Very true, I apologize. Failed to read the following :
Note The PIX 501, PIX 506/506E, and PIX 520 security appliances are not
supported in software Version 7.2(2).
//l
-----Original Message-----
From: mgaysek@comcast.net [mailto:mgaysek@comcast.net]
Sent: 2008-01-30 11:20
To: Lee Hilt; 'Jon'; security-basics@securityfocus.com;
vpn@securityfocus.com; firewalls@securityfocus.com
Subject: RE: Remote Branch reconfiguration
7.2 is not available for Pix 501 or 506. The latest is 6.3(5) for a 501.
If you perform a show version you license limits should be listed. IE:
--snip begin --
Encryption hardware device : VAC+ (Crypto5823 revision 0x1)
0: ethernet0: address is 000f.3454.f7e0, irq 10
1: ethernet1: address is 000f.3454.f7e1, irq 11
2: ethernet2: address is 000d.8811.1a48, irq 11
3: ethernet3: address is 000d.8811.1a49, irq 10
4: ethernet4: address is 000d.8811.1a4a, irq 9
5: ethernet5: address is 000d.8811.1a4b, irq 5 Licensed Features:
Failover: Enabled
VPN-DES: Enabled
VPN-3DES-AES: Enabled
Maximum Physical Interfaces: 6
Maximum Interfaces: 10
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: Unlimited
Throughput: Unlimited
IKE peers: Unlimited
---snip end --
The IKE peers is what your are looking for.
-------------- Original message ----------------------
From: "Lee Hilt" <lhilt@mbc.edu>
In 6.1 and 6.2, the relevant limit is 5. In 6.3 the limit became 10.
*from google search*
this information leads me to believe that the situation is possible.
What I would do is simply pull the configs from the old PIX 501 (do a
show run, find the relavent entries, paste them into a txt file and
then into the headend pix.)
To do this I would simply follow this document:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configu
ration
_example09186a00807d287e.shtml
also, make sure to updatre to version 7.2 IOS. Many bug fixes in this
release.
-----Original Message-----
From: listbounce@securityfocus.com
[mailto:listbounce@securityfocus.com] On Behalf Of Jon
Sent: 2008-01-29 5:21
To: security-basics@securityfocus.com; vpn@securityfocus.com;
firewalls@securityfocus.com
Subject: Remote Branch reconfiguration
Hello,
/First of all apologies if this is the wrong list./
I have, or rather had a few site to site vpn's set up. This is not my
setup, but rather its
inherited . I have two remote branches terminating on one pix at the
head office and another
vpn terminating on a different pix, also at the head office. On these
tunnels I pass RDP
traffic aimed at a Term server. From the termserver, there is a
seperate route out to the
internet for all hosts. The models of pix are 501's. I am led to
believe that you can only
have a maximum of two tunnels terminating on any one 501 firewall. I
presume this is why two
501's were used. Now to my issue: For reasons best left unsaid, the
adsl line on the pix
with only one site to site vpn configured has had the line cancelled.
This is causing me a
lot of grief from a customer and bearing in mind I dont know that much
about cisco configs I
am at a bit of a loss of how to get the third and presently cancelled
remote branch securely
connected to my head end. Would it be possible to configure an access
list on the pix that
allows RDP traffic from the remote site - if so, then how? I have an
Internet connection
available to me at the remote branch, I just need to know the best way
to integrate into the
only available pix that is remaining.
To summarise:
Remote Branch A & VPN Head END PIX 1
Remote Branch B
Remote Branch C VPN Head END PIX 2 (Now Cancelled)
Possible:
Remote Branch C RDP (3389) Head END PIX 1
All the Pix's are 501's. Trm Server is Windows 2000. Clients are XP.
I hope this makes sense - any help much appreciated.
Regards
J
