Remote Access VPN creation in PIX 515E Version 6.3(5)
I want to create a remote access VPN connection for a partner to our company IT resources. I have a failover system PIX 515E with 6.3(5) OS. PIX outside interface has RFC 1918 IP Address and is connected to a router witch in turn is connected to our ISP through Leased Line. PIX have also an available DMZ interface with RFC1918 IP address configured.
1. Can I configure IKE with ISAKMP enable on this DMZ interface to terminate the VPN remote connections? If no why? I have available public IP Address for static NAT with either outside or DMZ interface.
2. How can I control the traffic from the remote users to my internal network in PIX firewall? Can I use a kind of Access list somewhere?
3. What version of VPN software client I can use with Version 6.3(5) OS?
4. Can I preconfigured in any way the VPN software client with specific settings and give it to our customer locked and ready to use it?
5. Finally can I force the VPN software client to not allow concurrent internet access and VPN traffic from remote PC with this OS version?
Show Name: Thoughts on Security at Cisco Live US 2018 in Orlando
Contributors: Kevin Klous, David White Jr., Aaron Woland, Jeff Fanelli
Posting Date: June 2018
Description: The team goes on-site in the Cisco Live Speaker room in...
RADIUS and Symantec VIP.
I will use screenshots of ASDM, and at the end I will add the required CLI commands. the diagram below show a diagram of the steps the FW goes through when using 2FA authentication:
As you can see in Fig. 1&nbs...