<DIV>Hi, all,</DIV>
<DIV> </DIV>
<DIV>I tried to email about Cisco PIX 501 VPN the other day.<BR>but no one really respond or answered me.</DIV>
<DIV> </DIV>
<DIV>I have a Cisco PIX 501 with a static ip address at home.</DIV>
<DIV>I can access from 192.168.1.3 to outside internet.</DIV>
<DIV>and I can access this computer from outside through web browser.</DIV>
<DIV> </DIV>
<DIV>Here's the way I set up.</DIV>
<DIV> </DIV>
<DIV>I have a router Cisco 900 Series/ZyXel 900 series from Road Runner coming in</DIV>
<DIV>and I connect the PIX 501 into it.</DIV>
<DIV> </DIV>
<DIV>--> Router -> Cisco PIX 501 -> Windows 2003 Standard ( 192.168.1.3)</DIV>
<DIV> -> Windows XP (192.168.1.5)</DIV>
<DIV>Two computer is connected directly to PIX 501.<BR><BR>only 192.168.1.3 can access to internet outside.</DIV>
<DIV>not 192.168.1.5.</DIV>
<DIV> </DIV>
<DIV>Here's my configuration.</DIV>
<DIV> </DIV>
<DIV>:<BR>PIX Version 6.3(3)<BR>interface ethernet0 auto<BR>interface ethernet1 100full<BR>nameif ethernet0 outside security0<BR>nameif ethernet1 inside security100<BR>enable password xxxxxxxx encrypted<BR>passwd xxxxxxx encrypted<BR>hostname pix<BR>domain-name pixworld.net<BR>fixup protocol dns maximum-length 512<BR>fixup protocol ftp 21<BR>fixup protocol h323 h225 1720<BR>fixup protocol h323 ras 1718-1719<BR>fixup protocol http 80<BR>fixup protocol rsh 514<BR>fixup protocol rtsp 554<BR>fixup protocol sip 5060<BR>fixup protocol sip udp 5060<BR>fixup protocol skinny 2000<BR>fixup protocol smtp 25<BR>fixup protocol sqlnet 1521<BR>fixup protocol tftp 69<BR>names<BR>access-list outside_access_in permit tcp any host 67.53.24.194 eq smtp<BR>access-list outside_access_in permit tcp any host 67.53.24.194 eq www<BR>access-list outside_access_in permit tcp any host 67.53.24.194 eq domain<BR>access-list outside_access_in permit tcp any host 67.53.24.194 eq ftp<BR>access-list
outside_access_in permit tcp any host 67.53.24.194 eq 1812<BR>access-list outside_access_in permit tcp any host 67.53.24.194 eq 1813<BR>access-list outside_access_in permit udp any any eq domain<BR>access-list inside_outbound_nat0_acl permit ip any 192.168.1.128 255.255.255.128</DIV>
<DIV>access-list outside_cryptomap_dyn_20 permit ip any 192.168.1.128 255.255.255.128</DIV>
<DIV>pager lines 24<BR>mtu outside 1500<BR>mtu inside 1500<BR>ip address outside 67.53.24.194 255.255.255.252<BR>ip address inside 192.168.1.1 255.255.255.0<BR>ip audit info action alarm<BR>ip audit attack action alarm<BR>ip local pool homepool 192.168.1.150-192.168.1.200<BR>pdm location 192.168.1.3 255.255.255.255 inside<BR>pdm location 65.67.165.136 255.255.255.248 outside<BR>pdm location 192.168.1.128 255.255.255.128 outside<BR>pdm logging informational 100<BR>pdm history enable<BR>arp timeout 14400<BR>global (outside) 1 interface<BR>nat (inside) 0 access-list inside_outbound_nat0_acl<BR>nat (inside) 1 192.168.1.0 255.255.255.0 0 0<BR>nat (inside) 1 0.0.0.0 0.0.0.0 0 0<BR>static (inside,outside) 67.53.24.194 192.168.1.3 dns netmask 255.255.255.255 0 0</DIV>
<DIV>access-group outside_access_in in interface outside<BR>route outside 0.0.0.0 0.0.0.0 67.53.24.193 1<BR>timeout xlate 0:05:00<BR>timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00<BR>timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00<BR>timeout uauth 0:05:00 absolute<BR>aaa-server TACACS+ protocol tacacs+<BR>aaa-server RADIUS protocol radius<BR>aaa-server LOCAL protocol local<BR>http server enable<BR>http 192.168.1.0 255.255.255.0 inside</DIV>
<DIV>http 192.168.1.1 255.255.255.255 inside<BR>no snmp-server location<BR>no snmp-server contact<BR>snmp-server community public<BR>no snmp-server enable traps<BR>floodguard enable<BR>sysopt connection permit-l2tp<BR>crypto ipsec transform-set TRANS_ESP_3DES_MD5 esp-3des esp-md5-hmac<BR>crypto ipsec transform-set TRANS_ESP_3DES_MD5 mode transport<BR>crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20<BR>crypto dynamic-map outside_dyn_map 20 set transform-set TRANS_ESP_3DES_MD5<BR>crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map<BR>crypto map outside_map interface outside<BR>isakmp enable outside<BR>isakmp key ******** address 0.0.0.0 netmask 0.0.0.0<BR>isakmp peer fqdn pixworld.net no-config-mode<BR>isakmp policy 20 authentication pre-share<BR>isakmp policy 20 encryption 3des<BR>isakmp policy 20 hash md5<BR>isakmp policy 20 group 2<BR>isakmp policy 20 lifetime 86400</DIV>
<DIV>telnet 0.0.0.0 0.0.0.0 inside<BR>telnet 192.168.1.0 255.255.255.0 inside<BR>telnet timeout 5<BR>ssh 65.67.165.136 255.255.255.248 outside<BR>ssh timeout 60<BR>console timeout 0<BR>vpdn group L2TP-VPDN-GROUP accept dialin l2tp<BR>vpdn group L2TP-VPDN-GROUP client configuration address local homepool<BR>vpdn group L2TP-VPDN-GROUP client configuration dns 192.168.1.3<BR>vpdn group L2TP-VPDN-GROUP client configuration wins 192.168.1.3<BR>vpdn group L2TP-VPDN-GROUP l2tp tunnel hello 60<BR>vpdn enable outside<BR>dhcpd address 192.168.1.100-192.168.1.131 inside<BR>dhcpd dns 192.168.1.3<BR>dhcpd wins 192.168.1.3<BR>dhcpd lease 3600<BR>dhcpd ping_timeout 750<BR>dhcpd domain jcho.net<BR>dhcpd auto_config outside<BR>dhcpd enable inside<BR>vpnclient server 192.168.1.3</DIV>
<DIV>vpnclient mode client-mode<BR>vpnclient vpngroup jcho password ********<BR>terminal width 80<BR>Cryptochecksum:f4b4d3b576a685c282ac99fc9bfe57bd<BR>: end<BR>pix(config)#</DIV>
<DIV> </DIV>
<DIV>Is there anyone who can help me??</DIV>
<DIV>If it is possible to call him/her, that would be great.</DIV>
<DIV> </DIV>
<DIV>Let me know if anyone willing to help me out.</DIV>
<DIV> </DIV>
<DIV>George Sheperd</DIV>
<DIV><A href="mailto:ksjoecho@yahoo.com">ksjoecho@yahoo.com</A></DIV>
<DIV>(816) 377-7519</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV><p>
<hr size=1>Do you Yahoo!?<br>
The <a href="http://my.yahoo.com">all-new My Yahoo!</a> – Get yours free!