Setting up a PIX behind a NAT router for Remote Access and VPN
I am looking for some basic guidelines for setting up a PIX 501 behind a NAT router. I've set up a few of them, but I seem to do it differently every time and I want to create a standard list of bullet points to hit every time I do one. Seems like no DSL providers around here offer bridged service anymore, so I have to make do behind their end user device, which is always some conglomeration of NAT router and firewall.
First off, what ports do I need forwarded to the PIX inbound for L2L VPN? Here is what I've been forwarding:
UDP 500 inbound > PIX
UDP 4000 inbound > PIX
Second, what do I need to do to ensure remote access to the PIX? I assume forwarding TCP 22 inbound > PIX would handle SSH, but are there any others I should forward?
I know some routers have the 'DMZ Host' feature which basically NATs an inside host directly to the Internet, but that usually also disables remote access to the DSL modem, which I want to retain if possible. I also want to be able to remotely manage the PIX without an IPSEC tunnel in case I need to troubleshoot a broken tunnel.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...