"Bullock, Jason (1125)" wrote:
> I am running a cisco PIX 515 with 4.4 os and no failover. We have clients
> that will use a local ISP to dial up internet connectivity, and they then
> want to vpn into our corporate network.
>
> I have purchased the cisco Secure VPN software for the clients and I am
> looking for the best way to configure the PIX as the VPN endpoint for the
> clients coming from the internet.
I have a PIX 510 doing VPN termination for remote clients ("Cisco Secure VPN Client
1.1") much like you describe, but I was under the (perhaps mistaken) impression that
you had to have 5.0+ OS to do it. I was able to get it running using just the examples
in the online docs (a rare case when the provided example was actually what I wanted to
do :-)...
However, you may want to be aware of some limitations: DNS handling on the Cisco
Secure VPN Client line is broken, by which I mean you can't have your remote client's
DNS configuration change dynamically based on whether the VPN tunnel is up or not. So
you can either have them *only* use their ISP's DNS servers, or you have them configure
your internal DNS server in their TCP/IP Preferences and as a result *always* have the
VPN running and *always* send their DNS queries to your internal DNS server.
If you can upgrade your PIX to 5.2 or better, then you have the possibility of using a
different VPN client (I can't remember off the top of my head if this is the 3000 or
5000 client), that supports DNS information as part of the "mode config" that is sent
from the PIX to the remote client when it establishes the IPSec tunnel.
Just FYI, and good luck...
- Dave
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
