PIX 501 - A few problems configuring

---

• From: Steven Duckworth <srduck@xxxxxxxxxxxxx>
• Date: Fri, 26 May 2006 10:49:54 -0400

---

We just replaced a Linksys RV042 with a PIX 501 here at the office to satisfy the auditors. Auditors like buzzwords and disks full of log files, and they seemed to believe the PIX 501 satisfied both. However, I can't get it to do what the little RV042 used to. Namely, act as a VPN server.

There are a few basic things I need to get working here. First, we have a vendor-supplied and configured Cisco 1710 router acting as a VPN gateway. If I enabled "fixup protocol esp-ike" on the PIX, it goes through just fine. Unfortunately, if I want the PIX to act as a VPN server I don't think that's gonna work.

Next, we're using DSL. So.. that means PPPoE, unless I can talk to Bellsouth and find a different way...

Which interferes with it being a VPN server, from what I've heard. Whether I use the Cisco VPN client or L2TP/PPTP... doesn't really matter to me... I just need a few people to be able to get into the network to access files, email, or do maintenance on servers over the weekend when we can't get into the office via VNC/Terminal Services.


So, in order....
1) Internal VPN gateway trying to go out. I think it needs IKE NAT Traversal, but turning that on hasn't helped. Only fixup works for me.

2) PPPoE and acting as a VPN server. Is it even possible? Do I need to set it up to NAT a port to the local interface, or what?


At this point, I'm thinking Cisco's "Linksys to Cisco Trade-Up Program" should be renamed to Trade-Down. The Linksys RV042 worked like a charm for us, but I'm ready to throw this stupid little teal box out a window. The things I've heard about the PIX 501 not doing VPN and PPPoE at the same time baffles me, as the Linksys cost $500 less and did it perfectly.

Thanks in advance
Steven
.

---

• Prev by Date: Re: Cisco Aironet 1200, how do I intelligently expand my coverage using 2 access points
• Next by Date: Link Extension/DN - IPAddress(es) in Cisco CallManager Database
• Previous by thread: Logging bad password attempts
• Next by thread: Link Extension/DN - IPAddress(es) in Cisco CallManager Database
• Index(es):
  • Date
  • Thread

---

Relevant Pages Win2K3 L2TP VPN server behind Cisco PIX firewall - Help! ... I am trying to setup a Windows 2003 L2TP VPN gateway behind a Cisco PIX ... separate path past our PIX firewall by dual-porting the VPN server across the ... access-list outside_access_in remark permit isakmp from any to any ... (microsoft.public.windows.server.networking) RE: client firewall recommendations ... sessions, throughput, number of user that can be behind it... ... session to kill a linksys and/or dlink SOHO boxe. ... I would recommand either a PIX 501 or Netscreen. ... >Subject: client firewall recommendations ... (Security-Basics) Re: Incoming VPN issues...works for some, but not all. ... why do you use PIX as VPN server? ... Remote PPP peer or computer is not responding. ... > exists to provide incoming VPN authentication and DHCP to ... (microsoft.public.win2000.ras_routing) Re: WAN IP Address Help ... This is because the DHCP process reserves IP adresses per MAC-address. ... set the linksys to use the same MAC adres as the PIX ... > outside interface) the IP address reported for the outside interface is ... (comp.dcom.sys.cisco) Re: Cisco Pix 501 and Linksys router ... (however I am using a Draytek instead of a Linksys). ... At present from the PIX I can ping outside to the Internet but PC's from ... >>I have a Linksys router connected to a cable modem. ... (comp.dcom.sys.cisco)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

newsgroups.derkeiler.com  > Archive  > Comp  > comp.dcom.sys.cisco  > 2006-05