside 192. 168. 30. 1 255. 255. 255. 0 Figure 2. 2 Setup LAN port IP address on the PIX firewall
2. 2. 2
Setup IP address of WAN interface
pixfirewall(config)# interface ethernet0 auto pixfirewall(config)# ip address outside 10. 64. 2. 130 255. 255. 255. 0 Figure 2. 3 Setup WAN port IP address on the PIX firewall
Copyright 2006, ASUSTek Computer, Inc.
Page 1
2. 2. 3
Setup Routing Table
Figure 2. 4 Setup a default route to the PIX firewall
pixfirewall(config)# route outside 0. 0. 0. 0 0. 0. 0. 0 10. 64. 2. 145
2. 3 Setup SL1000/MS248H system
2. 3. 1 Setup IP address of LAN interface
Figure 2. 5 Setup LAN port IP address on the SL1000/MS248H
2. 3. 2
Setup IP address of WAN interface
Figure 2. 6 Setup IP address of WAN interface on the SL1000/MS248H
Copyright 2006, ASUSTek Computer, Inc.
Page 2
Figure 2. 7 Verify WAN interface configurations on the SL1000/MS248H
2. 3. 3
Setup Routing Table
Figure 2. 8 Setup a default route to the SL1000/MS248H
3 Establish VPN Tunnel using Automatic Keying
3. 1 Configure VPN Policy on PIX 501
Step: 1 Configure access list rule and VPN policy pixfirewall(config)# access-list SL1000 permit ip 192. 168. 30. 0 255. 255. 255. 0 10. 64. 3. 0 255. 255. 255. 0 pixfirewall(config)# nat (inside) 0 access-list SL1000 pixfirewall(config)# sysopt connection permit-ipsec pixfirewall(config)# crypto ipsec transform-set set1 esp-3des esp-sha-hmac pixfirewall(config)# crypto ipsec security-association lifetime seconds 3600 pixfirewall(config)# crypto map toSL1000 20 ipsec-isakmp pixfirewall(config)# crypto map toSL1000 20 match address SL1000 pixfirewall(config)# crypto map toSL1000 20 set peer 10. 64. 2. 145 pixfirewall(config)# crypto map toSL1000 20 set transform-set set1 pixfirewall(config)# crypto map toSL1000 interface outside pixfirewall(config)# isakmp enable outside pixfirewall(config)# isakmp key cwtest address 10. 64. 2. 145 netmask 255. 255. 255. 0 pixfirewall(config)# isakmp identity address pixfirewall(config)# isakmp policy 20 authentication pre-share pixfirewall(config)# isakmp policy 20 encryption 3des pixfirewall(config)# isakmp policy 20 hash sha pixfirewall(config)# isakmp policy 20 group 2 pixfirewall(config)# isakmp policy 20 lifetime 3600
Copyright 2006, ASUSTek Computer, Inc.
Page 3
Figure 3. 1 Setup VPN policy on the PIX firewall Step 2: Verify Configurations pix-firewall# show config : Saved : Written by enable_15 at 14:22:39. 654 UTC Thu May 4 2006 PIX Version 6. 3(4) interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI. 2KYOU encrypted hostname pix-firewall domain-name asus. com. tw fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names access-list SL1000 permit ip 192. 168. 30. 0 255. 255. 255. 0 10. 64. 3. 0 255. 255. 255. 0 pager lines 24 mtu outside 1500 mtu inside 1500 ip address outside 10. 64. 2. 130 255. 255. 255. 0 ip address inside 192. 168. 30. 1 255. 255. 255. 0 ip audit info action alarm ip audit attack action alarm pdm location 192. 168. 1. 10 255. 255. 255. 255 inside pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list SL1000 route outside 0. 0. 0. 0 0. 0. 0. 0 10. 64. 2. 145 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute
Copyright 2006, ASUSTek Computer, Inc. [. . . ] Both SL1000/MS248H and PIX Firewall will protect their traffic from external network. NAT is not required for traffic between the two intranets, which can be transmitted using a VPN tunnel over the public Internet (in this setup example, a direct connection between two WAN interfaces serves as public network). However, NAT is required for connections to public Internet.
2. 2 Setup CISCO PIX Firewall
2. 2. 1 Setup IP address of LAN interface
pixfirewall# configure terminal pixfirewall(config)# ip address inside 192. 168. 30. 1 255. 255. 255. 0 Figure 2. 2 Setup LAN port IP address on the PIX firewall
2. 2. 2
Setup IP address of WAN interface
pixfirewall(config)# interface ethernet0 auto pixfirewall(config)# ip address outside 10. 64. 2. 130 255. 255. 255. 0 Figure 2. 3 Setup WAN port IP address on the PIX firewall
Copyright 2006, ASUSTek Computer, Inc.
Page 1
2. 2. 3
Setup Routing Table
Figure 2. 4 Setup a default route to the PIX firewall
pixfirewall(config)# route outside 0. 0. 0. 0 0. 0. 0. 0 10. 64. 2. 145
2. 3 Setup SL1000/MS248H system
2. 3. 1 Setup IP address of LAN interface
Figure 2. 5 Setup LAN port IP address on the SL1000/MS248H
2. 3. 2
Setup IP address of WAN interface
Figure 2. 6 Setup IP address of WAN interface on the SL1000/MS248H
Copyright 2006, ASUSTek Computer, Inc.
Page 2
Figure 2. 7 Verify WAN interface configurations on the SL1000/MS248H
2. 3. 3
Setup Routing Table
Figure 2. 8 Setup a default route to the SL1000/MS248H
3 Establish VPN Tunnel using Automatic Keying
3. 1 Configure VPN Policy on PIX 501
Step: 1 Configure access list rule and VPN policy pixfirewall(config)# access-list SL1000 permit ip 192. 168. 30. 0 255. 255. 255. 0 10. 64. 3. 0 255. 255. 255. 0 pixfirewall(config)# nat (inside) 0 access-list SL1000 pixfirewall(config)# sysopt connection permit-ipsec pixfirewall(config)# crypto ipsec transform-set set1 esp-3des esp-sha-hmac pixfirewall(config)# crypto ipsec security-association lifetime seconds 3600 pixfirewall(config)# crypto map toSL1000 20 ipsec-isakmp pixfirewall(config)# crypto map toSL1000 20 match address SL1000 pixfirewall(config)# crypto map toSL1000 20 set peer 10. 64. 2. 145 pixfirewall(config)# crypto map toSL1000 20 set transform-set set1 pixfirewall(config)# crypto map toSL1000 interface outside pixfirewall(config)# isakmp enable outside pixfirewall(config)# isakmp key cwtest address 10. 64. 2. 145 netmask 255. 255. 255. 0 pixfirewall(config)# isakmp identity address pixfirewall(config)# isakmp policy 20 authentication pre-share pixfirewall(config)# isakmp policy 20 encryption 3des pixfirewall(config)# isakmp policy 20 hash sha pixfirewall(config)# isakmp policy 20 group 2 pixfirewall(config)# isakmp policy 20 lifetime 3600
Copyright 2006, ASUSTek Computer, Inc.
Page 3
Figure 3. 1 Setup VPN policy on the PIX firewall Step 2: Verify Configurations pix-firewall# show config : Saved : Written by enable_15 at 14:22:39. 654 UTC Thu May 4 2006 PIX Version 6. 3(4) interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI. 2KYOU encrypted hostname pix-firewall domain-name asus. com. tw fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names access-list SL1000 permit ip 192. 168. 30. 0 255. 255. 255. 0 10. 64. 3. 0 255. 255. 255. 0 pager lines 24 mtu outside 1500 mtu inside 1500 ip address outside 10. 64. 2. 130 255. 255. 255. 0 ip address inside 192. 168. 30. 1 255. 255. 255. 0 ip audit info action alarm ip audit attack action alarm pdm location 192. 168. 1. 10 255. 255. 255. 255 inside pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list SL1000 route outside 0. 0. 0. 0 0. 0. 0. 0 10. 64. 2. 145 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute
Copyright 2006, ASUSTek Computer, Inc. [. . . ]
DISCLAIMER TO DOWNLOAD THE USER GUIDE ASUS MS248H
Lastmanuals offers a socially driven service of sharing, storing and searching manuals related to use of hardware and software : user guide, owner's manual, quick start guide, technical datasheets...
In any way can't Lastmanuals be held responsible if the document you are looking for is not available, incomplete, in a different language than yours, or if the model or language do not match the description. Lastmanuals, for instance, does not offer a translation service.
Click on "Download the user manual" at the end of this Contract if you accept its terms, the downloading of the manual ASUS MS248H will begin.
