https://community.cisco.com/t5/network-security/client-to-site-vpn-please-help/m-p/547360#M1055160 <HTML><HEAD></HEAD><BODY><P> mmm ... good luck ... Are you saying that you require a LAN to LAN vpn .. or a remote VPN where clients connect using cisco vpn client to the 'head office'. If remote connection is the case .. then I suggest you to use the GUI provided by PDM. I will be easier in your situation follwoing the wizard and allowing the access you require ... If you are not too familiar with this I can help you as well if you post your config I can edit it according to what you need.</P><P></P><P>In any case this is anotehr link you could have a look</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949fb.shtml" target="_blank">http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949fb.shtml</A></P><P></P><P></P><P>I hope it helps !!!</P><P></P><P></P></BODY></HTML> Mon, 08 May 2006 06:02:05 GMT Fernando_Meza 2006-05-08T06:02:05Z https://community.cisco.com/t5/network-security/client-to-site-vpn-please-help/m-p/547358#M1055155 <P></P><P>Hello,</P><P></P><P>Please help me in configuring VPN.Below mentioned are the details.</P><P></P><P>I have been recently handed the responsibilty of maintaining the CISCO PIX 515E in my organisation.</P><P></P><P>I need to configure a client to site VPN for the following parameters:</P><P>UDP 500 must be open in both inbound and outbond directions</P><P>IP protocol 50(esp) must be in both inbound and outbound directions. </P><P>UDP 10001 </P><P> </P><P>I have managed to configure the following in the firewall</P><P> </P><P>object-group service UDP_VPN udp</P><P>port-object range 500 500</P><P>port-object range 10001 10001</P><P></P><P>object-group network EXT_Client_Servers ------These are the client server IPs </P><P>network-object 12.x.x.x</P><P>network-object 12.x.x.x</P><P></P><P>object-group network INT_LAN_Grp --------These are the internal LAN members who need to connect to the client servers.</P><P>network-object 192.168.x.x</P><P>network-object 192.168.x.x</P><P></P><P>access-list inside_access_in permit udp object-group INT_LAN_Grp object-group EXT_Client_Servers object-group UDP_VPN log</P><P></P><P>My questions are</P><P>1) Is the above configuration correct? </P><P>1) How do I incorporate ESP for the above?</P><P>2) Should the internal LAN IPs be NATed to public IP.Also should this be a one-to-one translation?</P><P>2) How should I enable traffic on the above ports for inbound direction? </P><P></P><P>Thanks in advance,</P><P></P><P>Ashwanth</P><P></P> Fri, 21 Feb 2020 08:52:41 GMT https://community.cisco.com/t5/network-security/client-to-site-vpn-please-help/m-p/547358#M1055155 tiwari924 2020-02-21T08:52:41Z https://community.cisco.com/t5/network-security/client-to-site-vpn-please-help/m-p/547359#M1055158 <HTML><HEAD></HEAD><BODY><P>You don&#146;t mention which version of PIX OS your running, but here are documents that should resolve your problem:</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009442e.shtml" target="_blank">http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009442e.shtml</A></P><P></P><P>VPN Client access with RADIUS authentication:</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800b6099.shtml" target="_blank">http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800b6099.shtml</A></P><P></P><P>PIX OS v7+ VPN Client access document:</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008046f307.shtml" target="_blank">http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008046f307.shtml</A></P><P></P><P>I would recommend if you have a large amount of VPN Client users to use an internal authentication server for tighter security i.e. RADIUS authentication for your remote clients.</P><P></P><P>Let me know if the above helps you or need further help. Please rate post if it helps as other might also be looking for similar documents/answers.</P><P></P><P>Jay</P><P></P></BODY></HTML> Fri, 05 May 2006 14:44:43 GMT https://community.cisco.com/t5/network-security/client-to-site-vpn-please-help/m-p/547359#M1055158 jmia 2006-05-05T14:44:43Z https://community.cisco.com/t5/network-security/client-to-site-vpn-please-help/m-p/547360#M1055160 <HTML><HEAD></HEAD><BODY><P> mmm ... good luck ... Are you saying that you require a LAN to LAN vpn .. or a remote VPN where clients connect using cisco vpn client to the 'head office'. If remote connection is the case .. then I suggest you to use the GUI provided by PDM. I will be easier in your situation follwoing the wizard and allowing the access you require ... If you are not too familiar with this I can help you as well if you post your config I can edit it according to what you need.</P><P></P><P>In any case this is anotehr link you could have a look</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949fb.shtml" target="_blank">http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949fb.shtml</A></P><P></P><P></P><P>I hope it helps !!!</P><P></P><P></P></BODY></HTML> Mon, 08 May 2006 06:02:05 GMT https://community.cisco.com/t5/network-security/client-to-site-vpn-please-help/m-p/547360#M1055160 Fernando_Meza 2006-05-08T06:02:05Z