Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
706
Views
0
Helpful
3
Replies

How to enable PIX 515E VAC+ Crypto5823 revision 0x1

Go to solution
N5fGc9uYr
Level 1
Level 1

‎11-23-2013 07:55 AM - edited ‎03-11-2019 08:08 PM

Hi

I always use software vpns like:

1) ProXPN

2) TrustConnect (Comodo)

3) ThreatSpike Dome

4) Vpnbook

5) Hotspot Shield

etc,etc,etc...

Basically they hide my real IP address assigned by my ISP, and they encrypt my internet connection. They are used for security and privacy.

I want to do exactly the same thing but through HARDWARE (card,chip), not SOFTWARE (openvpn, etc). And without any company, organization, or people keeping logs of the websites I visit.

My question is.

It is possible to do  exactly the same thing but with my PIX 515E VAC+ Crypto5823 revision 0x1?

If it is possible. How can I acomplish this?

Any tips, commands, tutorials, links, guides, books, labs

Recently I was able to configure my public and private ip address and NAT in my PIX, so far so good.

http://www.pcworld.com/article/118525/article.html

But when I go to https://www.dnsleaktest.com/ its still showing my real public ip address. I thought that with NAT enable, my public IP address would be hidden.

So I thought hey maybe the PIX 515E VAC+ Crypto5823 revision 0x1 would do the trick. But I dont know wich are the commands I have to use to enable it and configure it. I dont know if is already encrypting my internet connection. How can I tell if is working and encrypting my internet?

Now in case you guys tell me that is not possible to do that with PIX 515E. It will be possible with a CISCO VPN 3000 Concentrator?

This is my firewall PIX config:

Licensed features for this platform:

Maximum Physical Interfaces : 6

Maximum VLANs               : 25

Inside Hosts                : Unlimited

Failover                    : Active/Active

VPN-DES                     : Enabled

VPN-3DES-AES                : Disabled

Cut-through Proxy           : Enabled

Guards                      : Enabled

URL Filtering               : Enabled

Security Contexts           : 2

GTP/GPRS                    : Disabled

VPN Peers                   : Unlimited

This platform has an Unrestricted (UR) license.

Encryption hardware device : VAC+ (Crypto5823 revision 0x1)

Cisco PIX Security Appliance Software Version 7.2(4)25

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
naveenrawat007
Level 1
Level 1

‎11-23-2013 01:55 PM

Hi Alex,

     If you are using PIX firewall as a perimeter gateway to internet, then you wont be able to use NAT on PIX to hide Public IP addresses.

As far as the test you conducted to check the IP address through dnsleak.com

you will always get the IP to which you are NATing or PATing your internal machines.

As far as software VPN are considered, In that case a VPN tunnel between the servers at the Proxpn or vpnbook or etc is made and the traffic gets initiated at your end goes encrypted till Proxpn and then is routed to Internet.

Internal Host-----VPN-------ProXPN--------internet.

however if you talk of VPN on PIX firewall its not a solution for such host based issues, it is rather used at a enterprise level or as a business solution.

Internal Host-----PIX------VPN tunnel----------OFFICE SITE-----Internal resources.

what you are looking for is a host based solution, however VPN on PIX provides a different utility all together.

So if your requirement is just to hide your identity, i would suggest you to use a proxy instead of VPN for this . USe any global free Proxy and that would do the trick for you.

Hope it helps

Cheers,

Naveen

Please Rate helpful Posts...

Hope it helps Cheers, Naveen Please Rate Helpful posts.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
naveenrawat007
Level 1
Level 1

‎11-23-2013 01:55 PM

Hi Alex,

     If you are using PIX firewall as a perimeter gateway to internet, then you wont be able to use NAT on PIX to hide Public IP addresses.

As far as the test you conducted to check the IP address through dnsleak.com

you will always get the IP to which you are NATing or PATing your internal machines.

As far as software VPN are considered, In that case a VPN tunnel between the servers at the Proxpn or vpnbook or etc is made and the traffic gets initiated at your end goes encrypted till Proxpn and then is routed to Internet.

Internal Host-----VPN-------ProXPN--------internet.

however if you talk of VPN on PIX firewall its not a solution for such host based issues, it is rather used at a enterprise level or as a business solution.

Internal Host-----PIX------VPN tunnel----------OFFICE SITE-----Internal resources.

what you are looking for is a host based solution, however VPN on PIX provides a different utility all together.

So if your requirement is just to hide your identity, i would suggest you to use a proxy instead of VPN for this . USe any global free Proxy and that would do the trick for you.

Hope it helps

Cheers,

Naveen

Please Rate helpful Posts...

Hope it helps Cheers, Naveen Please Rate Helpful posts.
0 Helpful

Go to solution
N5fGc9uYr
Level 1
Level 1

‎11-23-2013 03:45 PM

1) I just saw with wireshark that my internnet connection is not been encrypted when I use my

    PIX 515E VAC+ Crypto5823 revision 0x1

https://ask.wireshark.org/questions/1324/vpn-connection

2) So my PIX 515E VAC+ Crypto5823 revision 0x1, its disabled, does not work, or I need like a license in order to             activate his functionality.

3) Once is connected to the PIX it should start working according to this, I could be wrong:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_qanda_item09186a0080148723.shtml

Q. What do customers have to change in their cryptographic configurations when they add the Cisco PIX Firewall VAC+ to a Cisco PIX Firewall?

A. No changes are needed. The Cisco PIX Firewall VAC+ begins to function immediately after installation. No special configuration is needed.

So I am kinda confuse on this one. I am going to keep trying.

0 Helpful

Go to solution
jumora
Level 7
Level 7
In response to N5fGc9uYr

‎11-23-2013 07:08 PM

?????

Explain it, where is the source where do you want to connect and over what protocol.

Value our effort and rate the assistance!

Value our effort and rate the assistance!
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card