Hot to configure CISCO PIX515 for Remote VPN client to access in from home.

How to configure on my PIX515E, so that if I am at home, I can use
my Window XP workstation to my office server (
As well as how to configure this XP workstation to access that server.

I had a router, behind it, is my PIX515 Cisco firewall.
behing this PIX515, is my Office LAN, where all users are located
 (Private ID : to
                          subnet mask :            

Supposing I got the following public address

Public IP Address :

Of cause on my router (in which directly connected to my ISP)
I do a NAT on
Public IP address maps to

My firewall details

PIX515E Version 6.2(2)
Cisco PIX Firewall Version 6.2(2)
Cisco PIX Device Manager Version 2.0(2)

nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security10

ip address outside
ip address inside
ip address dmz

Just ignore about that ethernet2 (dmz) first, as I do not want
to configure anything for my DMZ zone yet.

Can anyone provide me a rought of basic configuration so that I can setup
my PIX515 firewall to allow my XP workstation at home to connect back.

Thank you very much.


Who is Participating?
JoesmailConnect With a Mentor Commented:
Type the following:

This is assuming you do not have any other vpdn groups setup.

access-list 101 permit ip

ip local pool pptp-pool

nat (inside) 0 access-list 101

sysopt connection permit-pptp

vpdn group 1 accept dialin pptp
vpdn group 1 ppp authentication pap
vpdn group 1 ppp authentication chap
vpdn group 1 ppp authentication mschap
vpdn group 1 client configuration address local pptp-pool
vpdn group 1 client authentication local
vpdn username cisco password *****
vpdn enable outside

You obviously supply the password......

This will work with the local username you setup in the last two statements:

vpdn group 1 client authentication local.......
vpdn username ............

How are you connecting from home ?  xDSL ????  Do you have a static IP address on the public side ???
fox404Author Commented:

Connecting from home.
xDSL.  when you say public side, what do u mean?
my public IP (which is my PIX515 outside)

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

If you are talking about having a PIX 515E at home and a 515E at work.  Trying just using an IPSEC site to site vpn.

If you are just wanting to use your XP PPTP client to connect to the work 515E use the VPN wizard (if you are lost with this I will add more about it) otherwise try the following:

# ip local pool VPN_Pool
# vpdn group VPN-GROUP accept dialin pptp
# no vpdn group VPN-GROUP ppp authentication pap
# no vpdn group VPN-GROUP ppp authentication chap
# vpdn group VPN-GROUP ppp authentication mschap
# vpdn group VPN-GROUP client configuration address local VPN_Pool
# vpdn group VPN-GROUP client configuration dns
# vpdn group VPN-GROUP client configuration wins
# vpdn group VPN-GROUP ppp encryption mppe 40
# vpdn enable outside
# access-list NO_NAT permit ip any
# nat (inside) 0 access-list NO_NAT
# sysopt connection permit-pptp

you will need to add a local username  & password for yourself.
the wizards in the PDM are actually reasonably functional and will build a working vpn setup for either site-to-site (read pix-to-pix) or vpn client based connectivity. I would highly suggest using the Cisco VPN Client vs. PPTP for performance reasons and the ability to use higher grade encryption.

take a look at:

both links have step by step instructions and explanations of the configs to do what you looking for.
fox404Author Commented:

hi Joesmail,

at home i am using a xdsl in which my isp only provide me with an IP address.

Can I still use that configuration setting that u typed to me in your previous reply?

secondly, u mentioned that I
need to add a local username  & password for myself.

This one I agree, I need an username and password for myself to login from home.
so how am i going to declare or configure this local username and password into the PIX

please advise
Once you have this setup:

Just configure your XP pc to setup a standard "all defaults" vpn connection to your office.

This will use mppe 40 and pptp.....
telnet to the public IP??

I described a remote vpn solution using the pptp client with XP.  Gave him links to the required documentation.

Then provided a step by step configuration when asked.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.