please help with my Cisco PIX-506E

Please excuse my ignorance on this, but I'm trying to figure out how to do 2 basic things on my firewall.

The people who configured this firewall are no longer with the company, and I'm hoping someone here can point me in the right direction.

I know enough to be able to telnet and login to the router, and do a 'show run' to see the configuration. Unfortunately, that's about it.

Here is what I need to do:

1 - Currently there is a static (inside, outside) setup to open FTP traffic to our internal IP of I need to change this so that it goes to instead. This is what is in there currently:

static (inside,outside) tcp interface ftp ftp netmask 0 0

How can I change this?

2 - We currently have a bunch of users that VPN into our network through this Cisco box. They all login with the same user name (vpnusers) and the same password. This is fine for our use. I'm trying to figure out how many users we are limited to (by Cisco licenses, or anything else), and how to increase this limit if necessary. I'd also like to change the 'vpnusers' password. This is what seems to represent our VPN configuration:

vpngroup vpnusers address-pool vpnusers vpngroup vpnusers dns-server vpngroup vpnusers default-domain *********.com vpngroup vpnusers split-tunnel inside_outbound_nat0_acl vpngroup vpnusers idle-time 1800 vpngroup vpnusers password ********

Any assistance would be greatly appreciated.


Reply to
Loading thread data ...

no static (inside,outside) tcp interface ftp ftp netmask 0 0 static (inside,outside) tcp interface ftp ftp netmask 0 0

The PIX 506E running 6.3(2) or later code is rated to 25 -simultaneous- remote peers. It has never been clear to me whether this includes PPTP; I believe that it -does- include people using the Cisco VPN client. The documentation does not make clear whether the 25 is a hard limit, or whether it is a "suggested maximum" based upon average performance measurements, or whether it a figure based upon average memory usage patterns [i.e., perhaps if your configuration is relatively simple then you might be able to handle more peers.] There is no way to increase the limit on the PIX 506E; if you need more than 25 simultaneous, you would need to add another VPN device, or change your

506E for a higher model such as the 515E, or change your 506E for one of the Cisco ASA5500 series, or a VPN Concentrator, or ... etc..

In the first command below, you can literally put in the asterisks: it will not pay attention to the content that you put in for it, as long as you have the right form.

no vpngroup vpnusers password ******** vpngroup vpnusers password NEWPASSWORD

Reply to
Walter Roberson

Thanks for the reply Walter!

Can I just type those commands at the # prompt, or do I need to type a command to be in config mode first?

Thanks again!!!

Reply to

"config terminal" first. Afterwards, "write memory" to have the change saved in NVRAM -- if you do not do that then the change will only affect the PIX until the next reset or reboot.

Reply to
Walter Roberson Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.