Hi. I have to configure a VPN between a network (1) with static public IP and a PC connected by ADSL with dynamic public IP. I would like to know if the configuration that I have prepared is correct. In this moment the network (1) is composed by a private network192.168.77.0 connected to a Firewall PIX 515 Version 6.1(3) connected to an ADSL router connected to internet. The ADSL router (SpeedStrean 5660) doesn't support IPSec ESP and IPSec AH then I decided to set it as a bridge. Because of this I should change NAT configuration on PIX because network on outside interface would not be private too. I planned to do: 1- Modify outside interface IP, it would by my static public IP 2- Modify NAT settings; it should translate private IP 192.168.77.0/24 to my static public IP 3- Modify default-route 4- Set PIX to accept VPN (I found configuration on a Cisco document): sysopt ipsec pl?compatible sysopt connection permit?ipsec crypto ipsec transform?set myset esp?des esp?md5?hmac crypto dynamic?map cisco 1 set transform?set myset crypto map dyn?map 20 ipsec?isakmp dynamic cisco crypto map dyn?map interface outside isakmp enable outside isakmp key cisco123 address 0.0.0.0 netmask 0.0.0.0 isakmp policy 10 authen pre?share isakmp policy 10 encrypt des isakmp policy 10 hash md5 isakmp policy 10 group 1 isakmp policy 10 lifetime 1000 5- Install GreenBow client on remote PC and set it correctly
I have two question more:1- Must I add anything to prevent attacks because all external traffic will arrive in PIX? 2- Will I have problem because of SO version of PIX?
Thank you, Maurizio