[c-nsp] basic remote vpn connection to cisco pix

Chad Whitten cwhitten at nexband.com
Mon Apr 2 09:57:32 EDT 2007


im trying to setup a basic connection using the cisco secure vpn client 
to a cisco pix 501.  dont need anything special, no nat, no access lists 
  or anything.  ive went through the configs on the cisco site but 
havent really found anything as simple as what i need.

here is what i have so far, would like some input as to if this should 
work before i begin trying to test

-----------------------------------------------------------
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
access-list 101 permit ip 10.1.6.0 255.255.255.0 10.1.6.208 255.255.255.240
ip local pool vpn1 10.1.6.209-10.1.6.222
global (outside) 1 interface
nat (inside) 0 access-list 101
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
sysopt connection permit-ipsec
sysopt ipsec pl-compatible
crypto ipsec transform-set set1 esp-3des esp-sha-hmac
crypto dynamic-map map1 10 set transform-set set1
crypto map vpnmap1 10 ipsec-isakmp dynamic map1
crypto map vpnmap1 interface outside
isakmp enable outside
isakmp key ******** address 0.0.0.0 netmask 0.0.0.0
isakmp identity address
isakmp client configuration address-pool local vpn1 outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 28800
vpngroup client1 address-pool vpn1
vpngroup client1 idle-time 1800
vpngroup client1 password ********

-- 
Chad Whitten
Director of Operations
neXband Communications
cwhitten at nexband.com
601-988-0101 - Phone
601-988-0016 - Fax


More information about the cisco-nsp mailing list