Solved

Configure Cisco VPN Client for PIX 501 6.3(5)

Posted on 2006-11-19
2
870 Views
Last Modified: 2010-08-05
I hate to be the millionth person to ask how to configure a VPN on PIX 501, but I have no other choice.

I'm trying to learn how to setup an encrypted VPN connection via Cisco VPN Client 4.x to my PIX 501 6.3(5). I would like to VPN to my Internal network, where I can access my server and browse the Internet. Currently, I can connect to my Windows Server 2k via RDP and do FTP. However, I would like to add a secure connection by configuring VPN w/ Split Tunneling. I've spent hours reading samples on Ciscos website and ExpertsExchange, but its not specific to my needs.
The only example the comes close to my need is http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805734ae.shtml


Below is an idea of what I'm trying to accomplish.
Laptop w/Cisco VPN Client via broadband (Hotel) ---> WWW ---> Broadband Modem (Home) ---> PIX 501 ---> Personal Computers & Internet.


Thanks in advanced.
0
Comment
Question by:Intruder_3
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 20

Accepted Solution

by:
calvinetter earned 500 total points
ID: 17977599
 No problem, here's an example ( assuming home LAN is: 192.168.4.x ), run these commands in this order:

access-list nonat permit ip 192.168.4.0 255.255.255.0 172.26.125.0 255.255.255.0
access-list split_acl permit ip 192.168.4.0 255.255.255.0 172.26.125.0 255.255.255.0  <- for split-tunneling
nat (inside) 0 access-list nonat
ip local pool vpnpool 172.26.125.1-172.26.125.50

sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto dynamic-map mydynamic 90 set transform-set myset
crypto map extmap 5 ipsec-isakmp dynamic mydynamic

isakmp nat-traversal
isakmp policy 5 authentication pre-share
isakmp policy 5 encryption des
isakmp policy 5 hash md5
isakmp policy 5 group 2

vpngroup joe_user address-pool vpnpool
vpngroup joe_user split-tunnel split_acl   <- for split-tunneling
vpngroup joe_user password secretstuff

crypto map extmap interface outside
isakmp enable outside
clear xlate

  Since you're on a home connection, I assume you don't have a static IP. You'll want to check out one of the free dynamic DNS services:  http://www.dyndns.com/   or  http://www.no-ip.com/

  On the VPN client, create a new connection entry:
- host will be whatever hostname you setup in the dynamic DNS above
- leave the default "Group Authentication" checked
- name (username):  joe_user
- password: secretstuff   (obviously make a stronger password than this!)

cheers
0
 

Author Comment

by:Intruder_3
ID: 17998341
Thanks.. I will give this a try.
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question