Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Pix515 VPN

Status
Not open for further replies.
chadw

chadw

IS-IT--Management
Aug 15, 2002
75
US
I have never setup a VPN. I have Terminal Services setup for one remote employee. I was wondering if a VPN will better serve the company. I have heard that VPN are very slow. I have a pix515 and I didn't know what ports to open and if it was hard to establish a connection on the server side. What is all involved? What are the Pros and Cons of a VPN?

Can anyone help me out here?

Thank you,

Chad
 
Sort by date Sort by votes
A VPN adds extra security and as such is always a good idea. Also, you can use Terminal Services or Remote Desktop over the VPN & this (if you have high-speed internet) is almost as fast as working at the machine locally.

You would want to use the CISCO 4.0.1 client (you can download this from CISCO), add the following commmands to the PIX and follow the directions to set up the client.

These are examples and you can change the numbers to suit your network

access-list 100 permit ip 10.40.0.0 255.255.0.0 10.40.20.0 255.255.255.0

ip local pool ippool 10.40.20.1-10.40.20.50

nat (inside) 0 access-list 100

access-group 100 in interface outside

sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto dynamic-map dynmap 90 set transform-set myset
crypto map newmap 90 ipsec-isakmp dynamic dynmap
crypto map newmap interface outside

isakmp enable outside
isakmp identity address
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400

vpngroup groupname idle-time 1800
vpngroup address-pool idle-time 1800
vpngroup groupname address-pool ippool
vpngroup groupname dns-server 10.40.x.x
vpngroup groupname wins-server 10.40.x.x
vpngroup groupname default-domain your.domain.name
vpngroup groupname idle-time 1800
vpngroup groupname password ********




 
Upvote 0 Downvote
Will the above config work in an environment wirh PAT, instead of NAT? Would it also work with the Cisco client 3.6.6?

Thank U.
 
Upvote 0 Downvote
Yes it will work with 3.6 vpn client. Also you are not natting the traffic since you are bypassing NAT with the nat (inside) 0 access-list ... command, so PAT shold not be an issue.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
647
intel233
intel233
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
230
gkittelson
gkittelson
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
792
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
176
WhosYourDiffie
WhosYourDiffie
ITSUPPORTIT
  • Locked
  • Question
VPN from ASA 5510 and RV215W problem
Replies
0
Views
153
ITSUPPORTIT
ITSUPPORTIT

Part and Inventory Search

Sponsor

Back
Top