Solved

Connecting to a PIX 501 Firewall though a Linksys Wireless Router

Posted on 2007-03-27
7
453 Views
Last Modified: 2010-04-11
I'm setting up a wirelss connection in a coffee shop and am using a linksys wireless router in conjuction with a Cisco PIX 501 Firewall. I have been given a static IP address from my ISP. This address ends in .82 and is assigned to the linksys router. I then use the standard internal IP scheme (DHCP) for handing out IP's to any wireless users that may want to connect to the internet. (192.168.2.100 - 200 range). The outside adapter on the PIX is set to 192.168.2.2 and then the inside adapter is translated to 192.168.1.1. I then have 2 Point of sale computers connected directly to the PIX setup on the 192.168.1.1 schema (but with their own assign ip addresses). These 2 computers are behind the PIX Firewall for obvious security reasons. The only problem is I'm trying to connect to these internal Point of sale computers via a VPN connection. In my VPN client software I can't make a direct call to the internal IP address of either of these computers because it's a generic internal IP scheme. I try to connect to the IP Assigned address of .82 but that just tells the VPN software to try and negociate with the Linksys instead of the PIX. How do I tell the Linksys to handle this VPN request? Do I need to setup port forwarding or NAT or DMZ or something? I had this working a year ago and don't remember having this problem. If anyone has any ideas how I can setup the Linksys to handle this VPN connection and push it through to the PIX I would really appreciate any suggestions. Thanks!
0
Comment
Question by:dsgonzales
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 28

Expert Comment

by:batry_boy
ID: 18805667
I would try setting up port forwarding on the Linksys.  In the Linksys GUI, you should have a "Security" tab with a checkbox that reads "Block Anonymous Internet Requests".  Uncheck this box.

Next, go to "Applications & Gaming" and look at the "Port Range Forward" section.  Try the following two ports first:

UDP 500          <----isakmp
UDP 4500        <----NAT traversal

Specify those port numbers as both the start and end ports each on a separate line, choose UDP for the protocol, and choose 192.168.2.2 as the IP address to forward to (the PIX outside interface).  Then try a VPN connection and see what you get.

I would make sure that the VPN is functioning properly without going through the Linksys before I tried the port forwarding.  That way you know that if you try the port forwarding and it doesn't work, then there is something in the port forwarding setup itself (and not the PIX VPN config) that is the problem.  Put your VPN client on the 192.168.2.0/24 network right outside the PIX and try a VPN connection and see if it works.  If you are successful, then try the port forwarding configuration in the Linksys,  them move to the outside of the Linksys and establish the VPN connection again.

If you have IPSEC over TCP configured on the PIX, you will need to forward TCP 10000 (default port) through the Linksys.

Good luck!
0
 

Author Comment

by:dsgonzales
ID: 18810523
I was able to connect via the VPN when I put a laptop on the Linksys network that exists outside the PIX firewall. However I am still unable to connect to the PIX through the outside of the Linksys. I setup (in the Linksys) port forwarding for UDP 5000 and UDP 4500 and still nothing. I also unchecked the "Block Anonymous Internet Requests" - Still no luck. I even put the outside IP Address of the PIX 192.168.2.2 in the DMZ zone. I still cannot connect? Any other suggestions are appreciated. Thanks.

Brian
0
 
LVL 28

Accepted Solution

by:
batry_boy earned 125 total points
ID: 18810594
" I setup (in the Linksys) port forwarding for UDP 5000 and UDP 4500 and still nothing."

You need to forward UDP 500, not UDP 5000...is this what you meant?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:dsgonzales
ID: 18810635
Sorry, I didn't mean 5000. I used 500.. Do you have any other ideas?
Thanks
0
 
LVL 28

Expert Comment

by:batry_boy
ID: 18810662
What does your "route outside 0.0.0.0 0.0.0.0" point to?
0
 
LVL 28

Expert Comment

by:batry_boy
ID: 18810672
That last statement would be in the PIX, not the Linksys...sorry, forgot to mention that.
0

Featured Post

Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses
Course of the Month11 days, 9 hours left to enroll

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question