关于PIX的配置及注解

　　isakmp client configuration address-pool local yy outside

　　isakmp policy 10 authentication pre-share

　　指定预共享密钥作为认证手段

　　isakmp policy 10 encryption des

　　指定56位DES作为将被用于IKE策略的加密算法

　　isakmp policy 10 hash md5

　　指定MD5 (HMAC变种)作为将被用于IKE策略的散列算法

　　isakmp policy 10 group 2

　　指定1024比特Diffie-Hellman组将被用于IKE策略

　　isakmp policy 10 lifetime 86400

　　每个安全关联的生存周期为86400秒（一天）

　　vpngroup cisco idle-time 1800

　　vpngroup pix_vpn address-pool yy

　　vpngroup pix_vpn idle-time 1800

　　vpngroup pix_vpn password ********

　　vpngroup 123 address-pool yy

　　vpngroup 123 idle-time 1800

　　vpngroup 123 password ********

　　vpngroup 456 address-pool yy

　　vpngroup 456 idle-time 1800

　　vpngroup 456 password ********

　　telnet 192.168.88.144 255.255.255.255 inside

　　telnet 192.168.88.154 255.255.255.255 inside

　　telnet timeout 5

　　ssh timeout 5

　　console timeout 0

　　vpdn group 1 accept dialin pptp

　　vpdn group 1 ppp authentication pap

　　vpdn group 1 ppp authentication chap

　　vpdn group 1 ppp authentication mschap

　　vpdn group 1 ppp encryption mppe 40

　　vpdn group 1 client configuration address local hhyy

　　vpdn group 1 pptp echo 60

　　vpdn group 1 client authentication local

　　vpdn username cisco password *********

　　vpdn enable outside

　　username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 2

　　vpnclient vpngroup cisco_vpn password ********

　　vpnclient username pix password ********

　　terminal width 80

　　Cryptochecksum:9524a589b608c79d50f7c302b81bdfa4b