Solved

Configure Cisco VPN Client for PIX 501 6.3(5)

Posted on 2006-11-19
2
856 Views
Last Modified: 2010-08-05
I hate to be the millionth person to ask how to configure a VPN on PIX 501, but I have no other choice.

I'm trying to learn how to setup an encrypted VPN connection via Cisco VPN Client 4.x to my PIX 501 6.3(5). I would like to VPN to my Internal network, where I can access my server and browse the Internet. Currently, I can connect to my Windows Server 2k via RDP and do FTP. However, I would like to add a secure connection by configuring VPN w/ Split Tunneling. I've spent hours reading samples on Ciscos website and ExpertsExchange, but its not specific to my needs.
The only example the comes close to my need is http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805734ae.shtml


Below is an idea of what I'm trying to accomplish.
Laptop w/Cisco VPN Client via broadband (Hotel) ---> WWW ---> Broadband Modem (Home) ---> PIX 501 ---> Personal Computers & Internet.


Thanks in advanced.
0
Comment
Question by:Intruder_3
2 Comments
 
LVL 20

Accepted Solution

by:
calvinetter earned 500 total points
ID: 17977599
 No problem, here's an example ( assuming home LAN is: 192.168.4.x ), run these commands in this order:

access-list nonat permit ip 192.168.4.0 255.255.255.0 172.26.125.0 255.255.255.0
access-list split_acl permit ip 192.168.4.0 255.255.255.0 172.26.125.0 255.255.255.0  <- for split-tunneling
nat (inside) 0 access-list nonat
ip local pool vpnpool 172.26.125.1-172.26.125.50

sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto dynamic-map mydynamic 90 set transform-set myset
crypto map extmap 5 ipsec-isakmp dynamic mydynamic

isakmp nat-traversal
isakmp policy 5 authentication pre-share
isakmp policy 5 encryption des
isakmp policy 5 hash md5
isakmp policy 5 group 2

vpngroup joe_user address-pool vpnpool
vpngroup joe_user split-tunnel split_acl   <- for split-tunneling
vpngroup joe_user password secretstuff

crypto map extmap interface outside
isakmp enable outside
clear xlate

  Since you're on a home connection, I assume you don't have a static IP. You'll want to check out one of the free dynamic DNS services:  http://www.dyndns.com/   or  http://www.no-ip.com/

  On the VPN client, create a new connection entry:
- host will be whatever hostname you setup in the dynamic DNS above
- leave the default "Group Authentication" checked
- name (username):  joe_user
- password: secretstuff   (obviously make a stronger password than this!)

cheers
0
 

Author Comment

by:Intruder_3
ID: 17998341
Thanks.. I will give this a try.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Let’s list some of the technologies that enable smooth teleworking. 
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question