Site Login Form
| Linksys RVS4000 and PIX 501 VPN |
 |
 |
 |
| Written by Austin Smith | |||
| Thursday, 07 December 2006 22:55 | |||
|
Virtual private networks are great! You can get on the network at your office from almost anywhere with an internet connection. But you run into problems when you have 1 public IP and 2 of the same VPN users behind that public address. Here comes the need for a site to site VPN solution. A site to site VPN solution allows you to connect 2 remote private networks, SECURELY, over the internet. In this specific instance, we were connecting a Cisco PIX 501 Security appliance (at the main office) to a Linksys RVS4000 (at the user's home).... The process is pretty straight forward. Setup your IKE keys, then define your IPSEC tunnel. Since the RVS4000 only uses 3DES Encryption, we knew what kind of tunnel we were going to use already. We created a rule with a higher priority than the Cisco VPN client software. Cisco VPN client only uses DES encryption. The RVS4000 will not keep trying to reconnect if the encryption is not supported. We put a rule in the firewall to exempt address translation between the 2 networks, and allow all traffic, after all, we do trust the user's on that remote network. After we had the pix configured, it was time for the RVS4000. On the VPN page, we created a new VPN and named it "Work". The local security group was SUBNET 192.168.0.0/24. The remote security group was SUBNET 192.168.1.0/24. For the remote security gateway, select IP and type in the address of your PIX. Below that, leave it on IKE(auto), select 3DES and either MD5 or SHA. We used MD5. Type in your pre-shared key. We left PFS DISABLED, and used D-H group 2 (1024). Set those options in your advanced settings to correspond with the settings on the PIX. If you mess these settings up, you will not be able to complete your secure IP tunnel.
|
|||
| Last Updated on Sunday, 24 August 2008 16:19 |