I am new to cisco configuration and am at loss for what to do/try. I have responsibility for a Cisco PIX 506 (no e) with version 6.3(3). There are already four VPNs defined on this PIX (looks that way). I want a VPN from my home linux box to this VPN so I can work from home.
Please someone help me understand what commands to give the PIX to make this change. Additional help on how to setup the vpnc client, or how to download an 'official' client from Cisco for linux is also much appreciated.
Mike
------------------------------------------
pix# show version
Cisco PIX Firewall Version 6.3(3)132 Cisco PIX Device Manager Version 3.0(1)
Compiled on Wed 14-Apr-04 20:48 by morlee
pix up 6 days 20 hours
Hardware: PIX-506, 32 MB RAM, CPU Pentium 200 MHz Flash i28F640J5 @ 0x300, 8MB BIOS Flash AT29C257 @ 0xfffd8000, 32KB
0: ethernet0: address is 0005.328f.e9d6, irq 11 1: ethernet1: address is 0005.328f.e9d7, irq 10 Licensed Features: Failover: Disabled VPN-DES: Enabled VPN-3DES-AES: Disabled Maximum Physical Interfaces: 2 Maximum Interfaces: 2 Cut-through Proxy: Enabled Guards: Enabled URL-filtering: Enabled Inside Hosts: Unlimited Throughput: Limited IKE peers: UnlimitedThis PIX has a Restricted (R) license.
Serial Number: 405122448 (0x1825ad90) Running Activation Key: 0x247870f8 0xad413df1 0x2a0b7b8e 0xea754f15 Configuration last modified by enable_15 at 08:57:12.426 UTC Tue Jul 18 2006 pix# show config : Saved : Written by enable_15 at 09:47:02.484 UTC Sat Dec 17 2005 PIX Version 6.3(3)132 interface ethernet0 10baset interface ethernet1 10baset nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password 99A2kzdTZd93B/I8 encrypted passwd 99A2kzdTZd93B/I8 encrypted hostname pix domain-name ciscopix.com fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol ils 389 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names name 64.105.97.148 basis2-outside name 10.1.2.54 basis2-inside object-group network basis network-object basis2-inside 255.255.255.255 network-object 10.1.2.49 255.255.255.255 access-list 101 permit icmp any any echo-reply access-list 101 permit icmp any any time-exceeded access-list 101 permit icmp any any unreachable access-list 101 permit tcp any host 152.24.83.52 eq ssh access-list 101 permit tcp any host 152.24.83.52 eq 28022 access-list 100 permit ip 10.1.2.0 255.255.255.0 10.1.3.0 255.255.255.0 access-list user3group_splitTunnelAcl permit ip 10.1.2.0 255.255.255.0 any pager lines 24 logging on logging buffered errors mtu outside 1500 mtu inside 1500 ip address outside 152.24.83.50 255.255.255.248 ip address inside 10.1.2.50 255.255.255.0 multicast interface inside ip audit info action alarm ip audit attack action alarm ip local pool ipsecpool 10.1.3.1-10.1.3.100 ip local pool user1 10.1.3.110 ip local pool user2 10.1.3.120 ip local pool user3 10.1.3.130 pdm location 10.1.2.31 255.255.255.255 inside pdm location 10.1.2.49 255.255.255.255 inside pdm location 10.1.3.0 255.255.255.0 outside pdm location 10.1.2.0 255.255.255.0 inside pdm location 10.1.3.0 255.255.255.0 inside pdm location basis2-inside 255.255.255.255 inside pdm location basis2-outside 255.255.255.255 outside pdm group basis inside pdm logging errors 100 pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list 100 nat (inside) 1 10.1.2.0 255.255.255.0 0 0 static (inside,outside) tcp 152.24.83.52 ssh 10.1.2.49 ssh netmask
255.255.255.255 0 0 static (inside,outside) tcp 152.24.83.52 28022 basis2-inside 28022 netmask 255.255.255.255 0 0 access-group 101 in interface outside route outside 0.0.0.0 0.0.0.0 152.24.83.49 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol local http server enable http 10.1.3.0 255.255.255.0 outside http 10.1.2.0 255.255.255.0 inside http 10.1.3.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec crypto ipsec transform-set vpnset esp-des esp-md5-hmac crypto dynamic-map dynmap 10 set transform-set vpnset crypto map vpnmap 10 ipsec-isakmp dynamic dynmap crypto map vpnmap interface outside isakmp enable outside isakmp identity address isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash md5 isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 vpngroup vpngrp address-pool ipsecpool vpngroup vpngrp split-tunnel 100 vpngroup vpngrp idle-time 28800 vpngroup vpngrp password ******** vpngroup user1group address-pool user1 vpngroup user1group split-tunnel 100 vpngroup user1group idle-time 28800 vpngroup user1group password ******** vpngroup user2group address-pool user2 vpngroup user2group split-tunnel 100 vpngroup user2group idle-time 28800 vpngroup user2group password ******** vpngroup user3group address-pool user3 vpngroup user3group split-tunnel user3group_splitTunnelAcl vpngroup user3group idle-time 3600 vpngroup user3group password ******** vpngroup user4group address-pool ipsecpool vpngroup user4group dns-server 10.1.2.37 vpngroup user4group idle-time 7200 vpngroup user4group password ******** telnet 10.1.2.0 255.255.255.0 inside telnet timeout 5 ssh timeout 5 console timeout 0 terminal width 80 Cryptochecksum:87e86739b4b7103b105888bb863304ab------------------------------------------