Quick Start Guide
Page 2
99550 About the Cisco PIX 515E Firewall The Cisco PIX 515E delivers enterprise-class security for small-to 130 Mbps of 3DES and 256-bit AES VPN throughput. Hardware Features Software Features • 433-MHz Intel Celeron processor • 32-MB RAM with the restricted (R) license; 64-...protection from many different types of popular network-based attacks ranging from malformed packet attacks to 60/130-Mbps VPN throughput (VAC/VAC+) • Includes Cisco PIX Device Manager (PDM) for intuitive, web-based administration of firewall throughput with the unrestricted (UR) and ...
99550 About the Cisco PIX 515E Firewall The Cisco PIX 515E delivers enterprise-class security for small-to 130 Mbps of 3DES and 256-bit AES VPN throughput. Hardware Features Software Features • 433-MHz Intel Celeron processor • 32-MB RAM with the restricted (R) license; 64-...protection from many different types of popular network-based attacks ranging from malformed packet attacks to 60/130-Mbps VPN throughput (VAC/VAC+) • Includes Cisco PIX Device Manager (PDM) for intuitive, web-based administration of firewall throughput with the unrestricted (UR) and ...
Quick Start Guide
Page 6
...The illustration below , an HTTP client (10.10.10.10) on the inside network initiates HTTP communications with other communications are able to -site VPN connection with the DMZ web server (30.30.30.30). In the illustration below shows a sample network topology that is on the DMZ interface. ... zone (DMZ) is necessary to translate its private IP address to add the "s" in the Startup Wizard to set up your browser and the PIX 515E. Select Yes to accept the certificates and follow the instructions in "https" or the connection fails. A DMZ allows you to the switch or ...
...The illustration below , an HTTP client (10.10.10.10) on the inside network initiates HTTP communications with other communications are able to -site VPN connection with the DMZ web server (30.30.30.30). In the illustration below shows a sample network topology that is on the DMZ interface. ... zone (DMZ) is necessary to translate its private IP address to add the "s" in the Startup Wizard to set up your browser and the PIX 515E. Select Yes to accept the certificates and follow the instructions in "https" or the connection fails. A DMZ allows you to the switch or ...
Quick Start Guide
Page 20
...two locations. You can now securely access the DMZ web server. Site-to-Site VPN Configuration Site-to-site VPN (Virtual Private Networking) features provided by the PIX 515E enable businesses to securely extend their networks across low-cost public Internet connections to another... over a secure connection, or "tunnel," by first strongly authenticating both ends of the PIX 515E include a VPN Accelerator Card+ (VAC+), which provides significantly improved VPN throughput. A VPN connection allows you to send data from one location to business partners and remote offices worldwide...
...two locations. You can now securely access the DMZ web server. Site-to-Site VPN Configuration Site-to-site VPN (Virtual Private Networking) features provided by the PIX 515E enable businesses to securely extend their networks across low-cost public Internet connections to another... over a secure connection, or "tunnel," by first strongly authenticating both ends of the PIX 515E include a VPN Accelerator Card+ (VAC+), which provides significantly improved VPN throughput. A VPN connection allows you to send data from one location to business partners and remote offices worldwide...
Quick Start Guide
Page 21
... devices that can quickly guide you through the process of configuring a site-to-site VPN in the following : a. b. The illustration below shows an example VPN tunnel between two PIX 515E, and will be referenced in five simple steps. This opens the VPN Wizard page. Select the Site to continue. 21 Click the Next button to...
... devices that can quickly guide you through the process of configuring a site-to-site VPN in the following : a. b. The illustration below shows an example VPN tunnel between two PIX 515E, and will be referenced in five simple steps. This opens the VPN Wizard page. Select the Site to continue. 21 Click the Next button to...
Quick Start Guide
Page 22
...the VPN Peer a. Note To configure PIX 2, enter the IP address for the peer identity, FQDN (Fully Qualified Domain Name) or IP Address. c. Click the Next button to continue. 22 Enter the Peer IP Address (PIX 2) and select an authentication key (for IPSec negotiations between both PIX 515E ...units. b. To use X.509 certificates for authentication, check the Certificate radio button and the applicable option for PIX 1 (1.1.1.1) and the same Pre-shared Key (CisCo). If the peer identity is shared for example,"CisCo"), which is its FQDN, ...
...the VPN Peer a. Note To configure PIX 2, enter the IP address for the peer identity, FQDN (Fully Qualified Domain Name) or IP Address. c. Click the Next button to continue. 22 Enter the Peer IP Address (PIX 2) and select an authentication key (for IPSec negotiations between both PIX 515E ...units. b. To use X.509 certificates for authentication, check the Certificate radio button and the applicable option for PIX 1 (1.1.1.1) and the same Pre-shared Key (CisCo). If the peer identity is shared for example,"CisCo"), which is its FQDN, ...
Quick Start Guide
Page 24
... of the options that you selected for each of two windows: 1. Encryption mismatches are sufficient to establish secure VPN tunnels between two peers. Select the Encryption (DES/3DES/AES), Authentication algorithms (MD5/SHA), and the Diffie-Hellman group (1/2/5) used by... the PIX 515E during an IKE security association. Note When configuring PIX 2, enter the exact values for PIX 1. Click the Next button to the next window. b. In most cases, the default values are ...
... of the options that you selected for each of two windows: 1. Encryption mismatches are sufficient to establish secure VPN tunnels between two peers. Select the Encryption (DES/3DES/AES), Authentication algorithms (MD5/SHA), and the Diffie-Hellman group (1/2/5) used by... the PIX 515E during an IKE security association. Note When configuring PIX 2, enter the exact values for PIX 1. Click the Next button to the next window. b. In most cases, the default values are ...
Quick Start Guide
Page 25
b. 2. Note When configuring PIX 2, enter the exact same values for PIX 1. Encryption and algorithm mismatches are a common cause of the options that you selected for each of VPN tunnel failures and can slow down the process. In the second window, select the Encryption algorithm (DES/3DES/AES) and Authentication algorithm (MD5/SHA). Confirm all values before continuing to continue. 25 Configure the IPSec parameters. Click the Next button to the next window. a.
b. 2. Note When configuring PIX 2, enter the exact same values for PIX 1. Encryption and algorithm mismatches are a common cause of the options that you selected for each of VPN tunnel failures and can slow down the process. In the second window, select the Encryption algorithm (DES/3DES/AES) and Authentication algorithm (MD5/SHA). Confirm all values before continuing to continue. 25 Configure the IPSec parameters. Click the Next button to the next window. a.
Quick Start Guide
Page 26
Step 4 Configure Internal Traffic This step is comprised of two windows: 1. Add or remove networks dynamically from preconfigured groups. a. Select the Local Host/Network based on the >> or Select network traffic on the local PIX 515E encrypted through the VPN tunnel. Note Use the Browse button to select from the selected panel by clicking on the IP Address, Name, or Group.
Step 4 Configure Internal Traffic This step is comprised of two windows: 1. Add or remove networks dynamically from preconfigured groups. a. Select the Local Host/Network based on the >> or Select network traffic on the local PIX 515E encrypted through the VPN tunnel. Note Use the Browse button to select from the selected panel by clicking on the IP Address, Name, or Group.
Quick Start Guide
Page 27
b. Click the Finish button to complete the configuration. 27 The remote network for PIX 1 is Network B (20.20.20.0) so traffic encrypted from the remote PIX Firewall. Note When configuring PIX 2, ensure that the values are correctly entered. 2. a. In the second window, select VPN traffic for PIX 2 and vice versa. Select traffic permitted from this tunnel is permitted through the tunnel. For PIX 1, the remote network is the local network for remote network configuration.
b. Click the Finish button to complete the configuration. 27 The remote network for PIX 1 is Network B (20.20.20.0) so traffic encrypted from the remote PIX Firewall. Note When configuring PIX 2, ensure that the values are correctly entered. 2. a. In the second window, select VPN traffic for PIX 2 and vice versa. Select traffic permitted from this tunnel is permitted through the tunnel. For PIX 1, the remote network is the local network for remote network configuration.
Quick Start Guide
Page 28
... If you enabled preview commands, you selected for each of VPN configuration failures. 28 In the main PDM page, select Options. Check the configuration to -site VPN communication with PIX 2. b. This concludes configuration for site-to ensure that all values are a common cause of ...the options that you will see this page: To enable preview commands: a. When configuring PIX 2, enter the exact same values for PIX 1. Click the Send...
... If you enabled preview commands, you selected for each of VPN configuration failures. 28 In the main PDM page, select Options. Check the configuration to -site VPN communication with PIX 2. b. This concludes configuration for site-to ensure that all values are a common cause of ...the options that you will see this page: To enable preview commands: a. When configuring PIX 2, enter the exact same values for PIX 1. Click the Send...
Quick Start Guide
Page 29
.../Software/FormManager/formgenerator.pl If you are available for your name, e-mail address, and the serial number for the PIX 515E, as secure remote management (SSH, PDM, etc.), site-to the Cisco PIX Firewall and VPN Configuration Guide. 29 For more information on requesting the license upgrade. Note You will receive the new activation key...
.../Software/FormManager/formgenerator.pl If you are available for your name, e-mail address, and the serial number for the PIX 515E, as secure remote management (SSH, PDM, etc.), site-to the Cisco PIX Firewall and VPN Configuration Guide. 29 For more information on requesting the license upgrade. Note You will receive the new activation key...
Getting Started Guide
Page 4
Contents 3 C H A P T E R 4 C H A P T E R Scenario: IPsec Remote-Access VPN Configuration 3-1 Example IPsec Remote-Access VPN Network Topology 3-1 Implementing the IPsec Remote-Access VPN Scenario 3-2 Information to Have Available 3-3 Starting ASDM 3-3 Configuring the PIX 515E for an IPsec Remote-Access VPN 3-5 Selecting VPN Client Types 3-6 Specifying the VPN Tunnel Group Name and Authentication Method 3-7 Specifying a User Authentication Method 3-8 (Optional) Configuring User Accounts 3-10...
Contents 3 C H A P T E R 4 C H A P T E R Scenario: IPsec Remote-Access VPN Configuration 3-1 Example IPsec Remote-Access VPN Network Topology 3-1 Implementing the IPsec Remote-Access VPN Scenario 3-2 Information to Have Available 3-3 Starting ASDM 3-3 Configuring the PIX 515E for an IPsec Remote-Access VPN 3-5 Selecting VPN Client Types 3-6 Specifying the VPN Tunnel Group Name and Authentication Method 3-7 Specifying a User Authentication Method 3-8 (Optional) Configuring User Accounts 3-10...
Getting Started Guide
Page 5
Contents A A P P E N D I X Viewing VPN Attributes and Completing the Wizard 4-11 Configuring the Other Side of the VPN Connection 4-13 What to Do Next 4-13 Obtaining a DES License or a 3DES-AES License A-1 78-17645-01 PIX 515E Security Appliance Getting Started Guide v
Contents A A P P E N D I X Viewing VPN Attributes and Completing the Wizard 4-11 Configuring the Other Side of the VPN Connection 4-13 What to Do Next 4-13 Obtaining a DES License or a 3DES-AES License A-1 78-17645-01 PIX 515E Security Appliance Getting Started Guide v
Getting Started Guide
Page 15
From the Wizards menu, choose Startup Wizard. Chapter 1 Installing and Setting Up the PIX 515E Security Appliance What to -Site VPN Configuration" PIX 515E Security Appliance Getting Started Guide 1-9 In the dialog box that requires you to choose the method you should also ...to accept the certificates. Click Yes to -Site VPN See ... You can configure this access control policy using one or more information about any other interface that is necessary. For information about the icmp command, see the Cisco Security Appliance Command Reference. Click Yes for your security...
From the Wizards menu, choose Startup Wizard. Chapter 1 Installing and Setting Up the PIX 515E Security Appliance What to -Site VPN Configuration" PIX 515E Security Appliance Getting Started Guide 1-9 In the dialog box that requires you to choose the method you should also ...to accept the certificates. Click Yes to -Site VPN See ... You can configure this access control policy using one or more information about any other interface that is necessary. For information about the icmp command, see the Cisco Security Appliance Command Reference. Click Yes for your security...
Getting Started Guide
Page 41
Chapter 2 Scenario: DMZ Configuration What to -site VPN See ... Configure a remote-access VPN Configure a site-to Do Next To Do This ... Chapter 3, "Scenario: IPsec Remote-Access VPN Configuration" Chapter 4, "Scenario: Site-to-Site VPN Configuration" 78-17645-01 PIX 515E Security Appliance Getting Started Guide 2-25
Chapter 2 Scenario: DMZ Configuration What to -site VPN See ... Configure a remote-access VPN Configure a site-to Do Next To Do This ... Chapter 3, "Scenario: IPsec Remote-Access VPN Configuration" Chapter 4, "Scenario: Site-to-Site VPN Configuration" 78-17645-01 PIX 515E Security Appliance Getting Started Guide 2-25
Getting Started Guide
Page 43
... This chapter describes how to use the security appliance to accept requests from and establish IPsec connections with VPN clients, such as a Cisco Easy VPN hardware client, over the Internet. 78-17645-01 PIX 515E Security Appliance Getting Started Guide 3-1 If you to create secure connections, or tunnels, across the Internet, thus providing secure access...
... This chapter describes how to use the security appliance to accept requests from and establish IPsec connections with VPN clients, such as a Cisco Easy VPN hardware client, over the Internet. 78-17645-01 PIX 515E Security Appliance Getting Started Guide 3-1 If you to create secure connections, or tunnels, across the Internet, thus providing secure access...
Getting Started Guide
Page 44
... the security appliance to accept IPsec VPN connections from the remote-access scenario illustrated in Figure 3-1. This section includes the following topics: • Information to Have Available, page 3-3 • Starting ASDM, page 3-3 • Configuring the PIX 515E for an IPsec Remote-Access VPN, page 3-5 • Selecting VPN Client Types, page 3-6 PIX 515E Security Appliance Getting Started Guide...
... the security appliance to accept IPsec VPN connections from the remote-access scenario illustrated in Figure 3-1. This section includes the following topics: • Information to Have Available, page 3-3 • Starting ASDM, page 3-3 • Configuring the PIX 515E for an IPsec Remote-Access VPN, page 3-5 • Selecting VPN Client Types, page 3-6 PIX 515E Security Appliance Getting Started Guide...
Getting Started Guide
Page 45
These addresses are assigned to remote VPN clients as they are using a AAA server for local hosts, groups, and networks that you are successfully connected. • List of users to be used in the address field: https://192.168.1.1/admin/. 78-17645-01 PIX 515E Security Appliance Getting Started Guide 3-3 List of IP addresses...
These addresses are assigned to remote VPN clients as they are using a AAA server for local hosts, groups, and networks that you are successfully connected. • List of users to be used in the address field: https://192.168.1.1/admin/. 78-17645-01 PIX 515E Security Appliance Getting Started Guide 3-3 List of IP addresses...
Getting Started Guide
Page 46
The Main ASDM window appears. HTTPS (HTTP over SSL) provides a secure connection between your browser and the security appliance. PIX 515E Security Appliance Getting Started Guide 3-4 78-17645-01 Implementing the IPsec Remote-Access VPN Scenario Chapter 3 Scenario: IPsec Remote-Access VPN Configuration Note Remember to add the "s" in "https" or the connection fails.
The Main ASDM window appears. HTTPS (HTTP over SSL) provides a secure connection between your browser and the security appliance. PIX 515E Security Appliance Getting Started Guide 3-4 78-17645-01 Implementing the IPsec Remote-Access VPN Scenario Chapter 3 Scenario: IPsec Remote-Access VPN Configuration Note Remember to add the "s" in "https" or the connection fails.
Getting Started Guide
Page 47
... Next to continue. 78-17645-01 PIX 515E Security Appliance Getting Started Guide 3-5 Chapter 3 Scenario: IPsec Remote-Access VPN Configuration Implementing the IPsec Remote-Access VPN Scenario Configuring the PIX 515E for an IPsec Remote-Access VPN To begin the process for the incoming VPN tunnels. Step 2 In Step 1 of the VPN Wizard, perform the following steps: Step 1 In...
... Next to continue. 78-17645-01 PIX 515E Security Appliance Getting Started Guide 3-5 Chapter 3 Scenario: IPsec Remote-Access VPN Configuration Implementing the IPsec Remote-Access VPN Scenario Configuring the PIX 515E for an IPsec Remote-Access VPN To begin the process for the incoming VPN tunnels. Step 2 In Step 1 of the VPN Wizard, perform the following steps: Step 1 In...