Re: VPN Connection from Outside Pix 501 to inside.

cccc1 · ‎12-03-2003

I am trying to setup a VPN Connection for a remote site on our Pix 501 Router. We have several connections configured for going out to clients networks. Have a vpngroup setup and vpnusers setup.

Have a local ip pool configured. Have an access-list that looks like the following example:

access-list 102 permit ip 100.0.0.0 255.0.0.0 219.0.0.0 255.0.0.0

The 100.0.0.0 is the inside addresses on the network and the 219.0.0.0 is the ip addresses of the ip pool.

The following is example of the NAT and global configuration:

global (outside) 1 interface

nat (inside) 0 access-list 10

nat (inside) 20 access-list 20 0 0

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

Has a list of addresses configured with static command. Have the following configuration for access-group.

access-group 1 in interface outside.

Any direction on this would be greatly appreciated. Have found some articles on the Cisco site, but none of them deal with Pix with other connections already configured.

jsivulka · ‎12-10-2003

When configuring client to PIX vpn, it is always a good idea to assign addresses to the remote clients from a local pool (use the ip local pool command) and then to configure nat0. This can be done as shown in

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009442e.shtml

cccc1 · ‎12-10-2003

I already have a local pool of addresses using the ip local pool command. I have a previous connection that is supposedly an outgoing connection that shows up and active for IPSEC and IKE.