1. Home
  2. Cisco Systems
  3. VPN with PIX 501

VPN with PIX 501

Dear all,

I'm trying to set up a simple VPN using PIX 501 firewall and Cisco VPN client to access a Win 2003 server in the internal network.

Unfortunately somebody else worked on the PIX before me and somewhere along the line all the documentation and CD that came with it got lost. I managed to get it up-and-running and found the client for it, etc.

I set the VPN up also and I'm able to connect to it from outside (IPSEC with default settings) but I just can't reach anything on the internal network - including not even being able to ping the PIX itself.

I have been using the PDM interface because I'm not familiar with the Command Line. I went through every settings twice at least, tried it many different ways but still couldn't get to the internal server.

Unfortunately Cisco is not helping because the warranty expired on this device - unless we pay big bucks.

I believe it's a very simple thing to solve, and probably just one setting I need to correct either in the PIX or the VPN client to make it work but I just can't find it.

So I would appreciate if anybody gave me any clues.

Thanks a lot.

Laszlo

Reply to
laszlo
Loading thread data ...

In article , wrote: :I'm trying to set up a simple VPN using PIX 501 firewall and Cisco VPN :client to access a Win 2003 server in the internal network.

:I set the VPN up also and I'm able to connect to it from outside (IPSEC :with default settings) but I just can't reach anything on the internal :network - including not even being able to ping the PIX itself.

:I believe it's a very simple thing to solve, and probably just one :setting I need to correct either in the PIX or the VPN client to make :it work but I just can't find it.

Possibly, but you do not give us enough information to go on. You could post a sanitized configuration and someone might assist you.

:Unfortunately Cisco is not helping because the warranty expired on this :device - unless we pay big bucks.

CON-SNT-PIX501-10. Sale price $US71.94 from

formatting link
That will give you 1 year of support on a base PIX 501 ("10 user" license), with 24x7 access to the online tools, and 8 hours per day, 5 days per week problem support. If your 501 is not more than 1 year out of warrantee, that will also provide next day hardware replacement service (after a year, you can only get software support.)

If you are currently at PIX 6.2 rather than PIX 6.3, then Cisco might ask you to pay for PIX 6.3 before accepting a CON-SNT contract for you.

If ~$US100 is "big bucks" then the value of what you have to protect must be trivial, in which case posters might wonder if it is worthwhile to bother to volunteer time to assist you.

Reply to
Walter Roberson

without seeing the config, just a few things to check......

If the systems are on a separate segment which goes through a routing device, make sure you put route for your VPN_POOL that points back to the pix..... The PDM is pretty good at laying the correct template in the pix.

Also make sure NAT-T is configured.....

Reply to
garrisb

Dear Walter,

Thanks a lot!

We might go with that contract.

I wrote "big bucks" because the tech support guy I talked to mentioned prices around $400 for a single troubleshooting. I considered that extreme.

Thanks for taking the time to find this information for me.

Laszlo

Reply to
laszlo

$400 is no big bucks.

Reply to
choowie

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.