[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Allow VPN Passthru Pix 506

Posted on 2004-10-22
10
Medium Priority
?
2,043 Views
Last Modified: 2013-11-16
Hello Experts,

I have a Cisco Pix 506 that is installed in a hotel.  Guests traffic is passed through this firewall.  Many times I get people that try to connect to their work through a VPN.  How do I allow VPN connection out of my Cisco PIX 506?
0
Comment
Question by:Spank_IT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
10 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 525 total points
ID: 12382050
Several things to check.
  Are you using a single Public IP on the outside of the PIX for the global?
   Yes -- make sure you have 6.3(3) or higher
            Enable nat-transparency for IPSEC clients
               isakmp nat-traversal 20
            Enable fixup pptp for Microsoft clients
               fixup protocol pptp 1723
 
   No -- make sure you have enough addresses in the public IP pool to cover all inside clients

0
 

Author Comment

by:Spank_IT
ID: 12382129
Thank you for your response lrmoore.  I am using a single Static Public IP on the outside of the PIX.  I have 6.3(3).  I will add those two settings and let you know if it works.
0
 

Author Comment

by:Spank_IT
ID: 12382195
Do I have to make an acl that allows that too, or will the nat-transparency and fixup be enough to make it work?

Thank you
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 79

Expert Comment

by:lrmoore
ID: 12382253
That should be enough, at least for Microsoft clients.

You might want to throw in a sysopt to be sure for IPSEC clients.

  sysopt ipsec pl-compatible
0
 

Author Comment

by:Spank_IT
ID: 12382324
I'm going to test this out then give you your points after it works.  Where do you get all your information's on VPN's.  I am fairly new to VPN's and would like to understand all the intricacies associated with them.  Where would be good place to start?

0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12382546
Here's a great resource with lot's of good links to other stuff..
http://labmice.techtarget.com/networking/ipsec.htm

0
 

Author Comment

by:Spank_IT
ID: 12402226
What if the Pix does not have 6.1(1)?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12402313
If you have anything below 6.3(3), then you have to setup the NAT pool to have enough addresses so that each client can have a 1-1 NAT.
Example, if your NAT pool is 12 addresses, then only the first 12 users will get 1-1 addresses and can use VPN. Lucky #13 gets internet access, but no VPN.
0
 

Author Comment

by:Spank_IT
ID: 12410953
I think with a 6.1(1) all you need to do is allow esp and ah protocols through the firewall and udp port 500 for isakmp with an access list.
0
 

Author Comment

by:Spank_IT
ID: 12410966
Do you know how to setup a client to site vpn with a cisco 2600 router?
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question