02-21-2005 07:46 AM - edited 02-20-2020 11:58 PM
Currently I can send mail but cannot receive mail from the Internet, if I remove the Pix and connect directly to the Modem/Router then I can SMTP in on port 25 and SMTP mail works fine both in & out.
All we want this Pix to allow at present is:
a) Internet access to all internal network clients
b) Allow clients to pop mail from web mail accounts
c) We wish to use Exchange & Outlook and host our own e-mail using SMTP
Please find attached two documents: -
1. A current edited running config of my 501 Pix
2. A PowerPoint diagram of my network.
I very much appreciate any help.
Vinny.
Solved! Go to Solution.
03-18-2005 07:19 AM
The error message 1, 2, 3 are VERSION related. What PIX OS version have you installed on your PIX ? You need 6.3.4 for that I think.
To see your version use "show version".
Error message 4 is because you ahve to replace the "PEER-IP" by the public IP address of your VPN Peer.
sincerely
Patrick
03-18-2005 03:37 PM
I am using version 6.2.2
One of our salesmen will need to connect from various hotels whilst travelling, so we would know the "PEER-IP"
Rgds
Vinny
03-22-2005 06:50 AM
Hi Patrick,
Any thoughts on how one of our roaming sales people can connect via a client VPN where we do not know their static IP?
Secondly, I sometimes have a problem connecting to our mail server via OWA. 50 percent of the time I can connect no problem other times it times out & cannot find the page! Do you think this could be Pix related?
Thanks
Vinny
03-22-2005 07:38 AM
No problem use this config which opens to ANY IP address ! The sysopt will open IPSEC on the outside interface for any IP on the Internet. But the question is more if can open IPSEC (udp 500) and Protocol ESP on the ADSL Router.
Example for dynmic VPN Clients:
access-list NONAT permit ip Internalnet ISubnet VPN-Pool 255.255.255.0
access-list DYN-VPN-ACL permit ip Internalnet ISubnet VPN-Pool 255.255.255.0
aaa-server LOCAL protocol local
aaa authentication secure-http-client
sysopt connection permit-ipsec
crypto ipsec transform-set TRANS esp-3des esp-md5-hmac
crypto dynamic-map outside_dyn_map 20 match address DYN-VPN-ACL
crypto dynamic-map outside_dyn_map 20 set transform-set TRANS
crypto map REMOTE 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map REMOTE client authentication LOCAL
crypto map REMOTE interface outside
isakmp enable outside
isakmp identity address
isakmp nat-traversal 20
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
ip local pool VPNPool x.y.z.1-x.y.z.254
vpngroup VPNGroup address-pool VPNPool
vpngroup VPNGroup dns-server dns2 dns1
vpngroup VPNGroup default-domain localdomain
vpngroup VPNGroup idle-time 1800
vpngroup VPNGroup password grouppassword
username vpnclient password vpnclient-password
Could you please open another POST this one is getting to heavy (long) !!!
Title: VPN Client setup for PIX 501
sincerely
Patrick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide