pix 501 keep it simple 1

[geeked]

need a simple config for a small office to office broadband vpn using two pix 501s. Each site has a static IP.

Site one(1) has a cable modem connected to a PIX 501 conected to an eight port switch. The inside network is 130.1.0.0/16.There is one proxy server 130.1.1.0/16, a unix medical image server 130.1.1.1/16, and several pc workstations with dynamic 130.1.0.1 through 130.1.0.100/16.

Site two (2) has a cable modem connected to a PIX 501 connected to a workstation. The inside network is 130.2.0.0/16. The workstation is dynamic 130.2.0.1 through 130.2.0.100/16.

I need a vpn tunnel from site one to site two. Traffic needs to be encrypted with 168 des. The cable modem at site one has a firewall maintained by the ISP. Do I disable the PIX firewall and how? Site two needs a firewall to prevent hacking (nothing to complicated -- min administration)

Will be adding additional vpns in a spoke config with Site one as hub as time go on.

This is my first vpn configuration>>>PLEeeeeeASE Help Me

 

[yizhar]

HI.

You can use 3 methods (or better a combination of them) to configure VPN on the pix:
* Use samples and docs from Cisco web site.
* Use PDM.
* Use pixcript.
You'll find links to all those here, just take some time to simply browse without rushing:

http://teachers.sivan.co.il/yizhar/files/pixlinks.htm

> The cable modem at site one has a firewall maintained by the ISP
This can be a problem.
Are you sure that the pix on each side will have a public IP?
Isn't the cable modem/firewall doing NAT?

First step before trying to VPN, is to try pinging from one pix to the other.
If you cannot ping, you will probably fail with VPN also.

> Traffic needs to be encrypted with 168 des
You should verify this with the Cisco dealer before purchasing, to make sure that you get the correct product (the correct license).


Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar