Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

creating a tunnel between a linksys vpn router and a pix 515e firewall

Posted on 2004-10-27
13
Medium Priority
?
1,947 Views
Last Modified: 2013-11-16
I have been looking for answers regarding any success stories on how to connect a linksys befsx41 and a pix firewall for ipsec tunneling, I would appreaciate any guidence you can provide.
0
Comment
Question by:BlessingWhite
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
13 Comments
 
LVL 8

Expert Comment

by:amirinamdar
ID: 12427412
Maybe this will help: www.htthost.com
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 1000 total points
ID: 12427665
On your Linksys, VPN setup page:

(*)enable     ()disable

Tunnel name [TOPIX    ]

Local network:  Subnet    192.168.1.0   <== change as appropriate
                        Mask      255.255.255.0
Remote Secure Group: Subnet 192.168.133.0  <== Lan side of PIX
                                  Mask    255.255.255.0
Remote secure gateway: IP address    12.34.56.7  <== Ouside IP of PIX
Encryption:      (*)DES    () 3DES   ()Disable
Authen:           (*)MD5   () SHAn   ()Disable
Key Management [Auto(IKE) ]
                     []  PFS   <== leave un-checked
                     Pre-shared key [ GoodPa$$worD ]
                     Lifetime           [3600                 ] Sec.

Click [ Connect ]
-----------------------------------------------------------------------------------------
On the PIX side:
{example based on remote LAN = 192.168.1.0 / 24
                              Local LAN   = 192.168.133.0 /24  }

access-list NO_NAT permit ip 192.168.133.0 255.255.0.0 192.168.1.0 255.255.255.0
access-list outside_cryptomap_40 permit ip  192.168.133.0 255.255.0.0 192.168.1.0 255.255.255.0
nat (inside) 0 access-list NO_NAT

sysopt connection permit-ipsec

crypto ipsec transform-set LAB esp-des esp-md5-hmac   <== DES + MD5 matches choices on the Linksys side
crypto map CRYMAP 40 ipsec-isakmp
crypto map CRYMAP 40 match address outside_cryptomap_40
crypto map CRYMAP 40 set peer 56.78.9.12 <=== WAN IP of Linksys
crypto map CRYMAP 40 set transform-set LAB
crypto map CRYMAP interface outside

isakmp enable outside
isakmp key GoodPa$$worD address 56.78.9.12 netmask 255.255.255.255 no-xauth no-config-mode
isakmp identity address
isakmp nat-traversal 20
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption des  <== match on the Linksys side
isakmp policy 1 hash md5   <== match "Authentication" on the Linksys side
isakmp policy 1 group 2  <== you may have to experiment with either Group 1 or 2, start with group 2
isakmp policy 1 lifetime 3600



0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12437251
Hello? Any response?

0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 79

Expert Comment

by:lrmoore
ID: 12487798
Are you still working on this? Do you need more information?
0
 

Author Comment

by:BlessingWhite
ID: 12488315
I will try it tonight 11/3/2004 thanks.

0
 

Author Comment

by:BlessingWhite
ID: 13266058
OK, after several months of trying and tweking, I finally got he connection part, however I'm not able to see either side of the tunnel. Do I need to add special routing statements in my home lan to be able to see the corporate net?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 13266297
If the Linksys is your default gateway for your home LAN, then no routing necessary.
Same on the corp side. If the PIX is the default gatewy for the corp net, no route statements needed.
If they are not your defualts, then yes, any intermediary router will need a route statement to the remote subnet.
Can you not even ping hosts on either side of the tunnel?
0
 

Author Comment

by:BlessingWhite
ID: 13268168
no, I not able to ping, I do see the tunnels connected and the linksys saying it's connected.

Home lan 192.168.1.0 255.555.555.0 <--->pix 67.x.x.x <----> corporate lan 10.23.129.0 255.255.255.0

Do I need to recreate my access-list or add a new one
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 13268226
Does the PIX have configurations similar to these:
  access-list NO_NAT permit ip 10.23.129.0 255.255.0.0 192.168.1.0 255.255.255.0
  access-list outside_cryptomap_40 permit ip  10.23.129.0 255.255.0.0 192.168.1.0 255.255.255.0

0
 

Author Comment

by:BlessingWhite
ID: 13268357
no, I though I have added the access list, you have 10.23.129.0 with mask 255.255.0.0 should it be 0/16 or 0/24 , I'll try this tonight. Thank you
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 13268564
It should be /24 255.255.255.0
sorry about that..
0
 

Author Comment

by:BlessingWhite
ID: 13272501
Thanks Irmoore, I got it working, now I'm going to try connecting a ip phone and see if the tftp server reaches the phone.
0
 

Author Comment

by:BlessingWhite
ID: 13282764
Well No Luck with the IP phone, I need to get the dhcp and tftp to work. Thanks for all your help.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question