RE: [MLUG] cisco pix 501 and vpn endpoint

Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: "'MLUG Members'" <EMAIL:PROTECTED>
Subject: RE: [MLUG] cisco pix 501 and vpn endpoint
From: "Brent Deterding" <EMAIL:PROTECTED>
Date: Sun, 8 May 2005 21:43:45 -0500
In-reply-to: <EMAIL:PROTECTED>
Reply-to: MLUG Members <EMAIL:PROTECTED>
Sender: EMAIL:PROTECTED
Thread-index: AcVUDlJ74oLptIIwQOKGWhE+a9ZnaAAL7y4g

Sure - 501 will do that fine. 

Here's the config to do it with a 192.168.5.0/24 internal network with split
tunneling. 192.168.6.128-196 is the range assigned for road warriors. 

      vpngroup remote_access password letmein
      ip local pool ip_pool_1 192.168.6.128-192.168.6.196
      vpngroup remote_access address-pool ip_pool_1
      vpngroup remote_access dns-server 128.206.2.252 
      isakmp policy 20 authen pre-share
      isakmp policy 20 encrypt aes
      isakmp policy 20 hash sha
      isakmp policy 20 group 5
      isakmp enable outside
      access-list remote_access_splitTunnelAcl permit ip 192.168.5.0
255.255.255.0  any
      access-list inside_outbound_nat0_acl line 1 permit ip 192.168.5.0
255.255.255.0  192.168.6.128 255.255.255.128 
      nat (inside) 0 access-list inside_outbound_nat0_acl
      access-list outside_cryptomap_dyn_20 permit ip any  192.168.6.128
255.255.255.128 
      crypto dynamic-map outside_dyn_map 20 match address
outside_cryptomap_dyn_20
      crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
      crypto dynamic-map outside_dyn_map 20 set transform-set ESP-AES-128-SHA
      crypto dynamic-map outside_dyn_map 20 set security-association lifetime
seconds 28800 kilobytes 4608000
      crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
      crypto map outside_map interface outside
      vpngroup remote_access split-tunnel remote_access_splitTunnelAcl
      sysopt connection permit-ipsec

-- Brent Deterding 

-----Original Message-----
From: EMAIL:PROTECTED
[mailto:EMAIL:PROTECTED] On Behalf Of Kyle Krieg
Sent: Sunday, May 08, 2005 3:41 PM
To: EMAIL:PROTECTED
Subject: [MLUG] cisco pix 501 and vpn endpoint

I've got a Cisco Pix 501 question that someone can probably answer.  Can
the Cisco Pix 501 serve the purpose of connecting "road warriors" back to
a small business with the VPN function or do you need a VPN concentrator
to connect laptops with the Cisco VPN software back to the internal
network?

I would go with the linksys WRV54G option, but I have a friend who can't
get the VPN connections to work and I need a solution that will work every
time.  (I use the Cisco VPN at my work and have not had any trouble with
it, but I"m the road warrior and not on the other side).

Also, any suggestions on any other VPN endpoints would be welcome also.

Thanks

Kyle

_______________________________________________
members mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/members


_______________________________________________
members mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/members

References:
- [MLUG] cisco pix 501 and vpn endpoint
  - From: "Kyle Krieg" <EMAIL:PROTECTED>

Prev by Date: [MLUG] cisco pix 501 and vpn endpoint
Next by Date: [MLUG] bzflag
Previous by thread: [MLUG] cisco pix 501 and vpn endpoint
Next by thread: [MLUG] bzflag
Index(es):
- Date
- Thread