Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN Question

Status
Not open for further replies.
minoad

minoad

Programmer
Mar 28, 2001
138
US
I have a PIX-501 Firewall version 6.3(3) Device Manager version 3.0(1) with licsence features VPN-DES enabled and VPN-3DES-AES enabled.
I would like to turn this device into a VPN server provideing service to remote users through a software client and am looking for any documentation on how this could be done.

Thanks

Micah A. Norman
 
Sort by date Sort by votes
Here are the commands I used and it works great.

names

access-list inside_outbound_nat0_acl permit ip any 172.17.2.0 255.255.255.0
access-list outside_cryptomap_dyn_20 permit ip any 172.17.2.0 255.255.255.0

ip local pool VPNpool 172.17.2.1-172.17.2.254
nat (inside) 0 access-list inside_outbound_nat0_acl


sysopt connection permit-ipsec
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map client authentication LOCAL
crypto map outside_map interface outside
isakmp enable outside
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
vpngroup mygroup address-pool VPNpool
vpngroup mygroup dns-server 192.168.1.50 192.168.1.53
vpngroup mygroup wins-server 192.168.1.50 192.168.1.53
vpngroup mygroup default-domain csi
vpngroup mygroup idle-time 1800
vpngroup mygroup password password

 
Upvote 0 Downvote
it looks like you are using a third party program for authentication. Is that true?
 
Upvote 0 Downvote
No. I am trying to keep this completely contained within the pix. I have found tons of information of configuring the client side. but i cannot seem to find much on configureing the vpn server on a PIX 501.

Micah A. Norman
 
Upvote 0 Downvote
I assume that the below statement should contain the IP address of the remote users?
access-list inside_outbound_nat0_acl permit ip any 172.17.2.0 255.255.255.0

What if the users are not on any particular subnet. I tried this with the "permit any any" and have had no luck with that
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
850
intel233
intel233
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
365
gkittelson
gkittelson
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
1K
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
290
WhosYourDiffie
WhosYourDiffie
ITSUPPORTIT
  • Locked
  • Question
VPN from ASA 5510 and RV215W problem
Replies
0
Views
229
ITSUPPORTIT
ITSUPPORTIT

Part and Inventory Search

Sponsor

Back
Top