Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1120
Views
0
Helpful
6
Replies

How to config 515E PIX for VPN - local Authentication ?

nhuongpham
Level 1
Level 1

‎01-12-2005 03:55 AM - edited ‎02-21-2020 10:12 AM

Dear Sir/Madam,

I need config PIX 515E for VPN, I want that I can use windows 2000/xp connect to internet after that access to my private network.

I configured as follow but I can't access to my private network:

"PIX Version 6.3(1)

interface ethernet0 auto

interface ethernet1 auto

interface ethernet2 auto shutdown

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 dmz security4

hostname pvfcco-pix515e

domain-name pvfcco.com.vn

fixup protocol ftp 21

...........

names

access-list 100 permit tcp any host 203.162.202.213 eq www

access-list 100 permit tcp any host 203.162.202.213 eq smtp

access-list 100 permit tcp any host 203.162.202.213 eq ftp

access-list 100 permit tcp any host 203.162.202.213 eq 110

access-list 100 permit tcp any host 203.162.202.213 eq 113

access-list 100 permit tcp any host 203.162.202.213 eq 443

access-list 100 permit tcp any host 203.162.202.213 eq 3389

access-list 100 permit tcp any host 203.162.202.213 eq ftp-data

access-list 100 permit tcp any host 203.162.202.213 eq 143

access-list 100 permit tcp any host 203.162.202.213 eq telnet

pager lines 24

mtu outside 1500

mtu inside 1

mtu dmz 1500

ip address outside 203.x.x.211 255.255.255.240

ip address inside 192.168.3.2 255.255.255.252

no ip address dmz

ip audit info action alarm

ip audit attack action alarm

pdm location 192.168.3.1 255.255.255.255 inside

pdm history enable

arp timeout 14400

global (outside) 10 203.162.202.214

nat (inside) 10 0.0.0.0 0.0.0.0 0 0

ip local pool my-addr-pool 192.168.6.1-192.168.6.254

255.255.255.0

access-list 101 permit ip 192.168.3.0 255.255.255.252 192.168.6.0 255.255.255.0

nat (inside) 0 access-list 101

sysopt connection permit-ipsec

sysopt connection permit-pptp

vpdn group 1 accept dialin pptp

vpdn group 1 ppp authentication pap

vpdn group 1 ppp authentication chap

vpdn group 1 ppp authentication mschap

vpdn group 1 ppp encryption mppe 40 required

vpdn group 1 client configuration address local my-addr-pool

vpdn username cisco password cisco

vpdn enable outside

static (inside,outside) 203.x.x.x.168.3.1 netmask 255.255.255.255 0 0

access-group 100 in interface outside

route outside 0.0.0.0 0.x.x.x.162.202.210 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

http server enable

http 192.168.3.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

telnet 192.168.3.0 255.255.255.0 inside

telnet timeout 5

ssh timeout 5

console timeout 0

terminal width 80

Thanks very much

Labels:
0 Helpful
6 Replies 6

jmia
Level 7
Level 7

‎01-12-2005 07:18 AM

Hi,

Have a read of the following document on how to setup PIX with PPTP:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080143a5d.shtml

Please rate this post if it helps you.

0 Helpful

sachinraja
Level 9
Level 9

‎01-12-2005 08:44 AM

Hi...

are u able to get authenticated and connected on VPN ? are u getting the ip address.. once you get the ip address, u should be able to ping the server 192.168.3.1. if u are going to access the server via VPN, why do u need the static ? can u please remove the static and then try via VPN ? what server is that ?? is it talking to internet ???

please let us know..

Raj

0 Helpful

nhuongpham
Level 1
Level 1
In response to sachinraja

‎01-12-2005 05:44 PM

Thanks, I sure that connect from private network to PIX is good because users can access to internet and mobil users can access to web mail at local site.

Now I want config PIX as VPN server with local Authentication,

can you help me.

Regards,

Nhuong Pham

0 Helpful

mhoda
Level 5
Level 5
In response to nhuongpham

‎01-13-2005 06:59 AM

Hi,

If you are unable to authenticate, please add the following line -

vpdn group 1 client authentication local

Rest of your config looks good. You may leave your static as nat 0 ACL will override everything else.

If you are unable to reach to a specific IP, or network not directly connected to inside, you need to include these additional network that may be multiple hops away from inside interface of PIX, you need to define the route as well.

Thanks,

Mynul

0 Helpful

touvue
Level 1
Level 1
In response to mhoda

‎01-13-2005 08:18 AM

How do you define the different routes inside the network? i.e. what is command to do that. I think my problem is similar to that. In my vpn client static, I do not see the my local subnets or routes to get to them. I think that is why I can can't get anywhere.

0 Helpful

nhuongpham
Level 1
Level 1
In response to mhoda

‎01-13-2005 08:44 PM

Thanks, I resolved this problem.

NhuongPham,

0 Helpful
Customers Also Viewed These Support Documents