Connecting to a PIX 501 Firewall though a Linksys Wireless Router

I'm setting up a wirelss connection in a coffee shop and am using a linksys wireless router in conjuction with a Cisco PIX 501 Firewall. I have been given a static IP address from my ISP. This address ends in .82 and is assigned to the linksys router. I then use the standard internal IP scheme (DHCP) for handing out IP's to any wireless users that may want to connect to the internet. (192.168.2.100 - 200 range). The outside adapter on the PIX is set to 192.168.2.2 and then the inside adapter is translated to 192.168.1.1. I then have 2 Point of sale computers connected directly to the PIX setup on the 192.168.1.1 schema (but with their own assign ip addresses). These 2 computers are behind the PIX Firewall for obvious security reasons. The only problem is I'm trying to connect to these internal Point of sale computers via a VPN connection. In my VPN client software I can't make a direct call to the internal IP address of either of these computers because it's a generic internal IP scheme. I try to connect to the IP Assigned address of .82 but that just tells the VPN software to try and negociate with the Linksys instead of the PIX. How do I tell the Linksys to handle this VPN request? Do I need to setup port forwarding or NAT or DMZ or something? I had this working a year ago and don't remember having this problem. If anyone has any ideas how I can setup the Linksys to handle this VPN connection and push it through to the PIX I would really appreciate any suggestions. Thanks!
dsgonzalesAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

batry_boyCommented:
I would try setting up port forwarding on the Linksys.  In the Linksys GUI, you should have a "Security" tab with a checkbox that reads "Block Anonymous Internet Requests".  Uncheck this box.

Next, go to "Applications & Gaming" and look at the "Port Range Forward" section.  Try the following two ports first:

UDP 500          <----isakmp
UDP 4500        <----NAT traversal

Specify those port numbers as both the start and end ports each on a separate line, choose UDP for the protocol, and choose 192.168.2.2 as the IP address to forward to (the PIX outside interface).  Then try a VPN connection and see what you get.

I would make sure that the VPN is functioning properly without going through the Linksys before I tried the port forwarding.  That way you know that if you try the port forwarding and it doesn't work, then there is something in the port forwarding setup itself (and not the PIX VPN config) that is the problem.  Put your VPN client on the 192.168.2.0/24 network right outside the PIX and try a VPN connection and see if it works.  If you are successful, then try the port forwarding configuration in the Linksys,  them move to the outside of the Linksys and establish the VPN connection again.

If you have IPSEC over TCP configured on the PIX, you will need to forward TCP 10000 (default port) through the Linksys.

Good luck!
0
dsgonzalesAuthor Commented:
I was able to connect via the VPN when I put a laptop on the Linksys network that exists outside the PIX firewall. However I am still unable to connect to the PIX through the outside of the Linksys. I setup (in the Linksys) port forwarding for UDP 5000 and UDP 4500 and still nothing. I also unchecked the "Block Anonymous Internet Requests" - Still no luck. I even put the outside IP Address of the PIX 192.168.2.2 in the DMZ zone. I still cannot connect? Any other suggestions are appreciated. Thanks.

Brian
0
batry_boyCommented:
" I setup (in the Linksys) port forwarding for UDP 5000 and UDP 4500 and still nothing."

You need to forward UDP 500, not UDP 5000...is this what you meant?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

dsgonzalesAuthor Commented:
Sorry, I didn't mean 5000. I used 500.. Do you have any other ideas?
Thanks
0
batry_boyCommented:
What does your "route outside 0.0.0.0 0.0.0.0" point to?
0
batry_boyCommented:
That last statement would be in the PIX, not the Linksys...sorry, forgot to mention that.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.