Re: Basic Information

refram · ‎09-01-2004

I have, what I hope will be an easy question. I am planning on buying a PIX 501. I have a user who still wants to be able to use pcAnywhere to connect through the firewall to his workstation. Since he's the boss, I can't sell him on some other solution. Can I reroute things using a 501 so that he can accomplish this? Is there a guide somewhere out there that can walk me through it?

Thanks.

sstudsdahl · ‎09-01-2004

The PIX 501 will allow you to do this. I do this myself at home. The easiest way to configure this is to use the VPN Wizard within the PIX Device Manager. It walks you through the configuration and was pretty painless as I recall.

I've included a couple of links that may help. The first is the chapter from the PIX OS documenation "Manageing VPN Remote Access". The second is a link to the documentation for PDM. The section for the VPN Wizard should give an idea on what the wizard can be used to do.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/basclnt.htm#

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pdm/v_30/pdm302.pdf

learnsomething · ‎09-10-2004

I have tried this too i get my tunnel established and everything working from behind my 501 to corp. but cannot get to the pix over the tunnel from corp. have you had any luck? danielb1@doacs.state.fl.us

ssteve · ‎09-10-2004

You can also use a static statement and restrict the traffic allowed using an acl, example follows:

access-list acl_out permit tcp any host 63.206.10.10 eq www

static (inside,outside) 63.206.10.10 192.168.1.25 netmask 255.255.255.255 0 0

access-group acl_out in interface outside

This example allows web traffic from the public internet 63.206.10.10 to a static inside address of 192.168.1.25. You will need to determine the port(s) required to allow PcAnywhere traffic and adjust the acl accordingly.