fox404
asked on
Hot to configure CISCO PIX515 for Remote VPN client to access in from home.
How to configure on my PIX515E, so that if I am at home, I can use
my Window XP workstation to my office server (204.204.204.8).
As well as how to configure this XP workstation to access that server.
I had a router, behind it, is my PIX515 Cisco firewall.
behing this PIX515, is my Office LAN, where all users are located
(Private ID : 10.0.0.1 to 10.0.0.255
subnet mask : 255.255.255.0)
Supposing I got the following public address
Public IP Address : 204.204.204.5
204.204.204.6
204.204.204.7
204.204.204.8
Of cause on my router (in which directly connected to my ISP)
I do a NAT on
Public IP address 204.204.204.5 maps to 10.0.0.1
My firewall details
PIX515E Version 6.2(2)
Cisco PIX Firewall Version 6.2(2)
Cisco PIX Device Manager Version 2.0(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security10
ip address outside 10.0.0.1 255.255.255.0
ip address inside 10.0.100.1 255.255.255.0
ip address dmz 10.0.10.1 255.255.255.0
Just ignore about that ethernet2 (dmz) first, as I do not want
to configure anything for my DMZ zone yet.
Can anyone provide me a rought of basic configuration so that I can setup
my PIX515 firewall to allow my XP workstation at home to connect back.
Thank you very much.
Regards,
MSN ID : cxc_22@hotmail.com
Fox404
my Window XP workstation to my office server (204.204.204.8).
As well as how to configure this XP workstation to access that server.
I had a router, behind it, is my PIX515 Cisco firewall.
behing this PIX515, is my Office LAN, where all users are located
(Private ID : 10.0.0.1 to 10.0.0.255
subnet mask : 255.255.255.0)
Supposing I got the following public address
Public IP Address : 204.204.204.5
204.204.204.6
204.204.204.7
204.204.204.8
Of cause on my router (in which directly connected to my ISP)
I do a NAT on
Public IP address 204.204.204.5 maps to 10.0.0.1
My firewall details
PIX515E Version 6.2(2)
Cisco PIX Firewall Version 6.2(2)
Cisco PIX Device Manager Version 2.0(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security10
ip address outside 10.0.0.1 255.255.255.0
ip address inside 10.0.100.1 255.255.255.0
ip address dmz 10.0.10.1 255.255.255.0
Just ignore about that ethernet2 (dmz) first, as I do not want
to configure anything for my DMZ zone yet.
Can anyone provide me a rought of basic configuration so that I can setup
my PIX515 firewall to allow my XP workstation at home to connect back.
Thank you very much.
Regards,
MSN ID : cxc_22@hotmail.com
Fox404
How are you connecting from home ? xDSL ???? Do you have a static IP address on the public side ???
ASKER
Connecting from home.
xDSL. when you say public side, what do u mean?
my public IP 204.204.204.5 (which is my PIX515 outside)
Regards,
MSN ID : cxc_22@hotmail.com
If you are talking about having a PIX 515E at home and a 515E at work. Trying just using an IPSEC site to site vpn.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094761.shtml
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094761.shtml
If you are just wanting to use your XP PPTP client to connect to the work 515E use the VPN wizard (if you are lost with this I will add more about it) otherwise try the following:
# ip local pool VPN_Pool 172.25.xxx.xxx-172.25.xxx.
# vpdn group VPN-GROUP accept dialin pptp
# no vpdn group VPN-GROUP ppp authentication pap
# no vpdn group VPN-GROUP ppp authentication chap
# vpdn group VPN-GROUP ppp authentication mschap
# vpdn group VPN-GROUP client configuration address local VPN_Pool
# vpdn group VPN-GROUP client configuration dns 172.25.xxx.xxx
# vpdn group VPN-GROUP client configuration wins 172.25.xxx.xxx
# vpdn group VPN-GROUP ppp encryption mppe 40
# vpdn enable outside
# access-list NO_NAT permit ip any 172.25.xxx.xxx 255.255.xxx.xxx
# nat (inside) 0 access-list NO_NAT
# sysopt connection permit-pptp
you will need to add a local username & password for yourself.
# ip local pool VPN_Pool 172.25.xxx.xxx-172.25.xxx.
# vpdn group VPN-GROUP accept dialin pptp
# no vpdn group VPN-GROUP ppp authentication pap
# no vpdn group VPN-GROUP ppp authentication chap
# vpdn group VPN-GROUP ppp authentication mschap
# vpdn group VPN-GROUP client configuration address local VPN_Pool
# vpdn group VPN-GROUP client configuration dns 172.25.xxx.xxx
# vpdn group VPN-GROUP client configuration wins 172.25.xxx.xxx
# vpdn group VPN-GROUP ppp encryption mppe 40
# vpdn enable outside
# access-list NO_NAT permit ip any 172.25.xxx.xxx 255.255.xxx.xxx
# nat (inside) 0 access-list NO_NAT
# sysopt connection permit-pptp
you will need to add a local username & password for yourself.
the wizards in the PDM are actually reasonably functional and will build a working vpn setup for either site-to-site (read pix-to-pix) or vpn client based connectivity. I would highly suggest using the Cisco VPN Client vs. PPTP for performance reasons and the ability to use higher grade encryption.
take a look at:
http://cco.cisco.com/en/US/customer/products/sw/secursw/ps2308/prod_configuration_examples_list.html
or
http://cco.cisco.com/en/US/customer/products/hw/vpndevc/ps2030/prod_configuration_examples_list.html
both links have step by step instructions and explanations of the configs to do what you looking for.
take a look at:
http://cco.cisco.com/en/US/customer/products/sw/secursw/ps2308/prod_configuration_examples_list.html
or
http://cco.cisco.com/en/US/customer/products/hw/vpndevc/ps2030/prod_configuration_examples_list.html
both links have step by step instructions and explanations of the configs to do what you looking for.
ASKER
hi Joesmail,
at home i am using a xdsl in which my isp only provide me with an IP address.
Can I still use that configuration setting that u typed to me in your previous reply?
secondly, u mentioned that I
need to add a local username & password for myself.
This one I agree, I need an username and password for myself to login from home.
so how am i going to declare or configure this local username and password into the PIX
please advise
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Once you have this setup:
Just configure your XP pc to setup a standard "all defaults" vpn connection to your office.
This will use mppe 40 and pptp.....
Just configure your XP pc to setup a standard "all defaults" vpn connection to your office.
This will use mppe 40 and pptp.....
telnet to the public IP??
I described a remote vpn solution using the pptp client with XP. Gave him links to the required documentation.
Then provided a step by step configuration when asked.
Then provided a step by step configuration when asked.