Connecting to a PIX 501 Firewall though a Linksys Wireless Router

I'm setting up a wirelss connection in a coffee shop and am using a linksys wireless router in conjuction with a Cisco PIX 501 Firewall. I have been given a static IP address from my ISP. This address ends in .82 and is assigned to the linksys router. I then use the standard internal IP scheme (DHCP) for handing out IP's to any wireless users that may want to connect to the internet. ( - 200 range). The outside adapter on the PIX is set to and then the inside adapter is translated to I then have 2 Point of sale computers connected directly to the PIX setup on the schema (but with their own assign ip addresses). These 2 computers are behind the PIX Firewall for obvious security reasons. The only problem is I'm trying to connect to these internal Point of sale computers via a VPN connection. In my VPN client software I can't make a direct call to the internal IP address of either of these computers because it's a generic internal IP scheme. I try to connect to the IP Assigned address of .82 but that just tells the VPN software to try and negociate with the Linksys instead of the PIX. How do I tell the Linksys to handle this VPN request? Do I need to setup port forwarding or NAT or DMZ or something? I had this working a year ago and don't remember having this problem. If anyone has any ideas how I can setup the Linksys to handle this VPN connection and push it through to the PIX I would really appreciate any suggestions. Thanks!
Who is Participating?
batry_boyConnect With a Mentor Commented:
" I setup (in the Linksys) port forwarding for UDP 5000 and UDP 4500 and still nothing."

You need to forward UDP 500, not UDP this what you meant?
I would try setting up port forwarding on the Linksys.  In the Linksys GUI, you should have a "Security" tab with a checkbox that reads "Block Anonymous Internet Requests".  Uncheck this box.

Next, go to "Applications & Gaming" and look at the "Port Range Forward" section.  Try the following two ports first:

UDP 500          <----isakmp
UDP 4500        <----NAT traversal

Specify those port numbers as both the start and end ports each on a separate line, choose UDP for the protocol, and choose as the IP address to forward to (the PIX outside interface).  Then try a VPN connection and see what you get.

I would make sure that the VPN is functioning properly without going through the Linksys before I tried the port forwarding.  That way you know that if you try the port forwarding and it doesn't work, then there is something in the port forwarding setup itself (and not the PIX VPN config) that is the problem.  Put your VPN client on the network right outside the PIX and try a VPN connection and see if it works.  If you are successful, then try the port forwarding configuration in the Linksys,  them move to the outside of the Linksys and establish the VPN connection again.

If you have IPSEC over TCP configured on the PIX, you will need to forward TCP 10000 (default port) through the Linksys.

Good luck!
dsgonzalesAuthor Commented:
I was able to connect via the VPN when I put a laptop on the Linksys network that exists outside the PIX firewall. However I am still unable to connect to the PIX through the outside of the Linksys. I setup (in the Linksys) port forwarding for UDP 5000 and UDP 4500 and still nothing. I also unchecked the "Block Anonymous Internet Requests" - Still no luck. I even put the outside IP Address of the PIX in the DMZ zone. I still cannot connect? Any other suggestions are appreciated. Thanks.

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

dsgonzalesAuthor Commented:
Sorry, I didn't mean 5000. I used 500.. Do you have any other ideas?
What does your "route outside" point to?
That last statement would be in the PIX, not the Linksys...sorry, forgot to mention that.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.