?
Solved

Initiate VPN Client Behind PIX Firewall

Posted on 2004-08-15
7
Medium Priority
?
567 Views
Last Modified: 2010-04-12
I have just installed a Cisco PIX 506E in my network. The outside interface is connected to my cable modem and the internal interface to a switch. Everything works fine, except when I try to initiate a VPN client connection to my office network from my internal network (this worked fine when I used a Linksys router).

I assume I must be missing some additional commands for the PIX to pass the IPSec traffic, but I haven't been able to figure out what I need to do. Thanks.
0
Comment
Question by:radiusdude
  • 3
  • 3
7 Comments
 
LVL 36

Expert Comment

by:grblades
ID: 11807949
Have a look at this topic to see if it is of any help.
http://www.experts-exchange.com/Security/Firewalls/Q_20587556.html
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 11810701
What version PIX OS?
Get the latest 6.3x - 6.3(4) just came out

You have to enable NAT-transparency, and this is not supported on anything prior to 6.3
6.3(2) is buggy
6.3(3) has a security hole
6.3(4) is the latest

0
 
LVL 36

Expert Comment

by:grblades
ID: 11810766
What is the security problem with 6.3(3) ?
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
LVL 79

Expert Comment

by:lrmoore
ID: 11810901
Very minor SSL vulnerability, but if you use SSH and HTTPS to manage it...
http://www.cisco.com/en/US/products/products_security_advisory09186a0080207d5f.shtml

6.3(3)124 build is the "fixed" version
0
 

Author Comment

by:radiusdude
ID: 11810954
Thanks! I was running 6.2(2) - I'll see if I can get the upgrade from Cisco (I bought the PIX used - I'm not sure what Cisco's upgrade policy is...)
0
 
LVL 36

Expert Comment

by:grblades
ID: 11811065
How do I find out what build version I am running? I assume that as the build date is last year it is a version which needs upgrading anyway.
'show ver' shows :-

Cisco PIX Firewall Version 6.3(3)
Cisco PIX Device Manager Version 3.0(1)

Compiled on Wed 13-Aug-03 13:55 by morlee
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 11811420
>Cisco PIX Firewall Version 6.3(3)
Yours

Mine:
Cisco PIX Firewall Version 6.3(3)124

0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you connect to your workplace's VPN, you may not notice that you are using your workplace's servers to serve up webpages.  This might be undesirable since the workplace can log all the places you've been.  It also might be very slow to load pag…
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question