I am trying to configure the PIX with the VPN config and am having all types of problems. The connection is between the PIX and a Cisco 2600 with firewall IOS on it. I cannot get it to intialize from the PIX side. If somebody has some tips and sample config I would sure appreciate it.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Configuring a PIX 520 for VPN using IPSec-ISAKMP and NAT
- Thread starter robebrow
- Start date
Guest_imported
New member
- Jan 1, 1970
- 0
Hello,<br><br>well i'm just trying to get the PIX working. For some reason i can't get the NT wkstns on the inside to browse the web. i've got no help from cisco. does anyone have any suggestions? <br><br>email <A HREF="mailto:rberumen@youngeroptics.com">rberumen@youngeroptics.com</A>
Do you have a NAT pool configured for you users to go out as? Do you have configured which internal subnets can use this external NAT pool?
Here are some samples:
Assigning the NAT pool:
global (outside) 1 207.1.1.1-207.1.1.253 netmask 255.255.255.0
global (outside) 1 207.1.1.254 netmask 255.255.255.0
(We've assigned a full class C subnet to our external NAT pool. The last address is listed singularly, so that when all 253 addresses are in use, the final 254th address uses NAT overload, aka PAT and 65335 - 1024 PATs may take place).
Next, you must specify which internal subnets may use your NAT pools:
nat (inside) 1 10.1.1.0 255.255.255.0 0 0
nat (inside) 1 192.168.0.0 255.255.0.0 0 0
You also need to have a default route configured on the outside interface, and routes to all of your inside networks configured (inside gateway is 192.168.2.1):
route outside 0.0.0.0 0.0.0.0 206.1.1.1 1
route inside 10.1.1.0 255.255.255.0 192.168.2.1 1
route inside 192.168.0.0 255.255.0.0 192.168.2.1 1
Test connectivity on both sides with the ping inside/outside command, and view open NATs with 'show xlate'.
Cisco TAC has a huge list of sample configuration for this and more, including PIX to Router VPN configurations:
In fact I just spotted a brand new article on how to make a PIX work with PPTP on Win32 platforms:
Here are some samples:
Assigning the NAT pool:
global (outside) 1 207.1.1.1-207.1.1.253 netmask 255.255.255.0
global (outside) 1 207.1.1.254 netmask 255.255.255.0
(We've assigned a full class C subnet to our external NAT pool. The last address is listed singularly, so that when all 253 addresses are in use, the final 254th address uses NAT overload, aka PAT and 65335 - 1024 PATs may take place).
Next, you must specify which internal subnets may use your NAT pools:
nat (inside) 1 10.1.1.0 255.255.255.0 0 0
nat (inside) 1 192.168.0.0 255.255.0.0 0 0
You also need to have a default route configured on the outside interface, and routes to all of your inside networks configured (inside gateway is 192.168.2.1):
route outside 0.0.0.0 0.0.0.0 206.1.1.1 1
route inside 10.1.1.0 255.255.255.0 192.168.2.1 1
route inside 192.168.0.0 255.255.0.0 192.168.2.1 1
Test connectivity on both sides with the ping inside/outside command, and view open NATs with 'show xlate'.
Cisco TAC has a huge list of sample configuration for this and more, including PIX to Router VPN configurations:
In fact I just spotted a brand new article on how to make a PIX work with PPTP on Win32 platforms:
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question