How do I configure VPN passthrough with a PIX 501

- W
- wallacew
  
  Contact options for registered users
posted
16 years ago

Thu, May 3, 2007 5:12 AM

Hi,

Sorry, newbie question...

I just recently installed a PIX 501 (version 6.3(1)) in my home network. Previously I was using a cheap airlink router that provided VPN passthrough. I'm using Nortel Contivity VPN client on 1 computer, and Cisco VPN client on another client.

On my cheap Airlink router, I could easily use my Nortel or Cisco VPN client to connect to my company with no configuration. These cheap routers always advertise the ability to do VPN Passthrough.

I can't get the same thing to work on PIX 501. I've read in other newgroups about NAT transversal, enabling isakmp, etc, but nothing seems to work.

Do I have to actually configure any VPN settings on the PIX? I should be able to simply configure an access-list. Do I need to configure any transform-sets or crypto map, isakmp in order to make this to work?

Thanks in advance,

Wallace

Loading thread data ...

- W
- Walter Roberson
  
  Contact options for registered users
Vote on answer
posted
16 years ago

Thu, May 3, 2007 12:47 PM

6.3(1) has several known security problems. There are operational problems with 6.3(2), and security problems in 6.3(3), 6.3(4), 6.3(5), and 6.3(5)112 . It would be best if you could upgrade your PIX 501 as far as possible. If you are the registered owner of the device, the upgrade is free.

You only need to configure transform sets and crypto maps and isakmp nat-traversal if you are terminating the VPN at the PIX.

Try

fixup protocol esp-ike

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.