Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to setup Cisco VPN Client to tunnel to Pix 515E

Posted on 2004-08-24
5
Medium Priority
?
1,560 Views
Last Modified: 2013-11-16
I have a couple vendors that will need to tunnel in via the VPN Client to access accounting software and etc.
I would like to configure the Pix 515E to accept a couple users in to the LAN.  I understand I need to setup a
RADIUS Server.  I have a Win2003 Server I will use for RADIUS.  What do I need to setup on the Pix to allow
them in.  Cisco documentation appears to be very cryptic to follow.  Plus I didn't see anything for RADIUS setup.
Please help?  I was asked to make this happen in the next two days.  
0
Comment
Question by:rick_me27
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 11883729
This document is pretty striaghtforward and shows exatly how to setup a Win2k server. Identical config on Win2k3 server

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800b6099.shtml
0
 

Author Comment

by:rick_me27
ID: 11884325
Yes I found this ealier today and plan to use it as a guide tonight when I work on this.  Is there anything in particular I need to allow on the screening router.  I am having a T1 installed next week and I will be bring up the 2650 infront on the Pix.
I know I need to change default route and etc but what about for VPN access?
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 1000 total points
ID: 11884943
If you have a screening access router, you need to permit udp 500, tcp 50 (esp), udp 10000 and udp 4500 from any.

example

<inbound acl>
access-list 101 permit esp any host <ip address of PIX outside>
access-list 101 permit udp any host <ip address of PIX outside> eq 500
access-list 101 permit udp any host <ip address of PIX outside> eq 4500
access-list 101 permit udp any host <ip address of PIX outside> eq 1000
0
 

Author Comment

by:rick_me27
ID: 11884964
Thanks so much.  What is ESP?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 11887778
udp port 500 = isakmp phase 1
esp / tcp port 50 = encapsulating security payload - this is the actual encrypted data stream, phase 2
Unless the client is behind a NAT device, then udp 4500 = ipsec payload
Older client software behind NAT device uses udp 10000 for encrypted payload
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question