So, I have an ASA 5505 at one office, with the ability to do a clientless, or anyconnect into it. I also have a windows 2008 server which will allow me to PPTP, L2TP, or SSTP into it.
My Goal: In my pursuite of understanding VPNs more I would like to setup a PIX 501 at a remote location, and when I plug a user into it, I would like it to be as if Im plugged into my office network switch.
I followed this article in regards to the pix setup for the client:
I configured a few PIX501 firewalls as NEM clients for one of our customers few years ago, so abit rusty.
I think you need to have the username/password configuration on the PIX501 also.
vpnclient username password
The ASA5505 might also need some configurations under its group-policy. Not 100% sure about this as our IOS VPN devices VPN profile configurations look abit different.
Also to be able to use the Internet through the VPN connection you need NAT configurations on the ASA5505 so the PIX501 users can use the ASA5505 outside interface IP as the PAT address for traffic destined to Internet.
Looking at your NAT exempt configuration for the VPN, I would personally use the real network address range as the source instead of using any.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...