Configuring Remote access at PIX

Cisco Easy VPN

Application Overview

The Cisco Easy VPN Remote feature and the Cisco Easy VPN Server feature offer flexibility, scalability, and ease of use for site-to-site and remote-access VPNs.

 
 

EzVPN client has two operation mode:

1. Client mode (PAT mode) : the client end performs PAT for all its traffic for its host inside.
   
2. Network extension mode : the client end makes its inside nodes routable across outside network. PAT don't apply to VPN traffic. Inside nodes get IP address statically or assigned by DHCP .
   

    
    

    
    

   I will demonstrate how to achieve Remote IPSec VPN access in PIX.
   

   IKE Phase1
   

   crypto isakmp enable OUTSIDE ======== invoke ISAKMP on outside interface
   

   crypto isakmp policy 1 ======== IKE Phase proposal
   

   authentication pre-share
   

   encryption des
   

   hash md5
   

   group 7
   

   lifetime 86400
   

    
    

   Define address pool from which clients obtain IP address.
   

   ip local pool POOL 10.0.0.1-10.0.0.3
   

   Create a user
   

   username joey password cx15108
   

    
    

   IKE Phase2 ( negotiate IPSec parameters)
   

   crypto ipsec transform-set IPSEC_SET esp-des esp-md5-hmac
   

   crypto dynamic-map DYN 1 set transform-set IPSEC_SET
   

   crypto map MAP 1 ipsec-isakmp dynamic DYN
   

   crypto map MAP interface OUTSIDE
   

    
    

    
    

    
    

   tunnel-group TUN type ipsec-ra
   

   tunnel-group TUN general-attributes
   

   address-pool POOL
   

   tunnel-group TUN ipsec-attributes
   

   pre-shared-key *
   

    
    

    
    

   A dialogue window pops up
   

   
   

    
    

   Verify the result
   

   IKE phase 1 CA :
   

   
   

   
   IPSec CA :
   

   
   

    
    

   VPN client routing table shows that the default path .