PIX 501 Setting up VPN  on the PDM

Posted on 2009-02-17
Last Modified: 2012-05-06
Internet -->2600 -->PIX501-->switch--> LAN

When setting up Remote Access VPN from the PDM should I be setting the VPN connection from the outside interface are the inside interface where the internal network is and with doing that will I have to nat the selected interface with a public Ip on the router  
PIX Version 6.3(4)                  

interface ethernet0 auto                        

interface ethernet1 100full                           

nameif ethernet0 outside security0                                  

nameif ethernet1 inside security100                                   

enable password encrypted                                          

passwd  encrypted                                 

hostname pixfirewall                    


fixup protocol dns maximum-length 512                                     

fixup protocol ftp 21                     

fixup protocol h323 h225 1720                             

fixup protocol h323 ras 1718-1719                                 

fixup protocol http 80                      

fixup protocol pptp 1723                        

fixup protocol rsh 514                      

fixup protocol rtsp 554                       

fixup protocol sip 5060                       

fixup protocol sip udp 5060                           

fixup protocol skinny 2000                          

fixup protocol smtp 25                      

fixup protocol sqlnet 1521                          

fixup protocol tftp 69                      


access-list allow_inbound permit icmp any any                                             

access-list allow_inbound permit tcp any host eq 3389                                                                 

access-list allow_inbound permit tcp any host eq 3389                                                                 

access-list allow_inbound permit gre any host                                                         

access-list allow_inbound permit gre any host                                                         

access-list allow_inbound permit tcp any host eq smtp                                                                 

access-list allow_inbound permit tcp any host eq www                                                                

access-list allow_ping permit icmp any any echo-reply                                                     

access-list allow_ping permit icmp any any source-quench                                                        

access-list allow_ping permit icmp any any time-exceeded                                                        

pager lines 24              

icmp permit any traceroute outside                                  

icmp permit any outside                       

icmp permit any echo-reply outside                                  

icmp permit any router-solicitation outside                                           

icmp permit any inside                      

mtu outside 1500                

mtu inside 1500               

ip address outside                                             

ip address inside                                            

ip audit info action alarm                          

ip audit attack action alarm                            

pdm location inside                                              

pdm history enable                  

arp timeout 14400                 

static (inside,outside) netmask 0 0                                                                         

access-group allow_inbound in interface outside                                               

route outside 1                                          

timeout xlate 3:00:00                     

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00                                                                             

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00                                                               

timeout uauth 0:05:00 absolute                              

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

http server enable

http inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd address inside

dhcpd dns

dhcpd lease 3600

dhcpd ping_timeout 750

terminal width 80


Open in new window

Question by:Wayne-
    LVL 79

    Assisted Solution

    Always apply the crypto map to the client-facing interface (outside)
    The VPN wizard should walk you through everything you need to do. When it asks you for an address pool, create a new one using a different IP subnet from the internal network.

    Accepted Solution

    Internet -->2600 -->PIX501-->switch--> LAN

    Have gone thru the VPN Wizard  setup nat on the outside interface on the pix firewall on the Router
    Router= ip nat inside source static  64.xx.xx.xx.75
    can ping the public IP
    Reply from 64.xx.xx.75: bytes=32 time=31ms TTL=242
    Reply from 64.xx.xx.75: bytes=32 time=30ms TTL=242
    Reply from 64.xx.xx.75: bytes=32 time=33ms TTL=242
    Reply from 64.xx.xx.75: bytes=32 time=30ms TTL=242

    set up My PPTP connection get error message  Error 718
    The connetion was terminated because the remote computer did not respond in a timely manner

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Suggested Solutions

    Title # Comments Views Activity
    loop Guard /UDLD 5 29
    What makes a cellular data blocked when cable is not 5 30
    ACS vs NAC 2 38
    ASA 5506-X 7 41
    The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
    This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    794 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now