PIX 6.0 is not support remote vpn acces???

SI YING TAN · ‎11-14-2016

i have 1 unit PIX 515E firewall the firmware version is 6.0 and attach with the license feature.

I would like to configure remote access vpn, but it doesnot work.

1. pix firewall is 6.0 and it does not support vpn-3des

2. I try using window xp and the vpn client is 4.8, it did not connected.it show "contacting the security gateway x.x.x.x"

3.I have debug the isakmp it show "crypto_isakmp_process_block"

4. I have allow any on the inside/outside interface rule, it still failed to connect.

Attach with the configuration and debug output.

is it PIX firewall not support remote vpn access?

Marvin Rhoads · ‎11-17-2016

That is a REALLY old box with old software. It has not been sold since 2008 and support ended in 2013.

http://www.cisco.com/c/en/us/products/collateral/security/pix-500-series-security-appliances/end_of_life_notice_for_the_Cisco_PIX_515E_Security_Appliance.html

It is capable of supporting 3DES but that requires an activation key.

I doubt the licensing portal (software.cisco.com and select traditional licensing link then "Get other licenses > IPS, Crypto, Other...") will issue one for such an old Pix. Although they are still listed under the menu for Crypto licenses, selecting the Pix option results in the system returning an error.

You would be much better off looking for a used ASA 5505 or better yet a new 5506 with 3DES-AES activation possible and using AnyCconnect.licenses for remote access VPN.

ilukeberry · ‎11-18-2016

Dude, that's really old box.. throw it into garbage and get new ASA.