How do I configure VPN passthrough with a PIX 501

How do I configure VPN passthrough with a PIX 501

am 03.05.2007 07:12:08 von wallacew

Hi,

Sorry, newbie question...

I just recently installed a PIX 501 (version 6.3(1)) in my home
network.
Previously I was using a cheap airlink router that provided VPN
passthrough.
I'm using Nortel Contivity VPN client on 1 computer, and Cisco VPN
client on another client.

On my cheap Airlink router, I could easily use my Nortel or Cisco VPN
client to connect to my company with no configuration. These cheap
routers always advertise the ability to do VPN Passthrough.

I can't get the same thing to work on PIX 501.
I've read in other newgroups about NAT transversal, enabling isakmp,
etc, but nothing seems to work.

Do I have to actually configure any VPN settings on the PIX? I should
be able to simply configure an access-list. Do I need to configure
any transform-sets or crypto map, isakmp in order to make this to
work?

Thanks in advance,

Wallace

Re: How do I configure VPN passthrough with a PIX 501

am 03.05.2007 14:47:01 von roberson

In article <1178169128.471846.255530@p77g2000hsh.googlegroups.com>,
wrote:

>I just recently installed a PIX 501 (version 6.3(1)) in my home
>network.

6.3(1) has several known security problems. There are operational
problems with 6.3(2), and security problems in 6.3(3), 6.3(4),
6.3(5), and 6.3(5)112 . It would be best if you could upgrade
your PIX 501 as far as possible. If you are the registered owner
of the device, the upgrade is free.


>I'm using Nortel Contivity VPN client on 1 computer, and Cisco VPN
>client on another client.

>On my cheap Airlink router, I could easily use my Nortel or Cisco VPN
>client to connect to my company with no configuration. These cheap
>routers always advertise the ability to do VPN Passthrough.

>I can't get the same thing to work on PIX 501.
>I've read in other newgroups about NAT transversal, enabling isakmp,
>etc, but nothing seems to work.

>Do I have to actually configure any VPN settings on the PIX? I should
>be able to simply configure an access-list. Do I need to configure
>any transform-sets or crypto map, isakmp in order to make this to
>work?

You only need to configure transform sets and crypto maps and
isakmp nat-traversal if you are terminating the VPN at the PIX.

Try

fixup protocol esp-ike