Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

First time setting up VPN w/ Pix 501

Hello Cisco Experts,

I am new to cisco and vpn's and am not sure if I understand this task correctly. I first attempted to create this vpn with a Linksys WRVS440n, but I could not make it work. We have a Pix 501 and I am going to install if Friday afternoon. I will setup the vpn Monday day. Can any one of you assist me in understanding NAT, so I can enter the addresses correctly?

I will perform a config factory-default to initially set it up. I would like to use the vpn wizard, for it sounds easier than the CLI.

Once it is in place this is what the settings will be:

Outside:     216.86.182.88

Inside:      192.168.1.1

Host system: 192.168.1.2

The remote host info is:

Outside:     66.79.80.108

I am confused on how to connect to their host: 10.1.0.62 because they have given me several addresses.

Here is the text they have given me, which has confused me:

We provide a Gateway to Host configuration. Meaning, our side is Gateway (192.168.50.0) and your side is the single host. You will need to NAT your internal IIS host IP to 10.1.0.62. The /32 indicates single host vs./24 which would indicate a Gateway. Basically you will only need configure the NAT statement, 10.1.0.62 one time to our gateway, 192.168.50.0. Our network will route traffic properly as we have secured our side. Once the VPN tunnel is up, you should be able to ping the 4 IP addresses listed in the ticket, 192.168.50.86, 192.168.50.83, 192.168.50.85, and 192.168.50.50.

Mark, the preferred VPN router is Cisco ASA 5505 since you need to be able to do a 1 to 1 NAT but other routers that are Cisco compliant and can perform the same function can work if configured properly. I’m attaching that VPN Tunnel Signoff Form which has clinic requirements, hope it’s helpful. As far as your question concerning Linksys and PIX, I would not know the answer since I’m not an engineer, but if Linksys is Cisco compliant and can do a 1 to 1 NAT then I don’t anticipate any issues.

(1)   Our internal subnet here is indeed 102.168.50.0 255.255.255.0

(2)   The WAN IP of our firewall is 66.179.80.108.

You do not NAT to our WAN IP.  Our WAN IP is what you put in the field for “Peer Address” for the vpn tunnel.  Our WAN IP (66.179.80.108) should not be in your NAT configuration at all.

You need to NAT your internal IIS host, whatever it is, to 10.1.0.62.

Then you need to source your encrypted traffic from 10.1.0.62 and send it to us at 192.168.50.0/24.

Can anyone help me understand what they are telling me.

2 REPLIES

Re: First time setting up VPN w/ Pix 501

You need to define a static NAT.

static (inside,outside) 10.1.0.62 192.168.1.2

In this way, all the traffic sent from your host 192.168.1.2 will be NAT-ed to 10.1.0.62. So the other side will see the packets from 10.1.0.62.

When you define ACL for your VPN traffic, you need use the following

access-list VPN permit ip host 10.1.0.62 192.168.50.0 255.255.255.0

You also need the info about phase 1 and phase 2 policy, pre-shared key (if you use it) in order to finish the configuration on your side.

New Member

Re: First time setting up VPN w/ Pix 501

Captain, we have VPN, thank you very much. this was very helpful.

693
Views
0
Helpful
2
Replies