506E VPN Help

Unanswered Question
Nov 29th, 2007

I have a 506E. I have 9 other locations setup in the VPN. I am assuming they are using site to site.

I would like to connect from my home using VPN instead of using RDP. So now my question os how i can do this through the User Interface.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Thu, 11/29/2007 - 20:45

Danny, I am not sure I understand your question but please correct me. You have a PIX firewall currently with 9 Lan-to-LAN vpn tunnels, and that you would like from home to be able to VPN to PIX506 firewall.. if this is what you are trying to accomplish PIX firewall must be configure as a VPN server to accept cisco vpn clients, that would require PIX configuration as the VPN server end point and Cisco vpn client in your home PC to vpn to pix.

Here is an example link for configuring PIX as a vpn server with user authentication.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008060f25c.shtml#maintask1

Here you can find cisco vpn client, requires CCO login

http://www.cisco.com/cgi-bin/apps/tblbld/tablebuild.pl?topic=270636499

pls rate any helpful posts!

HTH

Jorge

Danny Guillory Jr Sat, 12/01/2007 - 10:30

This is what it could NOT write! Any Information?

fixup protocol dns maximum-length 512

fixup protocol tftp 69

access-list outside_cryptomap_dyn_40 permit ip any 10.9.2.128 255.255.255.128

JORGE RODRIGUEZ Sat, 12/01/2007 - 10:56

Danny, with limited information it is hard to help out, did my previous post answered your question.. perhaps if you can post complete PIX config striping out public IP info we can take a look at what you have configured.

Rgds

Jorge

JORGE RODRIGUEZ Sat, 12/01/2007 - 21:47

Danny, to answer your original post yes you have Lan-to-LAN vpn ipsec tunnels configured and also you have configured pix as a vpn server isakmp policy 20, have you tried connecting using cisco vpn client?

Danny Guillory Jr Sat, 12/01/2007 - 23:05

Ok, Let me tell you what i am understanding..

LAN to LAN means that al my traffic from home will pass through my 506 at work. (NOT WHAT I WANT)

LAN to Remote Access (I THINK THIS MEANS) I can use the VPN client and the pix will assign the computer i am connecting from a IP address in the range 10.9.2.190-.195, Then i will be able to remote to any networked device as if i was at my desk!

Please Confirm that i am corret!

Danny Guillory Jr Sat, 12/01/2007 - 23:10

i installed the cisco vpn client on my machine at home and i still cannot connect to the pix...

"SECURE VPN CONNECTION TERMINATED LOCALLY BY THE CLIENT.

REASON 412: THE REMOTE PEER IS NO LONGER RESPONDING"

THIS IS WHAT I GET WHEN TRYING TO CONNECT WITH.

CICSO SYSTEMS VPN CLIENT VERSION 5.0.02.0090

JORGE RODRIGUEZ Sun, 12/02/2007 - 07:48

to configured lan-to-lan both would need to be configured with certains peer parameters in addition to peer keys at both ends to call it L2L vpn , I don't dont think this is the case or is it? did you ever configured your home firewall to stablish l2l vpn with work pix? what do you have at home for firewall.?

Danny Guillory Jr Sun, 12/02/2007 - 08:29

man your very helpful. I hope you not working on a Sunday! I am just sitting home getting ready for some football and tinkering with this.

Ok well my setup at is. Cox Internet Modem to Dlink, router, then out to my home network. My Home network contains 3 pc and 1 xbox.

I have the cisco vpu client installed on the 3 pc's

can you explain was i corrrect in my understanding of the lan to lan VPN and the lan to remote vpn in my previous post?

JORGE RODRIGUEZ Sun, 12/02/2007 - 21:03

No problem , we are here to help in anyway we can and if I reach out of options someone from forum will always jump in. I do not work weekends but do enjoy participating in forum to learn and help as well.. you can always be grateful by using the rating system in any posts.

you will need to gather information from the PIX506 at your workplace, do others in work place use cisco vpn client to connect to pix506 using administrator under vpngroup ? do you administer the pix at your workplace?, when you try vpn from home are you entering in the vpn client ( vpngroup administrators password ******** ) and other relevant authentication parameters.

These are basic steps for first time vpn connection .

when you configure the client and before try connecting do this first.

Load at work pix506E firewall through PDM and go to system/properties TAB, and check user accounts under administration and/or create a user account with your name and password.

Then on the vpn client side:

a) On the tab hostname/ip enter the ip address of the server, this will be PIX's 506E outside IP address.

b) configure the group authentication parameters in vpn client with information posted in config e.g groupname administrators password - *********

c)Press finish and then click connect, when you get another window enter asking for local authentication enter local user name you created prior step a.

Let me know how it goes.

HTH

Jorge

Actions

This Discussion