Quick Start Guide
Page 20
... Networking) features provided by first strongly authenticating both ends of the PIX 515E include a VPN Accelerator Card+ (VAC+), which provides significantly improved VPN throughput. Some models of the connection, and then automatically encrypting all data sent between the two locations. Site-to-Site VPN Configuration Site-to business partners and remote offices worldwide. You can now...
... Networking) features provided by first strongly authenticating both ends of the PIX 515E include a VPN Accelerator Card+ (VAC+), which provides significantly improved VPN throughput. Some models of the connection, and then automatically encrypting all data sent between the two locations. Site-to-Site VPN Configuration Site-to business partners and remote offices worldwide. You can now...
Quick Start Guide
Page 28
... the exact same values for each of VPN configuration failures. 28 Step 5 View and Enable VPN Commands If you enabled preview commands, you selected for PIX 1. Check the configuration to ensure that all values are a common cause of the options that you will see this page: To enable preview commands: a. In the main... PDM page, select Options. Select Preferences and check the Preview commands before sending to -site VPN communication with PIX 2. This concludes configuration for site-to firewall box. Click the Send button to enable...
... the exact same values for each of VPN configuration failures. 28 Step 5 View and Enable VPN Commands If you enabled preview commands, you selected for PIX 1. Check the configuration to ensure that all values are a common cause of the options that you will see this page: To enable preview commands: a. In the main... PDM page, select Options. Select Preferences and check the Preview commands before sending to -site VPN communication with PIX 2. This concludes configuration for site-to firewall box. Click the Send button to enable...
Quick Start Guide
Page 29
... receive the new activation key for the PIX 515E, as secure remote management (SSH, PDM, etc.), site-to-site VPN, and remote access VPN. For more information on activation key examples or upgrading software, refer to the Cisco PIX Firewall and VPN Configuration Guide. 29 If you are a registered user of Cisco.com and would like to obtain a DES...
... receive the new activation key for the PIX 515E, as secure remote management (SSH, PDM, etc.), site-to-site VPN, and remote access VPN. For more information on activation key examples or upgrading software, refer to the Cisco PIX Firewall and VPN Configuration Guide. 29 If you are a registered user of Cisco.com and would like to obtain a DES...
Getting Started Guide
Page 4
... Remote-Access VPN Configuration 3-1 Example IPsec Remote-Access VPN Network Topology 3-1 Implementing the IPsec Remote-Access VPN Scenario 3-2 Information to Have Available 3-3 Starting ASDM 3-3 Configuring the PIX 515E for an IPsec Remote-Access VPN 3-5 Selecting VPN Client Types 3-6 Specifying the VPN Tunnel Group Name and Authentication Method 3-7 Specifying a User Authentication Method 3-8 (Optional) Configuring User Accounts 3-10 Configuring Address Pools 3-11 Configuring Client Attributes...
... Remote-Access VPN Configuration 3-1 Example IPsec Remote-Access VPN Network Topology 3-1 Implementing the IPsec Remote-Access VPN Scenario 3-2 Information to Have Available 3-3 Starting ASDM 3-3 Configuring the PIX 515E for an IPsec Remote-Access VPN 3-5 Selecting VPN Client Types 3-6 Specifying the VPN Tunnel Group Name and Authentication Method 3-7 Specifying a User Authentication Method 3-8 (Optional) Configuring User Accounts 3-10 Configuring Address Pools 3-11 Configuring Client Attributes...
Getting Started Guide
Page 15
... appliance for Site-to -Site VPN Configuration" PIX 515E Security Appliance Getting Started Guide 1-9 You can configure this access control policy using one or more information about any other interface that is necessary. Note Based on your deployment using the icmp command. For information about the icmp command, see the Cisco Security Appliance Command Reference. Click...
... appliance for Site-to -Site VPN Configuration" PIX 515E Security Appliance Getting Started Guide 1-9 You can configure this access control policy using one or more information about any other interface that is necessary. Note Based on your deployment using the icmp command. For information about the icmp command, see the Cisco Security Appliance Command Reference. Click...
Getting Started Guide
Page 41
Chapter 2 Scenario: DMZ Configuration What to -Site VPN Configuration" 78-17645-01 PIX 515E Security Appliance Getting Started Guide 2-25 Chapter 3, "Scenario: IPsec Remote-Access VPN Configuration" Chapter 4, "Scenario: Site-to Do Next To Do This ... Configure a remote-access VPN Configure a site-to-site VPN See ...
Chapter 2 Scenario: DMZ Configuration What to -Site VPN Configuration" 78-17645-01 PIX 515E Security Appliance Getting Started Guide 2-25 Chapter 3, "Scenario: IPsec Remote-Access VPN Configuration" Chapter 4, "Scenario: Site-to Do Next To Do This ... Configure a remote-access VPN Configure a site-to-site VPN See ...
Getting Started Guide
Page 43
... 3-1 shows an security appliance configured to accept remote-access IPsec VPN connections. CH A P T E R 3 Scenario: IPsec Remote-Access VPN Configuration This chapter describes how to use the security appliance to accept requests from and establish IPsec connections with VPN clients, such as a Cisco Easy VPN hardware client, over the Internet. 78-17645-01 PIX 515E Security Appliance Getting Started Guide...
... 3-1 shows an security appliance configured to accept remote-access IPsec VPN connections. CH A P T E R 3 Scenario: IPsec Remote-Access VPN Configuration This chapter describes how to use the security appliance to accept requests from and establish IPsec connections with VPN clients, such as a Cisco Easy VPN hardware client, over the Internet. 78-17645-01 PIX 515E Security Appliance Getting Started Guide...
Getting Started Guide
Page 44
... IPsec Remote-Access VPN, page 3-5 • Selecting VPN Client Types, page 3-6 PIX 515E Security Appliance Getting Started Guide 3-2 78-17645-01 This section includes the following topics: • Information to accept IPsec VPN connections from the remote-access scenario illustrated in Figure 3-1. Implementing the IPsec Remote-Access VPN Scenario Chapter 3 Scenario: IPsec Remote-Access VPN Configuration Figure 3-1 Network...
... IPsec Remote-Access VPN, page 3-5 • Selecting VPN Client Types, page 3-6 PIX 515E Security Appliance Getting Started Guide 3-2 78-17645-01 This section includes the following topics: • Information to accept IPsec VPN connections from the remote-access scenario illustrated in Figure 3-1. Implementing the IPsec Remote-Access VPN Scenario Chapter 3 Scenario: IPsec Remote-Access VPN Configuration Figure 3-1 Network...
Getting Started Guide
Page 45
...Translation Exception and Split Tunneling, page 3-16 • Verifying the Remote-Access VPN Configuration, page 3-17 Information to Have Available Before you begin configuring the security appliance to accept remote access IPsec VPN connections, make sure that you are successfully connected. • List of users ...the factory default IP address in the address field: https://192.168.1.1/admin/. 78-17645-01 PIX 515E Security Appliance Getting Started Guide 3-3 These addresses are assigned to remote VPN clients as they are using a AAA server for local hosts, groups, and networks that should...
...Translation Exception and Split Tunneling, page 3-16 • Verifying the Remote-Access VPN Configuration, page 3-17 Information to Have Available Before you begin configuring the security appliance to accept remote access IPsec VPN connections, make sure that you are successfully connected. • List of users ...the factory default IP address in the address field: https://192.168.1.1/admin/. 78-17645-01 PIX 515E Security Appliance Getting Started Guide 3-3 These addresses are assigned to remote VPN clients as they are using a AAA server for local hosts, groups, and networks that should...
Getting Started Guide
Page 46
Implementing the IPsec Remote-Access VPN Scenario Chapter 3 Scenario: IPsec Remote-Access VPN Configuration Note Remember to add the "s" in "https" or the connection fails. HTTPS (HTTP over SSL) provides a secure connection between your browser and the security appliance. PIX 515E Security Appliance Getting Started Guide 3-4 78-17645-01 The Main ASDM window appears.
Implementing the IPsec Remote-Access VPN Scenario Chapter 3 Scenario: IPsec Remote-Access VPN Configuration Note Remember to add the "s" in "https" or the connection fails. HTTPS (HTTP over SSL) provides a secure connection between your browser and the security appliance. PIX 515E Security Appliance Getting Started Guide 3-4 78-17645-01 The Main ASDM window appears.
Getting Started Guide
Page 47
... from the Wizards drop-down list, choose Outside as the enabled interface for configuring a remote-access VPN, perform the following steps: a. b. Chapter 3 Scenario: IPsec Remote-Access VPN Configuration Implementing the IPsec Remote-Access VPN Scenario Configuring the PIX 515E for an IPsec Remote-Access VPN To begin the process for the incoming VPN tunnels. From the drop-down menu. The...
... from the Wizards drop-down list, choose Outside as the enabled interface for configuring a remote-access VPN, perform the following steps: a. b. Chapter 3 Scenario: IPsec Remote-Access VPN Configuration Implementing the IPsec Remote-Access VPN Scenario Configuring the PIX 515E for an IPsec Remote-Access VPN To begin the process for the incoming VPN tunnels. From the drop-down menu. The...
Getting Started Guide
Page 48
PIX 515E Security Appliance Getting Started Guide 3-6 78-17645-01 Step 2 Click Next to this scenario, click the Cisco VPN Client radio button. Implementing the IPsec Remote-Access VPN Scenario Chapter 3 Scenario: IPsec Remote-Access VPN Configuration Selecting VPN Client Types In Step 2 of the VPN Wizard, perform the following steps: Step 1 Specify the type of VPN client that will enable remote users to connect to continue. For this security appliance. You can also use any other Cisco Easy VPN remote product.
PIX 515E Security Appliance Getting Started Guide 3-6 78-17645-01 Step 2 Click Next to this scenario, click the Cisco VPN Client radio button. Implementing the IPsec Remote-Access VPN Scenario Chapter 3 Scenario: IPsec Remote-Access VPN Configuration Selecting VPN Client Types In Step 2 of the VPN Wizard, perform the following steps: Step 1 Specify the type of VPN client that will enable remote users to connect to continue. For this security appliance. You can also use any other Cisco Easy VPN remote product.
Getting Started Guide
Page 49
... If you want to use that you can revise the authentication configuration later using the standard ASDM screens. • Click the Challenge/...PIX 515E Security Appliance Getting Started Guide 3-7 You can continue with the Wizard by performing one of the other two options. Chapter 3 Scenario: IPsec Remote-Access VPN Configuration Implementing the IPsec Remote-Access VPN Scenario Specifying the VPN... Tunnel Group Name and Authentication Method In Step 3 of the VPN Wizard, perform ...
... If you want to use that you can revise the authentication configuration later using the standard ASDM screens. • Click the Challenge/...PIX 515E Security Appliance Getting Started Guide 3-7 You can continue with the Wizard by performing one of the other two options. Chapter 3 Scenario: IPsec Remote-Access VPN Configuration Implementing the IPsec Remote-Access VPN Scenario Specifying the VPN... Tunnel Group Name and Authentication Method In Step 3 of the VPN Wizard, perform ...
Getting Started Guide
Page 50
PIX 515E Security Appliance Getting Started Guide 3-8 78-17645-01 Click Next to this security appliance. Implementing the IPsec Remote-Access VPN Scenario Chapter 3 Scenario: IPsec Remote-Access VPN Configuration Step 2 Step 3 Enter a Tunnel Group Name (such as "Cisco") for the set of users that use common connection parameters and client attributes to connect to continue. Specifying...
PIX 515E Security Appliance Getting Started Guide 3-8 78-17645-01 Click Next to this security appliance. Implementing the IPsec Remote-Access VPN Scenario Chapter 3 Scenario: IPsec Remote-Access VPN Configuration Step 2 Step 3 Enter a Tunnel Group Name (such as "Cisco") for the set of users that use common connection parameters and client attributes to connect to continue. Specifying...
Getting Started Guide
Page 51
... server group from the drop-down list, or click New to continue. 78-17645-01 PIX 515E Security Appliance Getting Started Guide 3-9 Chapter 3 Scenario: IPsec Remote-Access VPN Configuration Implementing the IPsec Remote-Access VPN Scenario In Step 4 of the VPN Wizard, perform the following steps: Step 1 Step 2 If you want to authenticate users by creating...
... server group from the drop-down list, or click New to continue. 78-17645-01 PIX 515E Security Appliance Getting Started Guide 3-9 Chapter 3 Scenario: IPsec Remote-Access VPN Configuration Implementing the IPsec Remote-Access VPN Scenario In Step 4 of the VPN Wizard, perform the following steps: Step 1 Step 2 If you want to authenticate users by creating...
Getting Started Guide
Page 52
... add users later using the ASDM configuration interface. Implementing the IPsec Remote-Access VPN Scenario Chapter 3 Scenario: IPsec Remote-Access VPN Configuration (Optional) Configuring User Accounts If you have chosen to authenticate users with the local user database, you have finished adding new users, click Next to continue. 3-10 PIX 515E Security Appliance Getting Started Guide 78...
... add users later using the ASDM configuration interface. Implementing the IPsec Remote-Access VPN Scenario Chapter 3 Scenario: IPsec Remote-Access VPN Configuration (Optional) Configuring User Accounts If you have chosen to authenticate users with the local user database, you have finished adding new users, click Next to continue. 3-10 PIX 515E Security Appliance Getting Started Guide 78...
Getting Started Guide
Page 53
... dialog box appears. Click OK to return to create a new address pool. Alternatively, click New to Step 6 of the VPN Wizard. 78-17645-01 PIX 515E Security Appliance Getting Started Guide 3-11 Enter the Starting IP address and Ending IP address of IP addresses. Step 2 In the... Add IP Pool dialog box: a. c. In this scenario, the pool is configured to remote VPN clients as they are successfully connected. b. (Optional)...
... dialog box appears. Click OK to return to create a new address pool. Alternatively, click New to Step 6 of the VPN Wizard. 78-17645-01 PIX 515E Security Appliance Getting Started Guide 3-11 Enter the Starting IP address and Ending IP address of IP addresses. Step 2 In the... Add IP Pool dialog box: a. c. In this scenario, the pool is configured to remote VPN clients as they are successfully connected. b. (Optional)...
Getting Started Guide
Page 54
...the default domain name. Ensure that you can provide the client information to the remote client or Easy VPN hardware client when a connection is established. Configuring Client Attributes To access your network, each remote client individually, you specify the correct values, or ...remote clients will not be able to use Windows networking. 3-12 PIX 515E Security Appliance Getting Started Guide 78-17645-01 Implementing the IPsec Remote-Access VPN Scenario Chapter 3 Scenario: IPsec Remote-Access VPN Configuration Step 3 Click Next to continue.
...the default domain name. Ensure that you can provide the client information to the remote client or Easy VPN hardware client when a connection is established. Configuring Client Attributes To access your network, each remote client individually, you specify the correct values, or ...remote clients will not be able to use Windows networking. 3-12 PIX 515E Security Appliance Getting Started Guide 78-17645-01 Implementing the IPsec Remote-Access VPN Scenario Chapter 3 Scenario: IPsec Remote-Access VPN Configuration Step 3 Click Next to continue.
Getting Started Guide
Page 55
... to remote clients. Configuring the IKE Policy IKE is also an authentication method to ensure the identity of the VPN Wizard, perform the following steps: Step 1 Enter the network configuration information to be pushed to protect data and ensure privacy; Step 2 Click Next to establish secure VPN tunnels. 78-17645-01 PIX 515E Security Appliance Getting...
... to remote clients. Configuring the IKE Policy IKE is also an authentication method to ensure the identity of the VPN Wizard, perform the following steps: Step 1 Enter the network configuration information to be pushed to protect data and ensure privacy; Step 2 Click Next to establish secure VPN tunnels. 78-17645-01 PIX 515E Security Appliance Getting...
Getting Started Guide
Page 56
Step 2 Click Next to continue. 3-14 PIX 515E Security Appliance Getting Started Guide 78-17645-01 Implementing the IPsec Remote-Access VPN Scenario Chapter 3 Scenario: IPsec Remote-Access VPN Configuration To specify the IKE policy in Step 8 of the VPN Wizard, perform the following steps: Step 1 Click the Encryption (DES/3DES/AES), authentication algorithms (MD5/SHA), and the Diffie-Hellman group (1/2/5/7) used by the security appliance during an IKE security association.
Step 2 Click Next to continue. 3-14 PIX 515E Security Appliance Getting Started Guide 78-17645-01 Implementing the IPsec Remote-Access VPN Scenario Chapter 3 Scenario: IPsec Remote-Access VPN Configuration To specify the IKE policy in Step 8 of the VPN Wizard, perform the following steps: Step 1 Click the Encryption (DES/3DES/AES), authentication algorithms (MD5/SHA), and the Diffie-Hellman group (1/2/5/7) used by the security appliance during an IKE security association.