Cisco Systems PIX 501 newbie (VPN issues)

Bookmark this page:  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
PIX 501 newbie (VPN issues) brian.marcotte 10-31-05
Posted by on October 31, 2005, 4:38 pm
Please log in for more thread options
Hello all.

I read Google Groups all of the time, even more so having recently
bought a PIX 501. I can usually find all of my answers here, but am
having trouble with this one.

Here is what I am trying to achieve:

I have a fully working domain at my house. It is Windows based. The
network has 3 Windows XP Pro PCs and 1 Windows 2003 Server.

I bought a PIX 501 to serve as the firewall.

I would like to be able to VPN into the network from the PC that I now
have at my girlfriend's house. I would essentially like to have a
Windows 2003 Server establish a secure VPN using the Cisco client to
the PIX at my house so that I can replicate my AD data to the server
and have a functional network in 2 sites.

I may have bitten off more than I can chew (feel free to tell me if it
isn't possible).

Both locations have a Cable connection with a DHCP-based WAN IP.

I do have a mail server and FTP server functioning as well.

I have attached my current running config.

I am not terribly familiar with the CLI yet and the PDM just doesn't
seem to address what I am looking for.

Any help would be greatly appreciated.

Thanks in advance.

Brian

Building configuration...
: Saved
:
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password RbBC8TNabJARy/Do encrypted
passwd RbBC8TNabJARy/Do encrypted
hostname CiscoPIX
domain-name DOMAIN.NET
clock timezone CST -6
clock summer-time CDT recurring
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list inbound permit tcp any any eq www
access-list inbound permit tcp any any eq 3389
access-list inbound permit tcp any any eq smtp
access-list inbound permit tcp any any eq https
access-list inbound permit tcp any any eq 69
access-list inbound permit tcp any any eq telnet
access-list inbound permit tcp any any eq 123
access-list inbound permit tcp any any range 3100 3103
access-list inbound permit tcp any any range 3000 3049
access-list inbound permit icmp any any
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside dhcp setroute
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location 192.168.1.5 255.255.255.255 inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface www 192.168.1.5 www netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3389 192.168.1.5 3389 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface smtp 192.168.1.5 smtp netmask
255.255.255.255 0 0
static (inside,outside) tcp interface https 192.168.1.5 https netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 69 192.168.1.5 69 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 123 192.168.1.5 123 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3100 192.168.1.5 3100 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3101 192.168.1.5 3101 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3102 192.168.1.5 3102 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3103 192.168.1.5 3103 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3000 192.168.1.5 3000 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3001 192.168.1.5 3001 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3002 192.168.1.5 3002 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3003 192.168.1.5 3003 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3004 192.168.1.5 3004 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3005 192.168.1.5 3005 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3006 192.168.1.5 3006 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3007 192.168.1.5 3007 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3008 192.168.1.5 3008 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3009 192.168.1.5 3009 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3010 192.168.1.5 3010 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3011 192.168.1.5 3011 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3012 192.168.1.5 3012 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3013 192.168.1.5 3013 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3014 192.168.1.5 3014 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3015 192.168.1.5 3015 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3016 192.168.1.5 3016 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3017 192.168.1.5 3017 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3018 192.168.1.5 3018 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3019 192.168.1.5 3019 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3020 192.168.1.5 3020 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3021 192.168.1.5 3021 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3022 192.168.1.5 3022 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3023 192.168.1.5 3023 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3024 192.168.1.5 3024 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3025 192.168.1.5 3025 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3026 192.168.1.5 3026 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3027 192.168.1.5 3027 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3028 192.168.1.5 3028 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3029 192.168.1.5 3029 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3030 192.168.1.5 3030 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3031 192.168.1.5 3031 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3032 192.168.1.5 3032 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3033 192.168.1.5 3033 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3034 192.168.1.5 3034 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3035 192.168.1.5 3035 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3036 192.168.1.5 3036 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3037 192.168.1.5 3037 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3038 192.168.1.5 3038 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3039 192.168.1.5 3039 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3040 192.168.1.5 3040 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3041 192.168.1.5 3041 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3042 192.168.1.5 3042 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3043 192.168.1.5 3043 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3044 192.168.1.5 3044 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3045 192.168.1.5 3045 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3046 192.168.1.5 3046 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3047 192.168.1.5 3047 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3048 192.168.1.5 3048 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 3049 192.168.1.5 3049 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface telnet 192.168.1.1 telnet netmask
255.255.255.255 0 0
access-group inbound in interface outside
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
terminal width 80
Cryptochecksum:738d028e4bb583d34b4ced3f3f86cbe2
: end
[OK]


Similar ThreadsPosted
PIX 501 newbie (VPN issues) October 31, 2005, 4:38 pm
Cisco Pix 501 Very Strange issues ! Newbie needs help !! October 4, 2006, 3:14 am
503 dmz+vpn issues December 14, 2005, 11:19 am
503 dmz+vpn issues December 14, 2005, 11:19 am
NAT issues March 12, 2007, 9:29 pm
VPN Issues on 837 March 23, 2007, 9:08 am
ASA OS QA issues?? May 30, 2007, 1:18 pm
BGP issues June 27, 2008, 3:59 pm
Cisco VPN issues August 2, 2005, 6:30 pm
VLAN Issues September 22, 2005, 4:18 pm
IOS ipsec issues October 11, 2005, 2:59 am
VPN Internet Issues January 8, 2006, 8:56 am
VPN Internet Issues January 8, 2006, 8:55 am
VPN Internet Issues January 8, 2006, 8:57 am
cisco 837 ip issues January 26, 2006, 2:00 pm