Solved: Cisco VPN Client and PIX 501

burtj · ‎02-02-2006

I have a new PIX 501. I believe it is running Version 6.3(4). I have downloaded the latest Cisco VPN Client. I believe it is 4.8.00***. I want to create a VPN tunnel to the the PIX 501 using the Cisco VPN Client to connect. I just want to be able to connect to my office from my house. There is no other device at the office other than the PIX 501 and nothing to block any traffic from my house that I know about.

Can somebody tell me how to configure the PIX and the Client software?

Nothing fancy, I just want it to work. I would like to just use the PDM VPN section to create the necessary configuration if possible.

Thanks,

Jeff

mheusinger · ‎02-03-2006

Hello,

it will be worth to look at the explanations and configurations given in: "Configuring IPSec Between Two PIXes With VPN Client 4.x Access"

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800948b8.shtml

Just skip the commented configuration part for PIX-to-PIX communication and you will get what you want. Another document which can help you is: "How to Configure the Cisco VPN Client to PIX with AES" found at

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a00801e71c0.shtml

This should be pretty much all you need to setup your network to your requirements.

Hope this helps! Please rate all posts.

Regards, Martin

View solution in original post

mheusinger · ‎02-03-2006

Hello,

it will be worth to look at the explanations and configurations given in: "Configuring IPSec Between Two PIXes With VPN Client 4.x Access"

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800948b8.shtml

Just skip the commented configuration part for PIX-to-PIX communication and you will get what you want. Another document which can help you is: "How to Configure the Cisco VPN Client to PIX with AES" found at

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a00801e71c0.shtml

This should be pretty much all you need to setup your network to your requirements.

Hope this helps! Please rate all posts.

Regards, Martin

burtj · ‎02-10-2006

Thanks for your input. I was able to get the VPN working.

jackko · ‎02-03-2006

below are the sample codes for configuring remote vpn access on a pix:

access-list 101 permit ip 192.168.1.0 255.255.255.0 10.1.1.0 255.255.255.0

access-list 120 permit ip 192.168.1.0 255.255.255.0 10.1.1.0 255.255.255.0

nat (inside) 0 access-list 101

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

isakmp identity address

isakmp nat-traversal 20

crypto ipsec transform-set vpnset esp-3des esp-md5-hmac

ip local pool ippool 10.1.1.11-10.1.1.21

vpngroup vpnclient address-pool ippool

vpngroup vpnclient idle-time 1800

vpngroup vpnclient dns-server 139.130.4.4

vpngroup vpnclient password cisco456

vpngroup vpnclient split-tunnel 120

crypto dynamic-map dynmap 10 set transform-set vpnset

crypto map remote_vpn 20 ipsec-isakmp dynamic dynmap

username cisco password cisco123

aaa-server LOCAL protocol local

crypto map remote_vpn client authentication LOCAL

crypto map remote_vpn client configuration address initiate

crypto map remote_vpn client configuration address respond

regarding the vpn client, just simply install it by following the instruction on screen. click "new":

"connection entry" a name for your reference

"host" public ip of the pix 501

"name" vpnclient

"password" cisco456

to initiate a tunnel, double click the entry you just created. it will then prompt you for individual username and password (it's cisco and cisco123).