Solved

The Pix Firewall

Posted on 2006-10-29
12
248 Views
Last Modified: 2010-03-19
Trying to creat a Vpn tunnel from outside which is using DHCP to allow in the pix firewall.  At the momment the  Netowork doesn;t have a DHCP server it  relies on manual TCP/IP configuration.  I have created a Vpn tunnel to a static ip address but I am struggling to create one which doesn;t have a static ip address.. If their is something I need to cofigure on the pix so it allows DHcp ip connection.. So if I was in a hotel or any public sector I connect to my network.....What is your best solution
0
Comment
Question by:jazzyjeff84
  • 5
  • 5
12 Comments
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
Are you using the Cisco VPN client? If yes, then you don't need to specify any remote IP address..
Well . . . depending on the PIX OS version. What version are you running?
Step by step guide using PIX 6.x
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009442e.shtml
0
 

Author Comment

by:jazzyjeff84
Comment Utility
i don't think you understand what I'm having problems with....The Pix I am using is 501 version 6.3..I don't wont to use a static external address because if I was in a hotel how do make it so that pix allows this dynamic address through the firewall in the internal network, keep in my mind that internal network doesn't use dhcp server>>>This my question.  
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
I guess I don't understand.
Are you taking this 501 to a hotel and using it there? And you want others to be able to connect to this PIX via VPN?
Are you going to a hotel with a laptop with Cisco VPN client and connecting back to the PIX501 at your office?

> I have created a Vpn tunnel to a static ip address
You created a tunnel between this PIX501 with a static IP address, and what else? A tunnel has 2 ends..
Or you created a tunnel between something else with a static IP address and this PIX 501?

>keep in my mind that internal network doesn't use dhcp server
How internal systems get their IP's is irrelevant to how the outside interface gets its IP address.

~ confused as to what your goal is ~
0
 

Author Comment

by:jazzyjeff84
Comment Utility
>Are you going to a hotel with a laptop with Cisco VPN client and connecting back to the PIX501 at your office?
This is what I;m trying to achieve.....simple for you isit
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
Yes. That is exactly what I thought you meant the first time, and that is exactly the scenario that I posted a configuration for in the link in my first post. Follow those instructions and you'll be happy.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:jazzyjeff84
Comment Utility
At moment the pix is configured for static address how do i make it so it can also accept dynamic external address can you provide a example?
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
Comment Utility
The client has to know your public IP of your PIX regardless if it is static or dynamic. If you are using dynamic external IP it makes itm uch more challenging for remote users. You will have to use something like dyndns.org and register whatever IP address you get, then re-register it whenever it changes. The clients just go to yourhost.dyndns.org and connect.
0
 

Author Comment

by:jazzyjeff84
Comment Utility
does this mean the has to have dns installed
0
 

Author Comment

by:jazzyjeff84
Comment Utility
the server has to have dns capabilities
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
You don't need your own dns server, just use a free dynamic dns host, like dyndns.org
0
 
LVL 1

Expert Comment

by:Computer101
Comment Utility
Forced accept.

Computer101
EE Admin
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now