My first question is what IP will clients get if they VPN to the network. The clients are running the Cisco Secure client and tunnel to a PIX 506E with the configuration listed below. Can I specify a scope or pool of IP's that the clients get when they make a VPN connection to the network?
The second issues is I am unable to get remote telnet or SSH access form the outside interface. As you will see in the config I have enabled both of those services to a specific IP. This IP is statically assigned to me by my ISP on my cable modem. I would like to be able to access the firewall from my home for administration. I would like to use SSH for the enhanced security but cannot get either option to work. Telnet times out without ever making a connection. I am using putty as an SSH client, it seems to connect but the authentication fails. I have tried using root an d admin as the user name and have tried both the telnet and enable passwords. I know the passwords are correct as I can login from the inside interface.
Here is a copy of the config file any suggestions would be apprecieated:
PIX Version 6.1(4)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password xxxxxxx encrypted
passwd xxxxxxxxx encrypted
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
name 192.168.0.10 Rob
name 192.168.0.2 Phone_System
name xxx.x.x.xxx ILX
access-list outside_access_in permit tcp any range 8194 8294 host 64.243.xxx.xx
access-list outside_access_in permit tcp any range 1025 6000 host 64.243.xxx.xx
access-list outside_access_in permit udp any range 48129 48192 host 64.243.xxx.xx
access-list outside_access_in permit tcp host ILX eq 11112 any
access-list outside_access_in permit tcp host ILX eq 11114 any
access-list outside_access_in permit tcp host ILX eq www any
access-list outside_access_in permit udp host ILX any
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...