Solved

The Pix Firewall

Posted on 2006-10-29
12
254 Views
Last Modified: 2010-03-19
Trying to creat a Vpn tunnel from outside which is using DHCP to allow in the pix firewall.  At the momment the  Netowork doesn;t have a DHCP server it  relies on manual TCP/IP configuration.  I have created a Vpn tunnel to a static ip address but I am struggling to create one which doesn;t have a static ip address.. If their is something I need to cofigure on the pix so it allows DHcp ip connection.. So if I was in a hotel or any public sector I connect to my network.....What is your best solution
0
Comment
Question by:jazzyjeff84
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
12 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 17828654
Are you using the Cisco VPN client? If yes, then you don't need to specify any remote IP address..
Well . . . depending on the PIX OS version. What version are you running?
Step by step guide using PIX 6.x
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009442e.shtml
0
 

Author Comment

by:jazzyjeff84
ID: 17828756
i don't think you understand what I'm having problems with....The Pix I am using is 501 version 6.3..I don't wont to use a static external address because if I was in a hotel how do make it so that pix allows this dynamic address through the firewall in the internal network, keep in my mind that internal network doesn't use dhcp server>>>This my question.  
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17829048
I guess I don't understand.
Are you taking this 501 to a hotel and using it there? And you want others to be able to connect to this PIX via VPN?
Are you going to a hotel with a laptop with Cisco VPN client and connecting back to the PIX501 at your office?

> I have created a Vpn tunnel to a static ip address
You created a tunnel between this PIX501 with a static IP address, and what else? A tunnel has 2 ends..
Or you created a tunnel between something else with a static IP address and this PIX 501?

>keep in my mind that internal network doesn't use dhcp server
How internal systems get their IP's is irrelevant to how the outside interface gets its IP address.

~ confused as to what your goal is ~
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:jazzyjeff84
ID: 17829500
>Are you going to a hotel with a laptop with Cisco VPN client and connecting back to the PIX501 at your office?
This is what I;m trying to achieve.....simple for you isit
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17829811
Yes. That is exactly what I thought you meant the first time, and that is exactly the scenario that I posted a configuration for in the link in my first post. Follow those instructions and you'll be happy.
0
 

Author Comment

by:jazzyjeff84
ID: 17909284
At moment the pix is configured for static address how do i make it so it can also accept dynamic external address can you provide a example?
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 17910192
The client has to know your public IP of your PIX regardless if it is static or dynamic. If you are using dynamic external IP it makes itm uch more challenging for remote users. You will have to use something like dyndns.org and register whatever IP address you get, then re-register it whenever it changes. The clients just go to yourhost.dyndns.org and connect.
0
 

Author Comment

by:jazzyjeff84
ID: 18100202
does this mean the has to have dns installed
0
 

Author Comment

by:jazzyjeff84
ID: 18100204
the server has to have dns capabilities
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 18101123
You don't need your own dns server, just use a free dynamic dns host, like dyndns.org
0
 
LVL 1

Expert Comment

by:Computer101
ID: 20286679
Forced accept.

Computer101
EE Admin
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question