Configure Cisco VPN Client for PIX 501 6.3(5)

I hate to be the millionth person to ask how to configure a VPN on PIX 501, but I have no other choice.

I'm trying to learn how to setup an encrypted VPN connection via Cisco VPN Client 4.x to my PIX 501 6.3(5). I would like to VPN to my Internal network, where I can access my server and browse the Internet. Currently, I can connect to my Windows Server 2k via RDP and do FTP. However, I would like to add a secure connection by configuring VPN w/ Split Tunneling. I've spent hours reading samples on Ciscos website and ExpertsExchange, but its not specific to my needs.
The only example the comes close to my need is http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805734ae.shtml


Below is an idea of what I'm trying to accomplish.
Laptop w/Cisco VPN Client via broadband (Hotel) ---> WWW ---> Broadband Modem (Home) ---> PIX 501 ---> Personal Computers & Internet.


Thanks in advanced.
Intruder_3Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
calvinetterConnect With a Mentor Commented:
 No problem, here's an example ( assuming home LAN is: 192.168.4.x ), run these commands in this order:

access-list nonat permit ip 192.168.4.0 255.255.255.0 172.26.125.0 255.255.255.0
access-list split_acl permit ip 192.168.4.0 255.255.255.0 172.26.125.0 255.255.255.0  <- for split-tunneling
nat (inside) 0 access-list nonat
ip local pool vpnpool 172.26.125.1-172.26.125.50

sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto dynamic-map mydynamic 90 set transform-set myset
crypto map extmap 5 ipsec-isakmp dynamic mydynamic

isakmp nat-traversal
isakmp policy 5 authentication pre-share
isakmp policy 5 encryption des
isakmp policy 5 hash md5
isakmp policy 5 group 2

vpngroup joe_user address-pool vpnpool
vpngroup joe_user split-tunnel split_acl   <- for split-tunneling
vpngroup joe_user password secretstuff

crypto map extmap interface outside
isakmp enable outside
clear xlate

  Since you're on a home connection, I assume you don't have a static IP. You'll want to check out one of the free dynamic DNS services:  http://www.dyndns.com/   or  http://www.no-ip.com/

  On the VPN client, create a new connection entry:
- host will be whatever hostname you setup in the dynamic DNS above
- leave the default "Group Authentication" checked
- name (username):  joe_user
- password: secretstuff   (obviously make a stronger password than this!)

cheers
0
 
Intruder_3Author Commented:
Thanks.. I will give this a try.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.