Posted on 2005-03-15
Medium Priority
Last Modified: 2012-05-05
Hi There

I am running a server 2003 box with ISA 2000 SP2 which is sitting behind a Cisco PIX 501 firewall

I have now had a Line installed at home so that i can work and configure from home.

I am dialing up to my ISP "Mweb" from there i need to get into our network "VPN"

Where do i obtain the vpn client software, i am running XP Pro on my laptop does it have it? if not please supply a link as to where i can get it.

Second, I am going to leave my current firewall config in this question, please look through it and tell me what i need to do for it to be able to accepts VPN connections.

I am n not very good with cisco at all so please supply the exact command line in the pix terminal which i need to type in to enable VPN tunnel.

Here is the config...

Hi-Tech(config)# show config
: Saved
: Written by enable_15 at 07:19:17.849 UTC Mon Mar 14 2005
PIX Version 6.3(3)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password nC1TgPA/j9j.bzQi encrypted
passwd nC1TgPA/j9j.bzQi encrypted
hostname Hi-Tech
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol pptp 1273
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
access-list OUT_IN permit tcp any host eq smtp
access-list OUT_IN permit tcp any host eq pop3
access-list OUT_IN permit icmp any any echo-reply
access-list OUT_IN permit icmp any any time-exceeded
access-list OUT_IN permit icmp any any timestamp-reply
access-list OUT_IN permit tcp any host eq www
access-list OUT_IN permit tcp any host eq ftp
access-list OUT_IN permit tcp any host eq ftp
access-list OUT_IN permit tcp any any eq 81
access-list IN_OUT permit ip host any
access-list IN_OUT permit ip host any
access-list IN_OUT permit udp any any eq isakmp
access-list IN_OUT permit esp any any
access-list IN_OUT permit tcp any any eq 81
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside
ip address inside
ip audit info action alarm
ip audit attack action alarm
pdm location inside
pdm location inside
pdm history enable
arp timeout 14400
global (outside) 1 netmask
global (outside) 1 netmask
nat (inside) 1 0 0
static (inside,outside) tcp smtp smtp netmask 255.255.25
5.255 0 0
static (inside,outside) netmask 0 0
access-group OUT_IN in interface outside
route outside 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet inside
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
Question by:hitechauto
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2

Expert Comment

ID: 13553241

VPN Client can be obtained from Cisco website. But thats not free. here is the link:

For using the VPN, you have to have a concentrator on the Host end  (in your office network in your case) which will authenticate the remote user and let it enter the network. In our setup concentrator is by-passing the firewall and hence pix is irrelivant in this case.(It didn't work behind firewall even after everything we tried).

Concentrator job is till you enter the network and there will be a tunnel established between your computer and the office network. You still will not be able to ping any of the computers of your network unless you change the Gateway as internal IP address if your concentrator. You probably can assign a terminal services enabled server for this purpose.

Hope this will help

Accepted Solution

mrwaqar earned 1500 total points
ID: 13553280
More details can be found on the below link:


It's a usefull link and I would suggest you to go through this

Featured Post

Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Make the most of your online learning experience.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question