04-01-2003 04:10 PM - edited 02-21-2020 12:26 PM
I dont do much security work so I am very weak on the PIX. Is there anyone out there with a cut and paste config for using the vpn client to connect to a 501 pix with 3des ?? I want the outside interface to get a dhcp address, and I want the client to be handed a local address from a pool on the local lan of the pix. I have read the doc's and cannot make the jump from IOS to PIX :) Any help would be greatly appreciated.
thanks
Dave
04-01-2003 05:36 PM
If the outside interface of the PIX gets a DHCP address, how is your client going to know which address to connect to? You'll need to talk with your ISP and make sure they always give you the same address.
As for the PIX config, the interface stuff is:
> ip address outside dhcp setroute
and the VPN stuff is detailed here:
http://www.cisco.com/warp/public/110/pix3000.html
If you want the clients to be given an address out of the same subnet as the PIX inside interface, then modify the sample config as follows:
> ip local pool ippool 10.1.1.x-10.1.1.y
> access-list 101 permit ip 10.1.1.0 255.255.255.0 10.1.1.0 255.255.255.0
where x and y are your start and end addresses.
04-02-2003 09:51 AM
Thanks I will look over the paper. Even with a dhcp address it is very easy to work around. There is a service running on a server inside the firewall that updates a dynamic DNS database on the internet so each site can get there own domain or sub-domain, and then you just register it with a dynamic dns database, works great and saves paying for the static IP which is not available in all areas, depending on ISP.
d-
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: