I agree with upgrading the firewall but you can also apply for the DES encryption license for free.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, December 20, 2002 4:30 AM To: NT 2000 Discussions Subject: RE: PIX VPN Johnny, Sorry. 4.4 will not support the VPN (Remote access) that you are looking for. You need MIN 5.1, 6.2(2) optimal. You also need the DES or 3DES licence. Run a "show ver" You will see it there. I set up about 8 of these a month on average. If you need, contact me direct if you have specific questions. that might be outside the scope (security) of the List. -James At 17:05 12/19/02, Johnny Martinez wrote: >As usual Cisco's web pisses me off. > >Here is my problem (aside from there being just too much extra information >on the site): I am not sure which document I should use for setting up VPN >on my Cisco PIX 520 firewall. It is running v4.4(2) of the software. I just >want help on setting up the PIX so my people can VPN from their little >Windows machines at home via dialup or cable/DSL. > >I see Instructions and Guides: >Cisco VPN Solutions Center MPLS Solution Provisioning Guide, 2.2 >Cisco VPN Solutions Center: IPsec Solution Provisioning & Operations Guide, >2.0 >Cisco VPN Solutions Center: IPsec Solution Provisioning and Operations >Guide, 2.1 >Cisco VPN Solutions Center: IPsec Solution User Reference, 2.0 >Cisco VPN Solutions Center: IPsec Solution User Reference, 2.1 >Cisco VPN Solutions Center: MPLS Solution Provisioning & Operations Guide, >2.1 >Cisco VPN Solutions Center: MPLS Solution User Reference, 2.0 >VPNSC IPsec Solution Provisioning Guide, 2.2 >VPNSC MPLS User Guide, 1.1 > >Unders Installation Guides Books: >Cisco VPN Solutions Center Installation Guide, 2.0 >Cisco VPN Solutions Center Installation Guide, 2.1 >Cisco VPN Solutions Center Installation Guide, 2.2 >Cisco VPN Solutions Center: MPLS Solution Installation Guide, 1.2 >VPNSC MPLS Installation Guide, 1.1 > >User Guide Books: >Cisco VPN Solutions Center MPLS Solution Provisioning Guide, 2.2 >Cisco VPN Solutions Center: IPsec Solution Provisioning & Operations Guide, >2.0 >Cisco VPN Solutions Center: IPsec Solution Provisioning and Operations >Guide, 2.1 >Cisco VPN Solutions Center: IPsec Solution User Reference, 2.0 >Cisco VPN Solutions Center: IPsec Solution User Reference, 2.1 >Cisco VPN Solutions Center: MPLS Solution Provisioning & Operations Guide, >2.1 >Cisco VPN Solutions Center: MPLS Solution User Reference, 2.0 >VPNSC IPsec Solution Provisioning Guide, 2.2 >VPNSC MPLS User Guide, 1.1 > >I really REALLY REALLY HATE CISCOS WEB! > >Johnny > >-----Original Message----- >From: Randall Yoo [mailto:[EMAIL PROTECTED]] >Sent: Thursday, December 19, 2002 12:18 PM >To: NT 2000 Discussions >Subject: RE: PIX VPN > > >ISDL? ewww only 144 kbps.. > > >Randall > > > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED]]On Behalf Of Roger Seielstad >Sent: Thursday, December 19, 2002 12:13 PM >To: NT 2000 Discussions >Subject: RE: PIX VPN > > > > For many residential DSL subscribers (the same ones who > > probably are the VPN > > clients), there isn't any choice. :) > >Yeah there is - its just not always attractive. I'm using ISDL because of a >combination of distance and PPPoE. I can get faster via the telco, but their >service is crap, and PPPoE makes it worse. So I surf a bit slow. > >------------------------------------------------------ >Roger D. Seielstad - MCSE >Sr. Systems Administrator >Inovis - Formerly Harbinger and Extricity >Atlanta, GA > > > > -----Original Message----- > > From: Randall Yoo [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, December 19, 2002 2:58 PM > > To: NT 2000 Discussions > > Subject: RE: PIX VPN > > > > > > Things like SBC/PacBell's Extranet 300 (OEM'd by Speedstream, > > now bought by > > Siemens)... although, PPPoE dialers are being replaced more > > and more by > > features built into DSL/Cable routers and SOHO firewalls. > > And, yes, PPPoE > > is evil. > > > > > I only have 1 requirement for DSL providers - and its that > > they don't use > > PPPoE > > > > For many residential DSL subscribers (the same ones who > > probably are the VPN > > clients), there isn't any choice. :) > > > > > > > > Randall > > > > > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]]On Behalf Of Roger Seielstad > > Sent: Thursday, December 19, 2002 11:43 AM > > To: NT 2000 Discussions > > Subject: RE: PIX VPN > > > > > > PPPoE dialer? What's that? ;) > > > > I only have 1 requirement for DSL providers - and its that > > they don't use > > PPPoE > > > > ------------------------------------------------------ > > Roger D. Seielstad - MCSE > > Sr. Systems Administrator > > Inovis - Formerly Harbinger and Extricity > > Atlanta, GA > > > > > > > -----Original Message----- > > > From: Robert Gonzaga (306) [mailto:[EMAIL PROTECTED]] > > > Sent: Thursday, December 19, 2002 2:21 PM > > > To: NT 2000 Discussions > > > Subject: RE: PIX VPN > > > > > > > > > Right. Like your PPPoE dialer. > > > > > > -----Original Message----- > > > From: Roger Seielstad [mailto:[EMAIL PROTECTED]] > > > Sent: Thursday, December 19, 2002 11:25 AM > > > To: NT 2000 Discussions > > > Subject: RE: PIX VPN > > > > > > True. Nice thing about the Cisco client is that it can also > > call a DUN > > > entry, so it can dial connect, then connect via VPN, then log in. > > > > > > ------------------------------------------------------ > > > Roger D. Seielstad - MCSE > > > Sr. Systems Administrator > > > Inovis - Formerly Harbinger and Extricity > > > Atlanta, GA > > > > > > > > > > -----Original Message----- > > > > From: Randall Yoo [mailto:[EMAIL PROTECTED]] > > > > Sent: Thursday, December 19, 2002 2:16 PM > > > > To: NT 2000 Discussions > > > > Subject: RE: PIX VPN > > > > > > > > > > > > Very cool, same effect. > > > > > > > > > > > > Randall > > > > > > > > > > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] > > > > [mailto:[EMAIL PROTECTED]]On Behalf Of > > > Roger Seielstad > > > > Sent: Thursday, December 19, 2002 04:31 AM > > > > To: NT 2000 Discussions > > > > Subject: RE: PIX VPN > > > > > > > > > > > > Nope - it allows you to fire off the VPN client before the > > > > GINA process > > > > takes over. From the Client Help docs: > > > > > > > > What happens when you use Start Before Logon > > > > When start before logon is active, the following events occur > > > > when your > > > > system starts: > > > > > > > > -Your system logon dialog box displays. Other messages might > > > > display as > > > > well, depending on your setup. Wait until you see the VPN > > > > Dialer start. > > > > -The VPN Dialer starts and displays the connection dialog > > > box over the > > > > system logon dialog box. > > > > -You establish your connection to the private network of the > > > > VPN Device. > > > > -Then you log on to your system. > > > > > > > > ------------------------------------------------------ > > > > Roger D. Seielstad - MCSE > > > > Sr. Systems Administrator > > > > Inovis - Formerly Harbinger and Extricity > > > > Atlanta, GA > > > > > > > > > > > > > -----Original Message----- > > > > > From: Randall Yoo [mailto:[EMAIL PROTECTED]] > > > > > Sent: Wednesday, December 18, 2002 5:54 PM > > > > > To: NT 2000 Discussions > > > > > Subject: RE: PIX VPN > > > > > > > > > > > > > > > If you mean by checking the "Log on using dial-up connection" > > > > > checkbox ON, > > > > > that's fine for dial-up VPN. What do you have to do if the > > > > > user is on a > > > > > broadband connection...? > > > > > > > > > > > > > > > Randall > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: [EMAIL PROTECTED] > > > > > [mailto:[EMAIL PROTECTED]]On Behalf Of > > > > Robert Gonzaga > > > > > (306) > > > > > Sent: Wednesday, December 18, 2002 02:45 PM > > > > > To: NT 2000 Discussions > > > > > Subject: RE: PIX VPN > > > > > > > > > > > > > > > No. The only thing you can do is have the Cisco dialer open > > > > > when you hit > > > > > ctrl-alt-del so have the tunnel built for the login process. > > > > > > > > > > -----Original Message----- > > > > > From: Randall Yoo [mailto:[EMAIL PROTECTED]] > > > > > Sent: Wednesday, December 18, 2002 2:35 PM > > > > > To: NT 2000 Discussions > > > > > Subject: RE: PIX VPN > > > > > > > > > > I haven't used Cisco VPN client in a while. Do their current > > > > > versions run > > > > > as service (in Windows) when installed...? > > > > > > > > > > > > > > > Randall > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: [EMAIL PROTECTED] > > > > > [mailto:[EMAIL PROTECTED]]On Behalf Of Martin > > > > > Blackstone > > > > > Sent: Wednesday, December 18, 2002 01:47 PM > > > > > To: NT 2000 Discussions > > > > > Subject: RE: PIX VPN > > > > > > > > > > > > > > > You can use either the Windows VPN dialer or the Cisco > > > > > Dialer. Either way, > > > > > both are very easy to setup. > > > > > > > > > > -----Original Message----- > > > > > From: Johnny Martinez [mailto:[EMAIL PROTECTED]] > > > > > Sent: Wednesday, December 18, 2002 1:26 PM > > > > > To: NT 2000 Discussions > > > > > Subject: RE: PIX VPN > > > > > > > > > > > > > > > wow really? nice. I'm curious as to how the client side works > > > > > though. Can > > > > > you tell me? > > > > > > > > > > -----Original Message----- > > > > > From: Martin Blackstone [mailto:[EMAIL PROTECTED]] > > > > > Sent: Wednesday, December 18, 2002 12:34 PM > > > > > To: NT 2000 Discussions > > > > > Subject: RE: PIX VPN > > > > > > > > > > > > > > > Oh yea. I got one one of those. It took longer to unbox and > > > > > rack mount than > > > > > it did to configure it. > > > > > > > > > > -----Original Message----- > > > > > From: Robert Gonzaga (306) [mailto:[EMAIL PROTECTED]] > > > > > Sent: Wednesday, December 18, 2002 12:10 PM > > > > > To: NT 2000 Discussions > > > > > Subject: RE: PIX VPN > > > > > > > > > > > > > > > I went with the Cisco VPN Concentrator 3005. Really easy to > > > > > configure. You > > > > > can buy them used. > > > > > > > > > > -----Original Message----- > > > > > From: King, John [mailto:[EMAIL PROTECTED]] > > > > > Sent: Wednesday, December 18, 2002 12:07 PM > > > > > To: NT 2000 Discussions > > > > > Subject: RE: PIX VPN > > > > > > > > > > What version of the PIX software to do you? There are some > > > > > limitations on > > > > > the older versions if I do remember correctly. I upgraded > > > > > our PIX to 6.1(1) > > > > > to get proper IPsec functionality. This link will probably > > > > > show you what > > > > > you need to know to get a VPN up and running. > > > > > http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2030 > > > > /products_conf > > > > iguration_example09186a00800948b8.shtml > > > > > > > > You will of coarse need a Cisco CCO login. > > > > > > > > Good luck, > > > > John > > > > > > > > -----Original Message----- > > > > From: Johnny Martinez [mailto:[EMAIL PROTECTED]] > > > > Sent: Wednesday, December 18, 2002 1:36 PM > > > > To: NT 2000 Discussions > > > > Subject: PIX VPN > > > > > > > > > > > > Hi all, > > > > I'm having trouble finding information on setting up my PIX > > > > for VPN'ing. > > > > Does anyone have experience with this or know a good online > > > > information > > > > base? > > > > > > > > Johnny > > > > > > > > > > > > > > > > > > > > > > > > ------ > > > > You are subscribed as [EMAIL PROTECTED] > > > > Archives: http://www.swynk.com/sitesearch/search.asp > > > > To unsubscribe send a blank email to %%email.unsub%% > > > > > > > > > > > > ------ > > > > You are subscribed as [EMAIL PROTECTED] > > > > Archives: http://www.swynk.com/sitesearch/search.asp > > > > To unsubscribe send a blank email to %%email.unsub%% > > > > > > > > ------ > > > > You are subscribed as [EMAIL PROTECTED] > > > > Archives: http://www.swynk.com/sitesearch/search.asp > > > > To unsubscribe send a blank email to %%email.unsub%% > > > > > > > > > > > > ------ > > > > You are subscribed as [EMAIL PROTECTED] > > > > Archives: http://www.swynk.com/sitesearch/search.asp > > > > To unsubscribe send a blank email to %%email.unsub%% > > > > > > > > > > ------ > > > You are subscribed as [EMAIL PROTECTED] > > > Archives: http://www.swynk.com/sitesearch/search.asp > > > To unsubscribe send a blank email to %%email.unsub%% > > > > > > ------ > > > You are subscribed as [EMAIL PROTECTED] > > > Archives: http://www.swynk.com/sitesearch/search.asp > > > To unsubscribe send a blank email to %%email.unsub%% > > > > > > > ------ > > You are subscribed as [EMAIL PROTECTED] > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe send a blank email to %%email.unsub%% > > > > > > ------ > > You are subscribed as [EMAIL PROTECTED] > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe send a blank email to %%email.unsub%% > > > >------ >You are subscribed as [EMAIL PROTECTED] >Archives: http://www.swynk.com/sitesearch/search.asp >To unsubscribe send a blank email to %%email.unsub%% > > >------ >You are subscribed as [EMAIL PROTECTED] >Archives: http://www.swynk.com/sitesearch/search.asp >To unsubscribe send a blank email to %%email.unsub%% > >------ >You are subscribed as [EMAIL PROTECTED] >Archives: http://www.swynk.com/sitesearch/search.asp >To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
