Hi, all,

I tried to email about Cisco PIX 501 VPN the other day. but no one really respond or answered me.

I have a Cisco PIX 501 with a static ip address at home. I can access from 192.168.1.3 to outside internet. and I can access this computer from outside through web browser.

Here's the way I set up.

I have a router Cisco 900 Series/ZyXel 900 series from Road Runner coming in and I connect the PIX 501 into it.

--> Router -> Cisco PIX 501 -> Windows 2003 Standard ( 192.168.1.3) -> Windows XP (192.168.1.5) Two computer is connected directly to PIX 501.

only 192.168.1.3 can access to internet outside. not 192.168.1.5.

Here's my configuration.

: PIX Version 6.3(3) interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password xxxxxxxx encrypted passwd xxxxxxx encrypted hostname pix domain-name pixworld.net fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names access-list outside_access_in permit tcp any host 67.53.24.194 eq smtp access-list outside_access_in permit tcp any host 67.53.24.194 eq www access-list outside_access_in permit tcp any host 67.53.24.194 eq domain access-list outside_access_in permit tcp any host 67.53.24.194 eq ftp access-list outside_access_in permit tcp any host 67.53.24.194 eq 1812 access-list outside_access_in permit tcp any host 67.53.24.194 eq 1813 access-list outside_access_in permit udp any any eq domain access-list inside_outbound_nat0_acl permit ip any 192.168.1.128 255.255.255.128 access-list outside_cryptomap_dyn_20 permit ip any 192.168.1.128 255.255.255.128 pager lines 24 mtu outside 1500 mtu inside 1500 ip address outside 67.53.24.194 255.255.255.252 ip address inside 192.168.1.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm ip local pool homepool 192.168.1.150-192.168.1.200 pdm location 192.168.1.3 255.255.255.255 inside pdm location 65.67.165.136 255.255.255.248 outside pdm location 192.168.1.128 255.255.255.128 outside pdm logging informational 100 pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_outbound_nat0_acl nat (inside) 1 192.168.1.0 255.255.255.0 0 0 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) 67.53.24.194 192.168.1.3 dns netmask 255.255.255.255 0 0 access-group outside_access_in in interface outside route outside 0.0.0.0 0.0.0.0 67.53.24.193 1 timeout xlate 0:05:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol local http server enable http 192.168.1.0 255.255.255.0 inside http 192.168.1.1 255.255.255.255 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-l2tp crypto ipsec transform-set TRANS_ESP_3DES_MD5 esp-3des esp-md5-hmac crypto ipsec transform-set TRANS_ESP_3DES_MD5 mode transport crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20 crypto dynamic-map outside_dyn_map 20 set transform-set TRANS_ESP_3DES_MD5 crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map interface outside isakmp enable outside isakmp key ******** address 0.0.0.0 netmask 0.0.0.0 isakmp peer fqdn pixworld.net no-config-mode isakmp policy 20 authentication pre-share isakmp policy 20 encryption 3des isakmp policy 20 hash md5 isakmp policy 20 group 2 isakmp policy 20 lifetime 86400 telnet 0.0.0.0 0.0.0.0 inside telnet 192.168.1.0 255.255.255.0 inside telnet timeout 5 ssh 65.67.165.136 255.255.255.248 outside ssh timeout 60 console timeout 0 vpdn group L2TP-VPDN-GROUP accept dialin l2tp vpdn group L2TP-VPDN-GROUP client configuration address local homepool vpdn group L2TP-VPDN-GROUP client configuration dns 192.168.1.3 vpdn group L2TP-VPDN-GROUP client configuration wins 192.168.1.3 vpdn group L2TP-VPDN-GROUP l2tp tunnel hello 60 vpdn enable outside dhcpd address 192.168.1.100-192.168.1.131 inside dhcpd dns 192.168.1.3 dhcpd wins 192.168.1.3 dhcpd lease 3600 dhcpd ping_timeout 750 dhcpd domain jcho.net dhcpd auto_config outside dhcpd enable inside vpnclient server 192.168.1.3 vpnclient mode client-mode vpnclient vpngroup jcho password ******** terminal width 80 Cryptochecksum:f4b4d3b576a685c282ac99fc9bfe57bd : end pix(config)#

Is there anyone who can help me?? If it is possible to call him/her, that would be great.

Let me know if anyone willing to help me out.

George Sheperd [email protected] (816) 377-7519

--------------------------------- Do you Yahoo!? The all-new My Yahoo! � Get yours free!