Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX506E VPN Config Guide - Basic Config ?

Status
Not open for further replies.
xdeq

xdeq

Technical User
Sep 27, 2004
11
0
0
US
I found this site very useful.
So keep posting new questions.
I study Cisco PIX Firewall and VPN Configuration Guide, Version 6.3

and can not find the section where they clearly describe what needs to be done to:
1. Enable(configure) VPN with IPsec basic on PIX506E
2. Create/Define individual users and passwords
3. Connect using Cisco VPN Client.
4. Get the WINS and DNS assigned to the client.

no radius, no ca server, just basic configuration of VPN and IPsec.

Regards
Robert
 
Sort by date Sort by votes
If all you are doing is client to pix, no other vpn no other passthrough stuff this should do it for you



access-list 101 permit ip 172.16.0.0 255.255.0.0 192.168.254.0 255.255.255.0
(where 172.16.0.0 is your internal subnet)

ip local pool ippool 192.168.254.1-192.168.254.254

nat (inside) 0 access-list 101

sysopt connection permit-ipsec

crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set myset
crypto map mymap 10 ipsec-isakmp dynamic dynmap

crypto map mymap interface outside

isakmp enable outside
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 1
isakmp policy 20 lifetime 86400

vpngroup vpn3000 address-pool ippool
vpngroup vpn3000 dns-server 172.16.0.1
vpngroup vpn3000 wins-server 172.16.0.1
vpngroup vpn3000 default-domain yourdomain.com
vpngroup vpn3000 idle-time 1800
vpngroup vpn3000 password yourpassword
vpngroup vpn3000 split-tunnel 101

Your "group name" will be vpn3000 so you can change this to the username you want.

Questions?
Let me know

Mark Spencer
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
247
Johnkite
Johnkite
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
236
intel233
intel233
tjbradford
  • Locked
  • Question
ASAX 5508 - basic config - packet loss
Replies
0
Views
78
tjbradford
tjbradford
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
105
gkittelson
gkittelson
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
291
Shmid
Shmid

Part and Inventory Search

Sponsor

Back
Top