Cisco Support
English
Feedback Help
Cisco Support Community
Register
cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
tiwari924
tiwari924
Community Member
‎05-04-2006 01:53 AM
‎05-04-2006 01:53 AM

Client to Site VPN please help

Hello,

Please help me in configuring VPN.Below mentioned are the details.

I have been recently handed the responsibilty of maintaining the CISCO PIX 515E in my organisation.

I need to configure a client to site VPN for the following parameters:

UDP 500 must be open in both inbound and outbond directions

IP protocol 50(esp) must be in both inbound and outbound directions.

UDP 10001

I have managed to configure the following in the firewall

object-group service UDP_VPN udp

port-object range 500 500

port-object range 10001 10001

object-group network EXT_Client_Servers ------These are the client server IPs

network-object 12.x.x.x

network-object 12.x.x.x

object-group network INT_LAN_Grp --------These are the internal LAN members who need to connect to the client servers.

network-object 192.168.x.x

network-object 192.168.x.x

access-list inside_access_in permit udp object-group INT_LAN_Grp object-group EXT_Client_Servers object-group UDP_VPN log

My questions are

1) Is the above configuration correct?

1) How do I incorporate ESP for the above?

2) Should the internal LAN IPs be NATed to public IP.Also should this be a one-to-one translation?

2) How should I enable traffic on the above ports for inbound direction?

Thanks in advance,

Ashwanth

0 Helpful
Reply
2 REPLIES
jmia
jmia Gold
Gold
‎05-05-2006 07:44 AM
‎05-05-2006 07:44 AM

Re: Client to Site VPN please help

You don’t mention which version of PIX OS your running, but here are documents that should resolve your problem:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009442e.shtml

VPN Client access with RADIUS authentication:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800b6099.shtml

PIX OS v7+ VPN Client access document:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008046f307.shtml

I would recommend if you have a large amount of VPN Client users to use an internal authentication server for tighter security i.e. RADIUS authentication for your remote clients.

Let me know if the above helps you or need further help. Please rate post if it helps as other might also be looking for similar documents/answers.

Jay

0 Helpful
Reply
Fernando_Meza
Fernando_Meza Gold
Gold
‎05-07-2006 11:02 PM
‎05-07-2006 11:02 PM

Re: Client to Site VPN please help

mmm ... good luck ... Are you saying that you require a LAN to LAN vpn .. or a remote VPN where clients connect using cisco vpn client to the 'head office'. If remote connection is the case .. then I suggest you to use the GUI provided by PDM. I will be easier in your situation follwoing the wizard and allowing the access you require ... If you are not too familiar with this I can help you as well if you post your config I can edit it according to what you need.

In any case this is anotehr link you could have a look

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949fb.shtml

I hope it helps !!!

0 Helpful
Reply
Latest Documents
Snort IPS on ISR, ISRv and CSR - Step-By-Step Configuration
Created by Kureli Sankar on 04-19-2018 11:25 AM
0
0
0
0
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin... view more
Upgrade Chassis Manager (FXOS)
Created by Jeet Kumar on 02-23-2018 02:51 AM
2
15
2
15
    Login to the FXOS chassis manager. Direct your browser to https://hostname/, and log-in using the user-name and password.     Go to Help > About and check the current version:    Check the current version availa... view more
ASA 5506-X with ipv6 no access to internet
Created by Klaxel on 02-08-2018 01:25 AM
3
5
3
5
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6. In Syslog I also se... view more
All Documents
135
Views
0
Helpful
2
Replies
CreatePlease to create content
Discussion
Blog
Document
Video
Popular Blogs
AnyConnect Certificate Based Authentication.
Created by Marvin Ruiz on 08-27-2012 05:20 PM
36
70
36
70
BLOG (No Title)
Created by athukral on 06-14-2011 04:23 AM
15
35
15
35
Wireless Hacking
Created by Anim Saxena on 01-24-2013 07:56 AM
2
20
2
20
All Blogs