Solved

The Pix Firewall

Posted on 2006-10-29
12
251 Views
Last Modified: 2010-03-19
Trying to creat a Vpn tunnel from outside which is using DHCP to allow in the pix firewall.  At the momment the  Netowork doesn;t have a DHCP server it  relies on manual TCP/IP configuration.  I have created a Vpn tunnel to a static ip address but I am struggling to create one which doesn;t have a static ip address.. If their is something I need to cofigure on the pix so it allows DHcp ip connection.. So if I was in a hotel or any public sector I connect to my network.....What is your best solution
0
Comment
Question by:jazzyjeff84
  • 5
  • 5
12 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 17828654
Are you using the Cisco VPN client? If yes, then you don't need to specify any remote IP address..
Well . . . depending on the PIX OS version. What version are you running?
Step by step guide using PIX 6.x
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009442e.shtml
0
 

Author Comment

by:jazzyjeff84
ID: 17828756
i don't think you understand what I'm having problems with....The Pix I am using is 501 version 6.3..I don't wont to use a static external address because if I was in a hotel how do make it so that pix allows this dynamic address through the firewall in the internal network, keep in my mind that internal network doesn't use dhcp server>>>This my question.  
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17829048
I guess I don't understand.
Are you taking this 501 to a hotel and using it there? And you want others to be able to connect to this PIX via VPN?
Are you going to a hotel with a laptop with Cisco VPN client and connecting back to the PIX501 at your office?

> I have created a Vpn tunnel to a static ip address
You created a tunnel between this PIX501 with a static IP address, and what else? A tunnel has 2 ends..
Or you created a tunnel between something else with a static IP address and this PIX 501?

>keep in my mind that internal network doesn't use dhcp server
How internal systems get their IP's is irrelevant to how the outside interface gets its IP address.

~ confused as to what your goal is ~
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:jazzyjeff84
ID: 17829500
>Are you going to a hotel with a laptop with Cisco VPN client and connecting back to the PIX501 at your office?
This is what I;m trying to achieve.....simple for you isit
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17829811
Yes. That is exactly what I thought you meant the first time, and that is exactly the scenario that I posted a configuration for in the link in my first post. Follow those instructions and you'll be happy.
0
 

Author Comment

by:jazzyjeff84
ID: 17909284
At moment the pix is configured for static address how do i make it so it can also accept dynamic external address can you provide a example?
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 17910192
The client has to know your public IP of your PIX regardless if it is static or dynamic. If you are using dynamic external IP it makes itm uch more challenging for remote users. You will have to use something like dyndns.org and register whatever IP address you get, then re-register it whenever it changes. The clients just go to yourhost.dyndns.org and connect.
0
 

Author Comment

by:jazzyjeff84
ID: 18100202
does this mean the has to have dns installed
0
 

Author Comment

by:jazzyjeff84
ID: 18100204
the server has to have dns capabilities
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 18101123
You don't need your own dns server, just use a free dynamic dns host, like dyndns.org
0
 
LVL 1

Expert Comment

by:Computer101
ID: 20286679
Forced accept.

Computer101
EE Admin
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question