Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Pix 515E v7 VPN config help

Hi,

I have a PIX 515E running vers 7.

Is it possible to use VPN with only 1 static IP address from the ISP (no gateway or ISP router ip address is suppled).

I can set up routing on the ADSL modem but then the PIX does not have a valid Internet IP address?

I believe v7 does not support PPPOE? so I cannot setup bridged mode on the adsl modem?

Is there a way to resolve this issue?

Any help gratefully appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions
Gold

Re: Pix 515E v7 VPN config help

apply the commands below:

isakmp identity address

isakmp nat-traversal 20

if issue still exists, then please post the entire config with public ip masked.

6 REPLIES
Gold

Re: Pix 515E v7 VPN config help

yes, pix v7 doesn't support pppoe which is unfortunate. nonetheless, vpn can still be configured with proper port forwarding performing on the adsl router.

www <--> adsl router <--> pix 515e

adsl router outside interface 1.1.1.1 (public)

adsl rouer inside interface 192.168.1.1 (private)

pix515e outside interface 192.168.1.2 (private)

on the adsl router, you can just port forward:

udp 500

udp 4500

and you can configure vpn as normal on the pix515e. please let me know if further assistance is needed for vpn configuration.

Gold

Re: Pix 515E v7 VPN config help

just wondering how you go.

New Member

Re: Pix 515E v7 VPN config help

Thanks for your earlier tip, Jacko.

However, still not working?

The ADSL modem is in bridge mode, so all traffic should be being passed to the PIX.

The VPN client establishes a PPP session but is unable to connect to the server.(error - trying to connect to server 60.xxx.xxx.xxx)

I am using the single valid static IP address supplied by the ISP as the server name in the VPN client, which is the IP address on the ADSL modem.

Any thoughts?

Gold

Re: Pix 515E v7 VPN config help

www <--> 1.1.1.1 - adsl router - 192.168.1.1 <--> 192.168.1.2 - pix - 192.168.100.1 <--> inside

recently i setup this in the lab, below are the spec:

1.1.1.1 is the public ip assigned from the isp, which sits on the router outside interface.

adsl router runs in routing mode, inside interface ip is 192.168.1.1, which is directly connected the pix outside interface.

pix both interfaces have private ip; outside is 192.168.1.2, inside is 192.168.100.1.

i then configure port forwarding on the adsl router:

1.1.1.1 udp 500 to 192.168.1.2 udp 500

1.1.1.1 udp 4500 to 192.168.1.2 udp 4500

i tested both remote vpn and lan-lan vpn, and it was working fine. i guess this should resolve your issue.

New Member

Re: Pix 515E v7 VPN config help

Thanks for your assistance.

I can now connect to the PIX and authenticate the username and password (phase 2).

However I cannot see the internal network - is there a route or setting i need to to turn on?

Gold

Re: Pix 515E v7 VPN config help

apply the commands below:

isakmp identity address

isakmp nat-traversal 20

if issue still exists, then please post the entire config with public ip masked.

161
Views
0
Helpful
6
Replies
CreatePlease login to create content