Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Archive
Su Mo Tu We Th Fr Sa
1234
567891011
12131415161718
19202122232425
262728293031
Syndication
Newsletter
Subscribe to newsletter:


Home : CCNP : PIX to Cisco VPN 3000 Client

PIX to Cisco VPN 3000 Client

Jul 22,2008 by admin

small font medium font large font
image

PIX to Cisco VPN 3000 Client

Complete the tasks outlined in this Practical Exercise. Also review the Practical Exercise solution to see how you did and to see what concepts you might need to review.

In this Practical Exercise, you are the administrator of a PIX firewall that will be the terminating endpoint for VPNs from a VPN 3000 client.

Background Information

You will configure your firewall to accept connections from both the Cisco VPN Client 2.5.X and the Cisco VPN Client 3.x. The 2.5.X client will use D-H group 1, the PIX default, and the 3.x client will use D-H group 2. The isakmp policy # group 2 command lets the 3.x clients make a connection. You will define multiple ISAKMP policies to allow the different versions of the VPN 3000 clients to use your firewall as its tunnel endpoint. You will assign IP addresses to the clients as they connect. You will use the topology illustrated in Figure 14-11.

Figure 14-11. PIX to Cisco VPN 3000 Client

graphics/14fig11.gif

Task 1: Configure PIX

Step 1. At the PIX console, provide all the configuration required to configure the PIX firewall:

- Define traffic for the mode pool.

- Define the mode pool.

- Prevent NAT for the pool.

- Enable IPSec sysopt.

- Enable ISAKMP.

- Define IKE parameters for VPN 3000 3.x.

- Define IKE parameters for VPN 3000 2.x.

- Define IKE parameters for all clients.

- Define IPSec parameters.

Task 2: Define the Client Parameters

Step 1. On the client PC, provide all the configuration required to create the connection IPSec settings:

- Click New to create a new connection, and assign a name to your entry in the Connection Entry box.

- Enter the IP address of the destination's public interface.

- Under Group Access Information, enter the group name and group password.

- Click Finish to save the profile in the Registry.

- Click Connect to test the connection.

8 times read

Related news
No matching news for this article
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
WAN Optimization
arrow Managing Applications
arrow Testing New Applications
arrow Reducing Application Latency
arrow Managing Distributed Servers
arrow Protecting Data on Distributed Servers
arrow Providing Timely Remote Service and Support
arrow Using Centralized Management Methods
arrow Facing the Unavoidable WAN
arrow Changing the Application Business Model
arrow Consolidating and Protecting Servers in the New IT Operational Model
arrow Server Consolidation
arrow Compliance, Data Protection, Business Continuity, and Disaster Recovery
arrow Business Continuance and Disaster Recovery
arrow Networks and Application Performance
arrow Bandwidth
arrow Latency
arrow Understanding Why TCP Adds Latency
arrow ACK Message
arrow Checksum Verification
arrow Data Reordering
arrow Flow Control
arrow Understanding How Other Protocols Add Latency
arrow Understanding the Physics Aspect of Latency
arrow Serialization Delays
arrow Processing Delays
arrow Forwarding Delays
arrow Understanding Application Protocol Latency
arrow Throughput
arrow Application and Protocol Barriers to Application Performance
arrow Application Protocols
arrow CIFS
arrow HTTP
CCNP
arrow Types of Remote-Access Users
arrow Remote-Access Technologies
arrow Frame Relay
arrow Serial Links
arrow ISDN
arrow Analog
arrow DSL
arrow Asymmetric DSL
arrow Symmetric DSL
arrow Cable Modem Services
arrow Building a CCNP Remote-Access Lab
arrow Creating LANs
arrow Creating WANs by Using a Cisco Router as a Frame Relay Switch
arrow Configuring the Clock Rate on a DCE Interface
arrow show controller Command
arrow Configuring a Cisco Router as a Frame Relay Switch
arrow Configuring a Basic Frame Relay Switch
arrow Entire Frame Relay Configuration
arrow Creating Asynchronous, ISDN, PPP, DDR, Dial Backup, AAA, and Security Labs
arrow Modem Connections and Operation Overview
arrow A Typical Modem Connection
arrow Communication Between DTE Devices
arrow DTE-to-DCE Communication
arrow Modem Control Functions
arrow DCE-to-DCE Communication
arrow RJ-45 Wiring and Cables
arrow DTE-to-DCE Wiring
arrow Data Compression and Error Control
arrow Configuring the Modem (DCE)
arrow Connecting to the Modem (DCE)
arrow Differentiating Between a Forward and Reverse Connection to a Modem
arrow Configuring a Reverse-Telnet Session
Cisco IOS
arrow IOS
arrow Configuring the Router via TFTP
arrow Saving Router Configuration to Server
arrow Booting the Router Using a Remote Configuration File
arrow Storing Configuration Files Larger Than NVRAM
arrow Clearing the Startup Configuration
arrow Loading a New IOS Image
arrow Booting a Different IOS Image
arrow Booting over the Network
arrow Copying an IOS Image to a Server
arrow Copying an IOS Image Through the Console
arrow Deleting Files from Flash
arrow Partitioning Flash
arrow Using the Router as a TFTP Server
arrow Generating Large Numbers of Router Configurations
arrow Changing the Configurations of Many Routers at Once
arrow Extracting Hardware Inventory Information
arrow Backing Up Router Configurations
arrow Warm Reload
arrow Warm Upgrade
arrow Configuration Archiving
arrow Locking Configuration Access
arrow Creating Command Aliases
arrow Managing the Router's ARP Cache
arrow Tuning Router Buffers
arrow Auto Tuning Buffers
arrow Using the Cisco Discovery Protocol
arrow Disabling the Cisco Discovery Protocol
arrow Using the Small Servers
arrow Enabling HTTP Access to a Router
arrow Enabling Secure HTTP (HTTPS) Access to a Router
arrow Using Static Hostname Tables
Voice Over IP
arrow Robbed-Bit Signaling
arrow Channel Associated Signaling T1
arrow E1 Channel Associated Signaling
arrow Framing and Signaling
arrow Channel Associated Signaling - E1
arrow Enabling VoIP Fax and Modem Transmission
arrow Cisco Fax Relay
arrow T.38 Fax Relay
arrow T.37 Fax Store and Forward
arrow Fax Pass-Through
arrow Modem Pass-Through
arrow Navigating Your Hands-On Lab
arrow Initial Configuration
arrow Router R1's Configuration
arrow Router R2's Configuration
arrow Router R3's Configuration
arrow Router R1's show ip route Output
arrow Router R2's show ip route Output
arrow Router R3's show ip route Output
arrow Router R1's ping 10.7.7.2 Output
arrow Voice Interface Configuration
arrow Configuring Voice Ports
arrow Voice Applications
arrow Local Calls
arrow On-Net Calls
arrow Off-Net Calls
arrow PLAR Calls
arrow PBX-to-PBX Calls
arrow CallManager-to-CallManager Calls
arrow On-Net to Off-Net Calls
arrow Voice Port Call Types Type of Call
arrow FXS Ports
LAN Switching Foundation Technologies
arrow Broadcasts and Multicasts
arrow Introducing Spanning Tree Protocol
arrow Bridging Loop
arrow Spanning Tree Blocking
arrow Spanning Tree Operations
arrow Switch1 Becomes Root
arrow Spanning Tree Interface Costs Bandwidth
arrow Bridge Protocol Data Unit Format
arrow Spanning Tree Port Transitions and Timers
arrow Topology Changes in STP
arrow Topology Change Because of a Link Failure
arrow LAN Switch Architecture
arrow Receiving Data—Switching Modes
arrow Cut-Through Mode
arrow Fragment-Free Mode
arrow Store-and-Forward Mode
arrow Switching Data
arrow Shared Bus Switching
arrow Frame Flow in a Shared Bus
arrow Crossbar Switching
arrow Buffering Data
arrow Port Buffered Memory
arrow Shared Memory
arrow Oversubscribing the Switch Fabric
arrow Congestion and Head-of-Line Blocking
arrow In the Beginning—Catalyst 5000/5500 (Project Synergy)
arrow Catalyst 5000/5500 Switch Components
arrow Chassis
arrow Catalyst 5000/5500 Models Model
arrow Network Management Processor (NMP)
arrow Master Communications Processor (MCP).
arrow Nonvolatile random-access memory (NVRAM)
Most Popular
Most Commented
Featured Author

admin

image
Cisco Articles