Spank_IT
asked on
Allow VPN Passthru Pix 506
Hello Experts,
I have a Cisco Pix 506 that is installed in a hotel. Guests traffic is passed through this firewall. Many times I get people that try to connect to their work through a VPN. How do I allow VPN connection out of my Cisco PIX 506?
I have a Cisco Pix 506 that is installed in a hotel. Guests traffic is passed through this firewall. Many times I get people that try to connect to their work through a VPN. How do I allow VPN connection out of my Cisco PIX 506?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Do I have to make an acl that allows that too, or will the nat-transparency and fixup be enough to make it work?
Thank you
Thank you
That should be enough, at least for Microsoft clients.
You might want to throw in a sysopt to be sure for IPSEC clients.
sysopt ipsec pl-compatible
You might want to throw in a sysopt to be sure for IPSEC clients.
sysopt ipsec pl-compatible
ASKER
I'm going to test this out then give you your points after it works. Where do you get all your information's on VPN's. I am fairly new to VPN's and would like to understand all the intricacies associated with them. Where would be good place to start?
Here's a great resource with lot's of good links to other stuff..
http://labmice.techtarget.com/networking/ipsec.htm
http://labmice.techtarget.com/networking/ipsec.htm
ASKER
What if the Pix does not have 6.1(1)?
If you have anything below 6.3(3), then you have to setup the NAT pool to have enough addresses so that each client can have a 1-1 NAT.
Example, if your NAT pool is 12 addresses, then only the first 12 users will get 1-1 addresses and can use VPN. Lucky #13 gets internet access, but no VPN.
Example, if your NAT pool is 12 addresses, then only the first 12 users will get 1-1 addresses and can use VPN. Lucky #13 gets internet access, but no VPN.
ASKER
I think with a 6.1(1) all you need to do is allow esp and ah protocols through the firewall and udp port 500 for isakmp with an access list.
ASKER
Do you know how to setup a client to site vpn with a cisco 2600 router?
ASKER