Solved

Initiate VPN Client Behind PIX Firewall

Posted on 2004-08-15
7
558 Views
Last Modified: 2010-04-12
I have just installed a Cisco PIX 506E in my network. The outside interface is connected to my cable modem and the internal interface to a switch. Everything works fine, except when I try to initiate a VPN client connection to my office network from my internal network (this worked fine when I used a Linksys router).

I assume I must be missing some additional commands for the PIX to pass the IPSec traffic, but I haven't been able to figure out what I need to do. Thanks.
0
Comment
Question by:radiusdude
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 36

Expert Comment

by:grblades
ID: 11807949
Have a look at this topic to see if it is of any help.
http://www.experts-exchange.com/Security/Firewalls/Q_20587556.html
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 125 total points
ID: 11810701
What version PIX OS?
Get the latest 6.3x - 6.3(4) just came out

You have to enable NAT-transparency, and this is not supported on anything prior to 6.3
6.3(2) is buggy
6.3(3) has a security hole
6.3(4) is the latest

0
 
LVL 36

Expert Comment

by:grblades
ID: 11810766
What is the security problem with 6.3(3) ?
0
Retailers - Is your network secure?

With the prevalence of social media & networking tools, for retailers, reputation is critical. Have you considered the impact your network security could have in your customer's experience? Learn more in our Retail Security Resource Kit Today!

 
LVL 79

Expert Comment

by:lrmoore
ID: 11810901
Very minor SSL vulnerability, but if you use SSH and HTTPS to manage it...
http://www.cisco.com/en/US/products/products_security_advisory09186a0080207d5f.shtml

6.3(3)124 build is the "fixed" version
0
 

Author Comment

by:radiusdude
ID: 11810954
Thanks! I was running 6.2(2) - I'll see if I can get the upgrade from Cisco (I bought the PIX used - I'm not sure what Cisco's upgrade policy is...)
0
 
LVL 36

Expert Comment

by:grblades
ID: 11811065
How do I find out what build version I am running? I assume that as the build date is last year it is a version which needs upgrading anyway.
'show ver' shows :-

Cisco PIX Firewall Version 6.3(3)
Cisco PIX Device Manager Version 3.0(1)

Compiled on Wed 13-Aug-03 13:55 by morlee
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 11811420
>Cisco PIX Firewall Version 6.3(3)
Yours

Mine:
Cisco PIX Firewall Version 6.3(3)124

0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the Top 10  common Cisco VPN problems are not-matching shared keys. This is an easy one to fix, but not always easy to notice, see the case below. A simple IPsec tunnel between fast Ethernet interfaces of routers SW1 (f1/1) and R1(f0/0). …
Using Windows 2008 RRAS, I was able to successfully VPN into the network, but I was having problems restricting my test user from accessing certain things on the network.  I used Google in order to try to find out how to stop people from accessing c…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question