Pix506e behind Cisco1841 VPN problem

Discussion in 'Hardware' started by aimeruko, Sep 27, 2006.

  1. aimeruko

    aimeruko

    Joined:
    Sep 26, 2006
    Messages:
    2
    Dear,
    I have a Pix506e behind the cisco1841, the public ip is configure on the f0/0 of the cisco1841, i have a VPN (PPTP) that is configure on my PIX. How can allow outside people to connect by VPN inside my private Lan that is behind the PIX.
    Please help!

    Here my config
    PIX506E
    PIX 503e

    Building configuration...
    : Saved
    :
    PIX Version 6.3(1)
    interface ethernet0 auto
    interface ethernet1 auto
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    enable password Bs.EboZEq5PmUtlZ encrypted
    passwd Bs.EboZEq5PmUtlZ encrypted
    hostname telcel
    domain-name telecel.com
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol ils 389
    fixup protocol pptp 1723
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    no fixup protocol smtp 25
    fixup protocol sqlnet 1521
    names
    access-list access-in permit tcp any interface outside eq 14000
    access-list access-in permit udp any interface outside eq 14000
    access-list access-in permit tcp any interface outside eq 32
    access-list access-in permit icmp any any
    access-list access-in permit tcp any host 217.194.xx.xx eq smtp
    access-list access-in permit tcp any host 217.194.xx.xx eq 3389
    access-list access-in permit tcp host 210.210.1.65 host 217.194.xx.xx eq ftp
    access-list access-in permit tcp host 210.210.1.63 host 217.194.xx.xx eq ftp
    access-list NO-NAT permit ip any 172.16.1.0 255.255.255.0
    access-list worms deny udp any any eq tftp
    access-list worms deny tcp any any eq 135
    access-list worms deny udp any any eq 135
    access-list worms deny udp any any eq netbios-ns
    access-list worms deny udp any any eq netbios-dgm
    access-list worms deny tcp any any eq netbios-ssn
    access-list worms deny udp any any eq 139
    access-list worms deny tcp any any eq 445
    access-list worms deny tcp any any eq 593
    access-list worms deny tcp any any eq 4444
    access-list worms permit ip any any
    pager lines 24
    logging on
    logging buffered debugging
    mtu outside 1500
    mtu inside 1500
    ip address outside 192.168.2.1 255.255.255.128
    ip address inside 192.168.0.1 255.255.255.0
    ip audit info action alarm
    ip audit attack action alarm
    ip local pool SMSC 172.16.1.1-172.16.1.16
    pdm location 192.168.0.4 255.255.255.255 inside
    pdm location 192.168.0.48 255.255.255.255 inside
    pdm location 192.168.0.77 255.255.255.255 inside
    pdm logging informational 100
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 0 access-list NO-NAT
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    static (inside,outside) tcp 217.194.xx.xx www 192.168.0.4 www netmask 255.255.255.255 0 0
    static (inside,outside) tcp 217.194.xx.xx smtp 192.168.0.4 smtp netmask 255.255.255.255 0 0
    static (inside,outside) tcp 217.194.xx.xx 3389 192.168.0.4 3389 netmask 255.255.255.255 0 0
    access-group access-in in interface outside
    access-group worms in interface inside
    route outside 0.0.0.0 0.0.0.0 192.168.2.1 1
    timeout xlate 0:05:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server RADIUS protocol radius
    aaa-server LOCAL protocol local
    aaa authentication enable console LOCAL
    aaa authentication http console LOCAL
    aaa authentication ssh console LOCAL
    aaa authentication telnet console LOCAL
    http server enable
    http 192.168.0.0 255.255.255.0 inside
    snmp-server host inside 192.168.0.48
    snmp-server host inside 192.168.0.77
    no snmp-server location
    no snmp-server contact
    snmp-server community snmpt3l3c
    snmp-server enable traps
    floodguard enable
    sysopt connection permit-ipsec
    sysopt connection permit-pptp
    sysopt connection permit-l2tp
    telnet 192.168.0.0 255.255.255.0 inside
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    vpdn group smsc accept dialin pptp
    vpdn group smsc ppp authentication pap
    vpdn group smsc ppp authentication chap
    vpdn group smsc client configuration address local SMSC
    vpdn group smsc pptp echo 60
    vpdn group smsc client authentication local
    vpdn username smsc password *********
    vpdn enable outside
    dhcpd lease 3600
    dhcpd ping_timeout 750
    username aaaa password vvvv encrypted privilege 15
    terminal width 80
    Cryptochecksum:7d2e1c2c9d3cbcb50548ba68c0979267
    : end



    Cisco 1841

    !This is the running config of the router: 217.194.xx.xx (public IP)
    !----------------------------------------------------------------------------
    !version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname Telecel
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 51200 warnings
    !
    no aaa new-model
    !
    resource policy
    !
    ip cef
    !
    !
    !
    !
    ip domain name yourdomain.com
    ip name-server 217.194.158.30
    ip name-server 217.194.129.30
    username zzzz privilege 15 secret 5
    !
    !
    !
    interface FastEthernet0/0
    description LAN$ETH-LAN$
    ip address 217.194.xx.xx 255.255.255.248
    ip nbar protocol-discovery
    ip flow ingress
    ip flow egress
    ip nat outside
    duplex auto
    speed auto
    !
    interface FastEthernet0/1
    description Inside to PIX$ETH-LAN$
    ip address 192.168.2.2 255.255.255.128
    ip nbar protocol-discovery
    ip flow ingress
    ip flow egress
    ip nat inside
    duplex auto
    speed auto
    !
    interface FastEthernet0/0/0
    description Network 1
    !
    interface FastEthernet0/0/1
    description Network 2
    !
    interface FastEthernet0/0/2
    description Network 3
    !
    interface FastEthernet0/0/3
    description Network 4
    !
    interface Serial0/1/0
    description Connection to SkyVision
    ip address 217.194.yy.yy 255.255.255.252 (public IP for upload)
    ip nbar protocol-discovery
    ip flow ingress
    ip flow egress
    ip nat outside
    no keepalive
    no fair-queue
    ignore dcd
    down-when-looped
    no cdp enable
    !
    interface Vlan1
    description VLAN 0/0/0
    ip address 192.168.1.1 255.255.255.224
    ip nat inside
    !
    ip route 0.0.0.0 0.0.0.0 Serial0/1/0
    ip flow-top-talkers
    top 20
    sort-by bytes
    cache-timeout 3600
    !
    ip http server
    ip http access-class 23
    ip http authentication local
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip nat inside source list 2 interface FastEthernet0/0 overload
    ip nat inside source list 3 interface FastEthernet0/0 overload
    !
    access-list 1 remark SDM_ACL Category=2
    access-list 1 permit 192.168.0.0 0.0.0.255
    access-list 2 remark SDM_ACL Category=2
    access-list 2 permit 192.168.1.0 0.0.0.31
    access-list 3 remark SDM_ACL Category=2
    access-list 3 permit 192.168.2.0 0.0.0.127
    snmp-server community telecel-vision RO
    snmp-server location Telecel Burundi
    snmp-server contact Aime Rukohoza
    snmp-server host 192.168.0.77 v1sion
    !
    control-plane
    !
    !
    line con 0
    login local
    line aux 0
    line vty 0 4
    privilege level 15
    login local
    transport input telnet
    line vty 5 15
    privilege level 15
    login local
    transport input telnet
    !
    scheduler allocate 20000 1000
    end
     
    aimeruko, Sep 27, 2006
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ian Sime

    VPN Client / PIX506e

    Ian Sime, Jan 28, 2004, in forum: Cisco
    Replies:
    0
    Views:
    510
    Ian Sime
    Jan 28, 2004
  2. bob
    Replies:
    2
    Views:
    543
  3. Michel
    Replies:
    2
    Views:
    632
    AlberTUX
    Nov 5, 2004
  4. pickjunior@hotmail.com

    New Pix506e and VPN Client software help needed!!!

    pickjunior@hotmail.com, Dec 6, 2004, in forum: Cisco
    Replies:
    5
    Views:
    523
    Terry
    Dec 8, 2004
  5. Leon Willard
    Replies:
    0
    Views:
    490
    Leon Willard
    Jul 1, 2005
Loading...

Share This Page