Link to home
Start Free TrialLog in
Avatar of tommyo94
tommyo94

asked on

Pass VPN traffic through a Cisco PIX 501

We currently have a Cisco PIX 501 attached to the internet with assigned static addresses.  Our contractor will be adding a Mcafee Firewall Enterprise S1104 onto our network to allow for VPN monitoring of segregated equipment.  They will be VPNing into the Mcafee through the PIX.  The PIX currently has VPN setup for our lan as well.  The traffic is not flowing through.  Attached is the running configuration.  Any help would be greatly appreciated.
pix501.txt
Avatar of Ken Boone
Ken Boone
Flag of United States of America image
So did you change the IP addresses before you posted them here?  If not based on the config I am assuming that 192.168.1.4 is the device public address for the other VPN endpoint which translates to 10.10.1.3 on the inside.  So if 192.168.1.4 is the actual IP address assigned then something else on the outside of your ASA needs to be updated to add a translation rule from a public ip to 192.168.1.4. If you change the ip addresses to protect the config you are fine.  IF this is using a PPTP type tunnel you would need to issue

fixup protocol pptp

to allow for that.

Other than that it will depend on the VPN and what protocols it is using.  Right now you have ESP, udp 4500 and udp isakmp.  Is there anything else that particular vpn server needs open?
Avatar of tommyo94
tommyo94

ASKER

Yes the IP address were changed.  The 192 addresses are the external.  I was told by the contractor the following ports were needed UDP 500 UDP 4500 and IP50 ESP Protocol.
ASKER CERTIFIED SOLUTION
Avatar of Ken Boone
Ken Boone
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial