Re: VPN Client to PIX 501 Config

DAVE GENTON · ‎04-01-2003

I dont do much security work so I am very weak on the PIX. Is there anyone out there with a cut and paste config for using the vpn client to connect to a 501 pix with 3des ?? I want the outside interface to get a dhcp address, and I want the client to be handed a local address from a pool on the local lan of the pix. I have read the doc's and cannot make the jump from IOS to PIX :) Any help would be greatly appreciated.

thanks

Dave

gfullage · ‎04-01-2003

If the outside interface of the PIX gets a DHCP address, how is your client going to know which address to connect to? You'll need to talk with your ISP and make sure they always give you the same address.

As for the PIX config, the interface stuff is:

> ip address outside dhcp setroute

and the VPN stuff is detailed here:

http://www.cisco.com/warp/public/110/pix3000.html

If you want the clients to be given an address out of the same subnet as the PIX inside interface, then modify the sample config as follows:

> ip local pool ippool 10.1.1.x-10.1.1.y

> access-list 101 permit ip 10.1.1.0 255.255.255.0 10.1.1.0 255.255.255.0

where x and y are your start and end addresses.

DAVE GENTON · ‎04-02-2003

Thanks I will look over the paper. Even with a dhcp address it is very easy to work around. There is a service running on a server inside the firewall that updates a dynamic DNS database on the internet so each site can get there own domain or sub-domain, and then you just register it with a dynamic dns database, works great and saves paying for the static IP which is not available in all areas, depending on ISP.

d-