Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Pix 515 Setup Help Needed

Posted on 2006-04-04
7
Medium Priority
?
298 Views
Last Modified: 2013-11-16
We have a Pix 515 Firewall.  We want to be able to set it up for remote vpn access using ipsec.  

Outside IP address is X.X.X.1 255.255.255.248
Inside IP address is 192.168.1.X

IP POOL for VPN 192.100.1.1 - 192.100.1.255
These are the things that I know.  I need some help with the rest of the setup and I do not have access to sample configs on Cisco.

Any help would be helpful
0
Comment
Question by:melron12
  • 4
  • 3
7 Comments
 
LVL 25

Accepted Solution

by:
Cyclops3590 earned 2000 total points
ID: 16377220
Here's a start.  Also, change your vpn pool, its a public IP range.  
I'll use: 192.169.100.1-192.168.100.254
ip pool local vpnpool 192.168.100.1-192.168.100.254 mask 255.255.255.0
check syntax for above command to make sure
then add
access-list nonat permit ip 192.168.1.0 255.255.255.0 192.168.100.0 255.255.255.0
access-list splitvpn permit ip 192.168.1.0 255.255.255.0 192.168.100.0 255.255.255.0
nat (inside) 0 access-list nonat
sysopt connection permit-ipsec
isakmp enable outside
isakmp policy 10 authen pre-share
isakmp policy 10 encrypt 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
crypto ipsec transform-set esp-3des-md5 esp-3des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set esp-3des-md5
crypto map outsidemap 10 ipsec-isakmp dynamic dynmap
crypto map outsidemap interface outside

now are you running version 6.X or 7.X - there are other options but these should get you going
for 6.X
vpngroup <username> password <password>
vpngroup <username> split-tunnel splitvpn
vpngroup <username> address-pool vpnpool

for 7.x
have to get back to you as you have to create a group policy and then create a tunnel-group, this is because vpngroup is deprecated in 7.X

you might want to double check the syntax but this should give you a good start
0
 

Author Comment

by:melron12
ID: 16377641
I get connected via vpn....I recieve ip address....and I am not able to browse the inside network
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 16377710
you did do the split-tunnel right?

can you post the config file you have (sanitized of course)
0
The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

 

Author Comment

by:melron12
ID: 16377798
I can not browse the internal network.... but I can not browse the internet on my remote computer.

Thanks

0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 16377831
please post your config so I can see what is wrong.

thank you
0
 

Author Comment

by:melron12
ID: 16380148
Correction

I can browse the internal network.... but I can not browse the internet on my remote computer
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 16380637
okay, then I"ll need two things. first your pix config and second on the remote machine, after you setup the vpn what does the route table say
in windows
route print
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month21 days, 7 hours left to enroll

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question