05-28-2008 08:22 AM - edited 03-11-2019 05:51 AM
I have a situation where I need to set up my pix to handle vpn.
currently the pix only has private IPs assigned to it's interfaces. it passes a class C public though it.
example
Router Outside:4.4.4.1
Router Inside: 10.1.1.1
firewall outside 10.1.1.2
firewall inside: 10.1.2.1
Public class C: 5.5.5.0 /24
we generally nat each service to a port on a machine on the inside network so we have had no reason to have direct access to the firewall from outside (no ssh etc)
How do I set up my pix to take one of the 5.5.5.x addresses and use it to allow vpn?
(Ive set up vpn plenty, but always had a public IP on the outside interface)
thank you!
05-28-2008 09:12 AM
Do the translation in your outside router from 5.5.5.x to 10.1.1.2.
05-28-2008 11:09 AM
did it.
now I get this message:
crypto_isakmp_process_block:src:5.5.5.5, dest:10.0.32.10 spt:500 dpt:500
OAK_MM exchange
ISAKMP (0): processing SA payload. message ID = 0
ISAKMP (0): Checking ISAKMP transform 1 against priority 1 policy
ISAKMP: encryption 3DES-CBC
ISAKMP: hash SHA
ISAKMP: default group 2
ISAKMP: auth pre-share
ISAKMP: life type in seconds
ISAKMP: life duration (basic) of 28800
ISAKMP: life type in kilobytes
ISAKMP: life duration (VPI) of 0xff 0xff 0xff 0xff
ISAKMP (0): atts are acceptable. Next payload is 0
ISAKMP (0): processing vendor id payload
ISAKMP (0): processing vendor id payload
ISAKMP (0:0): vendor ID is NAT-T
ISAKMP (0): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
return status is IKMP_NO_ERROR
crypto_isakmp_process_block:src:5.5.5.5, dest:10.0.32.10 spt:500 dpt:500
VPN Peer:ISAKMP: Peer Info for 5.5.5.5/500 not found - peers:0
ISAKMP: larval sa found
crypto_isakmp_process_block:src:5.5.5.5, dest:10.0.32.10 spt:500 dpt:500
VPN Peer:ISAKMP: Peer Info for 5.5.5.5/500 not found - peers:0
ISAKMP: larval sa found
ISAKMP (0): retransmitting phase 1 (0)...
ISAKMP (0): retransmitting phase 1 (1)...
crypto_isakmp_process_block:src:5.5.5.5, dest:10.0.32.10 spt:500 dpt:500
VPN Peer:ISAKMP: Peer Info for 5.5.5.5/500 not found - peers:0
ISAKMP: larval sa found
ISAKMP (0): deleting SA: src 5.5.5.5, dst 10.0.32.10
ISADB: reaper checking SA 0x3b72824, conn_id = 0 DELETE IT!
VPN Peer:ISAKMP: Peer Info for 5.5.5.5/500 not found - peers:0
Any ideas?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide