After searching the web I found this article
Basically I want to vpn into our company network
Our current config is :-
sh ver
Cisco Secure PIX Firewall Version 5.3(3)
Compiled on Wed 09-Jan-02 22:56 by morlee
BAFW01 up 9 days 2 hours
Hardware: PIX-515, 32 MB RAM, CPU Pentium 200 MHz
Flash i28F640J5 @ 0x300, 16MB
BIOS Flash AT29C257 @ 0xfffd8000, 32KB
0: ethernet0: address is ffff.ffff.ffff, irq 10
1: ethernet1: address is ffff.ffff.ffff, irq 9
Licensed Features:
Failover: Disabled
VPN-DES: Enabled
VPN-3DES: Disabled
Maximum Interfaces: 3
Cut-through Proxy: Enabled
Guards: Enabled
Websense: Enabled
Throughput: Unlimited
ISAKMP peers: Unlimited
Serial Number:
Activation Key:
wr term
PIX Version 5.3(3)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password <nottellingyou> encrypted
passwd <nottellingyou> encrypted
hostname BAFW01
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
no names
access-list 100 permit icmp any any echo-reply
access-list 100 permit icmp any any time-exceeded
access-list 100 permit icmp any any unreachable
access-list 100 permit ip any ip.ip.ip.ip 255.255.255.0
access-list 100 permit ip any host ip.ip.ip.ip
pager lines 24
logging on
no logging timestamp
no logging standby
no logging console
no logging monitor
no logging buffered
no logging trap
no logging history
logging facility 20
logging queue 512
interface ethernet0 auto
interface ethernet1 auto
mtu outside 1500
mtu inside 1500
ip address outside ip.ip.ip.ip 255.255.255.0
ip address inside ip.ip.ip.ip 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
arp timeout 14400
global (outside) 1 ip.ip.ip.ip-ip.ip.ip.ip
global (outside) 1 ip.ip.ip.ip
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) ip.ip.ip.ip ip.ip.ip.ip netmask 255.255.255.255 0 0
access-group 100 in interface outside
route outside 0.0.0.0 0.0.0.0 ip.ip.ip.ip 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
isakmp identity hostname
telnet ip.ip.ip.ip 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
terminal width 80
I have guessed that I have to upgarde to v6.11
Basics are :-
(Internet) <-> Router <-> Firewall <-> Network
users internet access out using pat using firewall as g/w
users connect into lotus notes server (static mapping)
I have VPN 3.1 client
What changes do I need to make to config to allow we to vpn-dial in
Regards
David
Basically I want to vpn into our company network
Our current config is :-
sh ver
Cisco Secure PIX Firewall Version 5.3(3)
Compiled on Wed 09-Jan-02 22:56 by morlee
BAFW01 up 9 days 2 hours
Hardware: PIX-515, 32 MB RAM, CPU Pentium 200 MHz
Flash i28F640J5 @ 0x300, 16MB
BIOS Flash AT29C257 @ 0xfffd8000, 32KB
0: ethernet0: address is ffff.ffff.ffff, irq 10
1: ethernet1: address is ffff.ffff.ffff, irq 9
Licensed Features:
Failover: Disabled
VPN-DES: Enabled
VPN-3DES: Disabled
Maximum Interfaces: 3
Cut-through Proxy: Enabled
Guards: Enabled
Websense: Enabled
Throughput: Unlimited
ISAKMP peers: Unlimited
Serial Number:
Activation Key:
wr term
PIX Version 5.3(3)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password <nottellingyou> encrypted
passwd <nottellingyou> encrypted
hostname BAFW01
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
no names
access-list 100 permit icmp any any echo-reply
access-list 100 permit icmp any any time-exceeded
access-list 100 permit icmp any any unreachable
access-list 100 permit ip any ip.ip.ip.ip 255.255.255.0
access-list 100 permit ip any host ip.ip.ip.ip
pager lines 24
logging on
no logging timestamp
no logging standby
no logging console
no logging monitor
no logging buffered
no logging trap
no logging history
logging facility 20
logging queue 512
interface ethernet0 auto
interface ethernet1 auto
mtu outside 1500
mtu inside 1500
ip address outside ip.ip.ip.ip 255.255.255.0
ip address inside ip.ip.ip.ip 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
arp timeout 14400
global (outside) 1 ip.ip.ip.ip-ip.ip.ip.ip
global (outside) 1 ip.ip.ip.ip
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) ip.ip.ip.ip ip.ip.ip.ip netmask 255.255.255.255 0 0
access-group 100 in interface outside
route outside 0.0.0.0 0.0.0.0 ip.ip.ip.ip 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
isakmp identity hostname
telnet ip.ip.ip.ip 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
terminal width 80
I have guessed that I have to upgarde to v6.11
Basics are :-
(Internet) <-> Router <-> Firewall <-> Network
users internet access out using pat using firewall as g/w
users connect into lotus notes server (static mapping)
I have VPN 3.1 client
What changes do I need to make to config to allow we to vpn-dial in
Regards
David