• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 410
  • Last Modified:

Hot to configure CISCO PIX515 for Remote VPN client to access in from home.

How to configure on my PIX515E, so that if I am at home, I can use
my Window XP workstation to my office server (204.204.204.8).
As well as how to configure this XP workstation to access that server.



I had a router, behind it, is my PIX515 Cisco firewall.
behing this PIX515, is my Office LAN, where all users are located
 (Private ID : 10.0.0.1 to 10.0.0.255
                          subnet mask : 255.255.255.0)            

Supposing I got the following public address

Public IP Address : 204.204.204.5
                    204.204.204.6
                    204.204.204.7
                    204.204.204.8


Of cause on my router (in which directly connected to my ISP)
I do a NAT on
Public IP address 204.204.204.5 maps to 10.0.0.1


My firewall details


PIX515E Version 6.2(2)
Cisco PIX Firewall Version 6.2(2)
Cisco PIX Device Manager Version 2.0(2)

nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security10

ip address outside 10.0.0.1    255.255.255.0
ip address inside   10.0.100.1  255.255.255.0
ip address dmz     10.0.10.1   255.255.255.0

Just ignore about that ethernet2 (dmz) first, as I do not want
to configure anything for my DMZ zone yet.


Can anyone provide me a rought of basic configuration so that I can setup
my PIX515 firewall to allow my XP workstation at home to connect back.

Thank you very much.

Regards,
MSN ID : cxc_22@hotmail.com
Fox404

0
fox404
Asked:
fox404
1 Solution
 
jajjonesCommented:
How are you connecting from home ?  xDSL ????  Do you have a static IP address on the public side ???
0
 
fox404Author Commented:

Connecting from home.
xDSL.  when you say public side, what do u mean?
my public IP 204.204.204.5 (which is my PIX515 outside)

Regards,
MSN ID : cxc_22@hotmail.com
0
 
JoesmailCommented:
If you are talking about having a PIX 515E at home and a 515E at work.  Trying just using an IPSEC site to site vpn.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094761.shtml

0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
JoesmailCommented:
If you are just wanting to use your XP PPTP client to connect to the work 515E use the VPN wizard (if you are lost with this I will add more about it) otherwise try the following:

# ip local pool VPN_Pool 172.25.xxx.xxx-172.25.xxx.xxx
# vpdn group VPN-GROUP accept dialin pptp
# no vpdn group VPN-GROUP ppp authentication pap
# no vpdn group VPN-GROUP ppp authentication chap
# vpdn group VPN-GROUP ppp authentication mschap
# vpdn group VPN-GROUP client configuration address local VPN_Pool
# vpdn group VPN-GROUP client configuration dns 172.25.xxx.xxx
# vpdn group VPN-GROUP client configuration wins 172.25.xxx.xxx
# vpdn group VPN-GROUP ppp encryption mppe 40
# vpdn enable outside
# access-list NO_NAT permit ip any  172.25.xxx.xxx 255.255.xxx.xxx
# nat (inside) 0 access-list NO_NAT
# sysopt connection permit-pptp

you will need to add a local username  & password for yourself.
0
 
spazztik69Commented:
the wizards in the PDM are actually reasonably functional and will build a working vpn setup for either site-to-site (read pix-to-pix) or vpn client based connectivity. I would highly suggest using the Cisco VPN Client vs. PPTP for performance reasons and the ability to use higher grade encryption.

take a look at:
http://cco.cisco.com/en/US/customer/products/sw/secursw/ps2308/prod_configuration_examples_list.html
or
http://cco.cisco.com/en/US/customer/products/hw/vpndevc/ps2030/prod_configuration_examples_list.html

both links have step by step instructions and explanations of the configs to do what you looking for.
0
 
fox404Author Commented:

hi Joesmail,

at home i am using a xdsl in which my isp only provide me with an IP address.

Can I still use that configuration setting that u typed to me in your previous reply?

secondly, u mentioned that I
need to add a local username  & password for myself.

This one I agree, I need an username and password for myself to login from home.
so how am i going to declare or configure this local username and password into the PIX

please advise
0
 
JoesmailCommented:
Type the following:

This is assuming you do not have any other vpdn groups setup.

access-list 101 permit ip 10.0.150.0 255.255.255.0
   192.168.1.0 255.255.255.0

ip local pool pptp-pool 192.168.1.1-192.168.1.50

nat (inside) 0 access-list 101

sysopt connection permit-pptp

vpdn group 1 accept dialin pptp
vpdn group 1 ppp authentication pap
vpdn group 1 ppp authentication chap
vpdn group 1 ppp authentication mschap
vpdn group 1 client configuration address local pptp-pool
vpdn group 1 client authentication local
vpdn username cisco password *****
vpdn enable outside


You obviously supply the password......

This will work with the local username you setup in the last two statements:

vpdn group 1 client authentication local.......
vpdn username ............

0
 
JoesmailCommented:
Once you have this setup:

Just configure your XP pc to setup a standard "all defaults" vpn connection to your office.

This will use mppe 40 and pptp.....
0
 
BILJAXCommented:
telnet to the public IP??


0
 
JoesmailCommented:
I described a remote vpn solution using the pptp client with XP.  Gave him links to the required documentation.

Then provided a step by step configuration when asked.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now