Remote Access VPN Setup Questions 1

[intelwizrd]

I have: PIX 515e UR w/6 physical interfaces
All "inside" interfaces have public ip's (class C on each interface)
The interfaces are named as follows from highest security to lowest
inside, lan, dev, server, jsn, mail, outside

If I set up a remote access vpn should i use the wizard or do it manually?
What interface should it terminate on?
What ip range can I use?

I'm still new to pix/vpn configs and I am trying not to take down my network. thanks for your help.

----------------------------
Josh
CCNA, MCSE 2003(in progress)

 

[Dimpa1]

Never use pdm (wizard). It adds more trouble.
You will use the outside interface to terminate your vpn connection. Use ip range that is not use anywere else on your pix.

access-list nonat permit ip <inside nw> <mask> 10.89.129.0 255.255.255.0
access-list spit permit ip <inside nw> <mask> 10.89.129.0 255.255.255.0

!--- range to be assigned to the VPN Clients.
ip local pool vpbpool 10.89.129.20-10.89.129.200

global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0

sysopt connection permit-ipsec

crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto dynamic-map dynmap 90 set transform-set myset
crypto map mymap 90 ipsec-isakmp dynamic dynmap

isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400

vpngroup vpn3000 address-pool vpnpool
vpngroup vpn3000 dns-server x.x.x.x
vpngroup vpn3000 wins-server x.x.x.x
vpngroup vpn3000 split split-tunnel split
vpngroup vpn3000 idle-time 1800
vpngroup vpn3000 password ********

crypto map mymap interface outside

 

[Dimpa1]

Configuring PIX Firewall 6.0 and Cisco VPN 3000 Clients Using IPSec

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009442e.shtml

 

[intelwizrd]

Thanks for your help guys, got it up and working.

----------------------------
Josh
CCNA, MCSE 2003(in progress)