FAQ  Search  Memberlist  Usergroups  Register  Profile  Private messages  Log in

Novice - PIX 501 setup

Forum Index -> alt.certification.cisco

Author	Message
NEWS Guest	Posted: Mon Aug 04, 2003 6:12 pm    Post subject: Novice - PIX 501 setup I have a PIX 515 at our main office which was set up as a package (Hence I am clueless about it !) We have just moved two people to a new remote site and have provided them with ADSL . At the moment they are continuing to use the CISCO client software (one at a time). To overcome this issue I have purchased a PIX 501 but the wizard configuration is not versatile enough to help with our needs. I have browsed the web for some help but the nearest I have got is people discussing scripts. I know our VPN group settings and passwords from the Software Clients. When I use the 501 wizard to plug in these items I get nowhere. The two users need to be able to browse the internet as normal except when trying to access our main static IP address when the VPN should kick in. I have the command reference but it is like learning a language using only a dictionary. Can anyone show me some example scripts of what I need and possibly how to configure a VPN group. NB: If I telnet to the IP address of the 501 it does not connect... should I be using a particular port ? Please CC any replies to the group and ME as I do not get to check this regularly ! Mark Eades I.T. Manager mark.eades@tskgroupplc.com
Back to top
John Bacon Guest	Posted: Wed Aug 06, 2003 5:49 am    Post subject: Re: Novice - PIX 501 setup Sounds like a site to site VPN will work nicely. Can you post your configs? We'll start there JB www.helpwithcisco.com www.nerdsnews.org "NEWS" <mark.eades@tskgroupplc.com> wrote in message news:bgm7mb$14l$1@sparta.btinternet.com... Quote: I have a PIX 515 at our main office which was set up as a package (Hence I am clueless about it !) We have just moved two people to a new remote site and have provided them with ADSL . At the moment they are continuing to use the CISCO client software (one at a time). To overcome this issue I have purchased a PIX 501 but the wizard configuration is not versatile enough to help with our needs. I have browsed the web for some help but the nearest I have got is people discussing scripts. I know our VPN group settings and passwords from the Software Clients. When I use the 501 wizard to plug in these items I get nowhere. The two users need to be able to browse the internet as normal except when trying to access our main static IP address when the VPN should kick in. I have the command reference but it is like learning a language using only a dictionary. Can anyone show me some example scripts of what I need and possibly how to configure a VPN group. NB: If I telnet to the IP address of the 501 it does not connect... should I be using a particular port ? Please CC any replies to the group and ME as I do not get to check this regularly ! Mark Eades I.T. Manager mark.eades@tskgroupplc.com
Back to top
NEWS Guest	Posted: Wed Aug 13, 2003 8:02 pm    Post subject: Re: Novice - PIX 501 setup Finally got time to look at this again... Thew ADSL router is set for issuing DHCP in the 10.0.0.# range and the PIX 501 to issue DHCP internally using 192.168.1.# The PIX501 should be taking its address from the ADSL router which in turn gets its external from the ISP on PPOA dial up. All I really need to achieve is when any traffic in the range 217.40.###.### is directed to the main PIX and/or 172.31.###.### which is our main internal network range. Any other traffic should be treated as internet only... I have currently used the administrators id and password for access however as things show promise I will make a dedicated user for this login as it can not prompt the users for an identity. The group and password credentials for the VPN are the same as those used in the software client. The config to date is as follows.... PIX Version 6.3(1). interface ethernet0 100full. interface ethernet1 100full. nameif ethernet0 outside security0. nameif ethernet1 inside security100. enable password **************** encrypted. passwd **************** encrypted. hostname TSKwarehouse. domain-name TSK fixup protocol ftp 21. fixup protocol h323 h225 1720. fixup protocol h323 ras 1718-1719. fixup protocol http 80. fixup protocol ils 389. fixup protocol rsh 514. fixup protocol rtsp 554. fixup protocol sip 5060. fixup protocol sip udp 5060. fixup protocol skinny 2000. fixup protocol smtp 25. fixup protocol sqlnet 1521. names. pager lines 1000. mtu outside 1500. mtu inside 1500. ip address outside dhcp setroute. ip address inside 192.168.1.1 255.255.255.0. ip audit info action alarm. ip audit attack action alarm. pdm logging informational 100. pdm history enable. arp timeout 14400. global (outside) 1 interface. nat (inside) 1 0.0.0.0 0.0.0.0 0 0. timeout xlate 0:05:00. timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00. timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00. timeout uauth 0:05:00 absolute. aaa-server TACACS+ protocol tacacs+ . aaa-server RADIUS protocol radius . aaa-server LOCAL protocol local . http server enable. http 192.168.1.0 255.255.255.0 inside. no snmp-server location. no snmp-server contact. snmp-server community public. no snmp-server enable traps. floodguard enable. telnet timeout 5. ssh timeout 5. console timeout 0. dhcpd address 192.168.1.2-192.168.1.33 inside. dhcpd dns 10.0.0.1 . dhcpd lease 50400. dhcpd ping_timeout 750. dhcpd domain TSKWH. dhcpd auto_config outside. dhcpd enable inside. vpnclient server 217.40.###.### vpnclient mode client-mode. vpnclient vpngroup tsk#### password ********. vpnclient username administrator password ********. vpnclient enable. terminal width 80. Cryptochecksum:################################# : end. "John Bacon" <jb@lec.edu> wrote in message news:4gYXa.17405$Vx2.8849750@newssvr28.news.prodigy.com... Quote: Sounds like a site to site VPN will work nicely. Can you post your configs? We'll start there JB www.helpwithcisco.com www.nerdsnews.org "NEWS" <mark.eades@tskgroupplc.com> wrote in message news:bgm7mb$14l$1@sparta.btinternet.com... I have a PIX 515 at our main office which was set up as a package (Hence I am clueless about it !) We have just moved two people to a new remote site and have provided them with ADSL . At the moment they are continuing to use the CISCO client software (one at a time). To overcome this issue I have purchased a PIX 501 but the wizard configuration is not versatile enough to help with our needs. I have browsed the web for some help but the nearest I have got is people discussing scripts. I know our VPN group settings and passwords from the Software Clients. When I use the 501 wizard to plug in these items I get nowhere. The two users need to be able to browse the internet as normal except when trying to access our main static IP address when the VPN should kick in. I have the command reference but it is like learning a language using only a dictionary. Can anyone show me some example scripts of what I need and possibly how to configure a VPN group. NB: If I telnet to the IP address of the 501 it does not connect... should I be using a particular port ? Please CC any replies to the group and ME as I do not get to check this regularly ! Mark Eades I.T. Manager mark.eades@tskgroupplc.com
Back to top
Display posts from previous: All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest First

	Forum Index -> alt.certification.cisco	All times are GMT
Page 1 of 1