Improve company productivity with a Business Account.Sign Up

x
?
Solved

PIX 515 with 3des and DMZ config

Posted on 2004-08-23
4
Medium Priority
?
790 Views
Last Modified: 2013-11-16
Good Morning,

I am setting up a PIX 515 with a DMZ. Does anyone have a sample config of a PIX 515 with 3des and DMZ?

This is my 1st PIX with a DMZ, but I have done checkpoint FW with DMZ previously.

Are there any gotchas that I should be aware of?

Thanks in advance on this.

I am sure that I will be adding to this later on today or tomorrow.

Cepolly
0
Comment
Question by:cepolly
  • 2
  • 2
4 Comments
 
LVL 36

Expert Comment

by:grblades
ID: 11869335
Here are a few usefull links. The first contains many examples. My radius example is basically what you are after aswell except that I am using aes instead of 3des.

PIX configuration examples - http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_configuration_examples_list.html
PIX configuration basics - http://www.netcraftsmen.net/welcher/papers/pix01.html
PIX ssh configuration - http://www.tech-recipes.com/modules.php?name=Recipes&rx_id=215
My Pages:-
PIX as multi user VPN server - http://www.gbnetwork.co.uk/networking/ciscopixvpnradius.html
PIX as a home DSL firewall - http://www.gbnetwork.co.uk/networking/ciscopixhomedsl.html

The only real gotcha is to make sure the pool of IP addresses you allocate to VPN users is on a different subnet to your internal network. Most people use a range of IP's on the internal network the first time and this does not work properly.
0
 
LVL 1

Author Comment

by:cepolly
ID: 11870478
thanks for the info.

you just brought up something that I did not think of.

I am using 192.168.1.x for internal and 10.0.0.x for dmz.

so then it would just be a matter of giving VPN users 192.168.2.x or 10.0.1.x.

Also, should I use radius and what is required to use it from a server and configuration standpoint?

0
 
LVL 36

Accepted Solution

by:
grblades earned 2000 total points
ID: 11870572
Is there any change that you can change the IP addresses you use internally?
192.168.1.x is used by a large number of home DSL routers and you will find that these people will have problems using the VPN client because of this. You don't want to have to reconfigure all their routers.

Yes you can use 192.168.2.x etc... for the VPN users.

In basic VPN configuration you just have a group username and password for access and once authenticates all VPN users can access anything on your local LAN without restriction.

You can also in addition use LOCAL autoentication where the situation is as above but each user also get an additional popup box asking for their individual username and password. This is oviously much more secure as you don't want all users to share a common username/password.

The next option is to use RADIUS which is similar to LOCAL authentication but the account details are stored on a separate database. In addition with RADIUS you can assign an ACL to each person so you can limit what resources each individual user is permitted to access.
0
 
LVL 1

Author Comment

by:cepolly
ID: 11896593
I'm going to start a new post though this pne was answered to the extent of my question.

thank you
0

Featured Post

IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
OnPage has always empowered IT teams but also amplify alerting capabilities. In the following slides you will see 5 features of OnPage that act as important tools for any IT team to resolve incidents faster
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

595 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question