[c-nsp] basic remote vpn connection to cisco pix

Jonathan Charles jonvoip at gmail.com
Mon Apr 2 11:13:42 EDT 2007


This is going to sound stupid, but have you tried the wizard?

It is just really easy... and it works all the time...



Jonathan

On 4/2/07, Chad Whitten <cwhitten at nexband.com> wrote:
>
> im trying to setup a basic connection using the cisco secure vpn client
> to a cisco pix 501.  dont need anything special, no nat, no access lists
>   or anything.  ive went through the configs on the cisco site but
> havent really found anything as simple as what i need.
>
> here is what i have so far, would like some input as to if this should
> work before i begin trying to test
>
> -----------------------------------------------------------
> PIX Version 6.3(5)
> interface ethernet0 auto
> interface ethernet1 100full
> nameif ethernet0 outside security0
> nameif ethernet1 inside security100
> access-list 101 permit ip 10.1.6.0 255.255.255.0 10.1.6.208
> 255.255.255.240
> ip local pool vpn1 10.1.6.209-10.1.6.222
> global (outside) 1 interface
> nat (inside) 0 access-list 101
> nat (inside) 1 0.0.0.0 0.0.0.0 0 0
> sysopt connection permit-ipsec
> sysopt ipsec pl-compatible
> crypto ipsec transform-set set1 esp-3des esp-sha-hmac
> crypto dynamic-map map1 10 set transform-set set1
> crypto map vpnmap1 10 ipsec-isakmp dynamic map1
> crypto map vpnmap1 interface outside
> isakmp enable outside
> isakmp key ******** address 0.0.0.0 netmask 0.0.0.0
> isakmp identity address
> isakmp client configuration address-pool local vpn1 outside
> isakmp policy 10 authentication pre-share
> isakmp policy 10 encryption 3des
> isakmp policy 10 hash sha
> isakmp policy 10 group 2
> isakmp policy 10 lifetime 28800
> vpngroup client1 address-pool vpn1
> vpngroup client1 idle-time 1800
> vpngroup client1 password ********
>
> --
> Chad Whitten
> Director of Operations
> neXband Communications
> cwhitten at nexband.com
> 601-988-0101 - Phone
> 601-988-0016 - Fax
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list