Solved: Pix 515E v7 VPN config help

1qaz2wsx1qaz · ‎01-09-2006

Hi,

I have a PIX 515E running vers 7.

Is it possible to use VPN with only 1 static IP address from the ISP (no gateway or ISP router ip address is suppled).

I can set up routing on the ADSL modem but then the PIX does not have a valid Internet IP address?

I believe v7 does not support PPPOE? so I cannot setup bridged mode on the adsl modem?

Is there a way to resolve this issue?

Any help gratefully appreciated.

jackko · ‎01-18-2006

apply the commands below:

isakmp identity address

isakmp nat-traversal 20

if issue still exists, then please post the entire config with public ip masked.

View solution in original post

jackko · ‎01-10-2006

yes, pix v7 doesn't support pppoe which is unfortunate. nonetheless, vpn can still be configured with proper port forwarding performing on the adsl router.

www <--> adsl router <--> pix 515e

adsl router outside interface 1.1.1.1 (public)

adsl rouer inside interface 192.168.1.1 (private)

pix515e outside interface 192.168.1.2 (private)

on the adsl router, you can just port forward:

udp 500

udp 4500

and you can configure vpn as normal on the pix515e. please let me know if further assistance is needed for vpn configuration.

jackko · ‎01-12-2006

just wondering how you go.

1qaz2wsx1qaz · ‎01-12-2006

Thanks for your earlier tip, Jacko.

However, still not working?

The ADSL modem is in bridge mode, so all traffic should be being passed to the PIX.

The VPN client establishes a PPP session but is unable to connect to the server.(error - trying to connect to server 60.xxx.xxx.xxx)

I am using the single valid static IP address supplied by the ISP as the server name in the VPN client, which is the IP address on the ADSL modem.

Any thoughts?

jackko · ‎01-12-2006

www <--> 1.1.1.1 - adsl router - 192.168.1.1 <--> 192.168.1.2 - pix - 192.168.100.1 <--> inside

recently i setup this in the lab, below are the spec:

1.1.1.1 is the public ip assigned from the isp, which sits on the router outside interface.

adsl router runs in routing mode, inside interface ip is 192.168.1.1, which is directly connected the pix outside interface.

pix both interfaces have private ip; outside is 192.168.1.2, inside is 192.168.100.1.

i then configure port forwarding on the adsl router:

1.1.1.1 udp 500 to 192.168.1.2 udp 500

1.1.1.1 udp 4500 to 192.168.1.2 udp 4500

i tested both remote vpn and lan-lan vpn, and it was working fine. i guess this should resolve your issue.

1qaz2wsx1qaz · ‎01-17-2006

Thanks for your assistance.

I can now connect to the PIX and authenticate the username and password (phase 2).

However I cannot see the internal network - is there a route or setting i need to to turn on?

jackko · ‎01-18-2006

apply the commands below:

isakmp identity address

isakmp nat-traversal 20

if issue still exists, then please post the entire config with public ip masked.