Remote Access VPN creation in PIX 515E Version 6.3(5)
I want to create a remote access VPN connection for a partner to our company IT resources. I have a failover system PIX 515E with 6.3(5) OS. PIX outside interface has RFC 1918 IP Address and is connected to a router witch in turn is connected to our ISP through Leased Line. PIX have also an available DMZ interface with RFC1918 IP address configured.
1. Can I configure IKE with ISAKMP enable on this DMZ interface to terminate the VPN remote connections? If no why? I have available public IP Address for static NAT with either outside or DMZ interface.
2. How can I control the traffic from the remote users to my internal network in PIX firewall? Can I use a kind of Access list somewhere?
3. What version of VPN software client I can use with Version 6.3(5) OS?
4. Can I preconfigured in any way the VPN software client with specific settings and give it to our customer locked and ready to use it?
5. Finally can I force the VPN software client to not allow concurrent internet access and VPN traffic from remote PC with this OS version?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...