Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
290
Views
0
Helpful
1
Replies

Pix 515e vpn setup

rmedina_fe
Level 1
Level 1

‎11-29-2006 03:06 PM - edited ‎02-21-2020 02:44 PM

I currently have a pix 515e setup as a firewall and vpn terminator. We will be moving our network to a new isp that will provide the firewall service, but i need to keep the pix for the vpn functionality. The pix currently has a public IP for the vpn but the new ISP want to do nat for the pix, so I have to give it a private ip. here is what the ISP sent me.

>Essentially - Customer needs

>1. Internal Server IP address that >will arrive from customer to the f/w.

>

>2. The public address NAT that will >represent the customer internal server.

>

>3. The proper ports open to support >this request. UDP ? 10000 or 4500 ? >and 500.

I'm new to VPN I would like some direction on where to find some documents on how to setup the cisco behind another router and without a public ip. Also can the pix have both interfaces on the same subnet?

Thank you

rene

Labels:
0 Helpful
1 Reply 1

ggilbert
Cisco Employee
Cisco Employee

‎11-30-2006 08:44 AM

Rene -

You can't have both the interfaces on the same subnet.

3. Ports needed for VPN to work.

UDP - 500 ==> which is ISAKMP

UDP - 4500 ==> NAT-T

UDP - 10000 ===> IPSec over UDP

ESP protocol ==> which is protocol number 50.

1 & 2. Your external (outside) IP address of the PIX.

Does this answer your question.

0 Helpful
Customers Also Viewed These Support Documents