Our company looking for cisco firewall that able build VPN and able insert below commend. Any model that can achieve? Please help to advice which model with most cheaper price~
start:-
hostname test
domain-name want-want.com
enable password cisco
passwd cisco
!
interface Vlan1
nameif inside
security-level 100
ip address 10.163.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 116.228.213.60 255.255.255.248
!
interface Ethernet0/0
switchport access vlan 2
no shut
!
interface Ethernet0/1
no shut
!
interface Ethernet0/2
no shut
!
interface Ethernet0/3
no shut
!
interface Ethernet0/4
no shut
!
interface Ethernet0/5
no shut
!
interface Ethernet0/6
no shut
!
interface Ethernet0/7
no shut
!
clock timezone China 8
object-group network local-lan
network-object 10.163.1.0 255.255.255.0
object-group network zb-lan
network-object 10.0.0.0 255.254.0.0
object-group network fgs-lan
network-object 10.128.0.0 255.128.0.0
object-group network permit-nat
network-object 10.163.1.8 255.255.255.255
access-list zb-vpnacl extended permit ip object-group local-lan object-group zb-lan
access-list fgs-vpnacl extended permit ip object-group local-lan object-group fgs-lan
access-list nat-acl extended permit ip object-group permit-nat any
access-list nonat-acl extended permit ip object-group local-lan object-group zb-lan
access-list nonat-acl extended permit ip object-group local-lan object-group fgs-lan
access-list video-out extended permit ip host 10.163.1.9 10.0.30.0 255.255.255.0
access-list video-out extended permit ip host 10.163.1.40 any
access-list video-out extended permit ip host 10.163.1.9 host 10.131.240.9
access-list video-in extended permit ip 10.0.30.0
255.255.255.0 host 10.163.1.9
access-list video-in extended permit ip any host 10.163.1.40
access-list video-in extended permit ip host 10.131.240.9 host 10.163.1.9
logging enable
logging buffered debugging
global (outside) 1 interface
nat (inside) 0 access-list nonat-acl
nat (inside) 1 access-list nat-acl
route outside 0.0.0.0 0.0.0.0 116.228.213.1 1
snmp-server host inside 10.0.0.245 community cisco
snmp-server host inside 10.128.0.10 community cisco
snmp-server community cisco
snmp-server enable traps snmp authentication
linkup linkdown coldstart
snmp-server enable traps syslog
crypto ipsec transform-set fgs-vpnset esp-3des esp-md5-hmac
crypto ipsec transform-set zb-vpnset esp-3des esp-md5-hmac
crypto map vpnmap 10 match address zb-vpnacl
crypto map vpnmap 10 set peer 116.228.213.29
crypto map vpnmap 10 set transform-set zb-vpnset
crypto map vpnmap 10 set trustpoint SHHQ-VPNCA2
crypto map vpnmap 20 match address fgs-vpnacl
crypto map vpnmap 20 set peer 221.224.209.186
crypto map vpnmap 20 set transform-set fgs-vpnset
crypto map vpnmap 20 set trustpoint SHHQ-VPNCA2
crypto map vpnmap interface outside
crypto ca trustpoint SHHQ-VPNCA2
enrollment url http://116.228.213.55:80/certsrv/mscep/mscep.dll
subject-name CN=10.163.1.1, OU=WantWant Group, DC=want-want.com, C=CN
serial-number
ip-address 10.163.1.1
keypair test
crypto isakmp enable outside
crypto isakmp policy 10
authentication rsa-sig
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 20
authentication rsa-sig
encryption 3des
hash md5
group 2
lifetime 28800
crypto isakmp nat-traversal 20
telnet 10.0.0.0 255.0.0.0 inside
telnet timeout 5
crypto key generate rsa modulus 1024
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
ssh version 2
console timeout 0
management-access inside
dhcpd dns 10.131.240.10 10.0.0.67
dhcpd wins 10.0.0.67 10.0.0.68
dhcpd lease 691200
dhcpd domain want-want.com
!
dhcpd address 10.163.1.50-10.163.1.80 inside
dhcpd enable inside
!
priority-queue outside
ntp server 210.72.145.44
tunnel-group 116.228.213.29 type ipsec-l2l
tunnel-group 116.228.213.29 ipsec-attributes
trust-point SHHQ-VPNCA2
tunnel-group 221.224.209.186 type ipsec-l2l
tunnel-group 221.224.209.186 ipsec-attributes
trust-point SHHQ-VPNCA2
!
class-map video-in
match access-list video-in
class-map video-out
match access-list video-out
!
!
policy-map videopolicy
class video-out
priority
class video-in
priority
!
service-policy videopolicy interface outside
!
END
