Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Pix 515e vpn setup

I currently have a pix 515e setup as a firewall and vpn terminator. We will be moving our network to a new isp that will provide the firewall service, but i need to keep the pix for the vpn functionality. The pix currently has a public IP for the vpn but the new ISP want to do nat for the pix, so I have to give it a private ip. here is what the ISP sent me.

>Essentially - Customer needs

>1. Internal Server IP address that >will arrive from customer to the f/w.

>

>2. The public address NAT that will >represent the customer internal server.

>

>3. The proper ports open to support >this request. UDP ? 10000 or 4500 ? >and 500.

I'm new to VPN I would like some direction on where to find some documents on how to setup the cisco behind another router and without a public ip. Also can the pix have both interfaces on the same subnet?

Thank you

rene

1 REPLY
Cisco Employee

Re: Pix 515e vpn setup

Rene -

You can't have both the interfaces on the same subnet.

3. Ports needed for VPN to work.

UDP - 500 ==> which is ISAKMP

UDP - 4500 ==> NAT-T

UDP - 10000 ===> IPSec over UDP

ESP protocol ==> which is protocol number 50.

1 & 2. Your external (outside) IP address of the PIX.

Does this answer your question.

86
Views
0
Helpful
1
Replies
CreatePlease login to create content