ASUS SL1000, SL500 User Manual
Application Notes
SL1000/SL500 VPN with Cisco
PIX 501
Version 1.0
Copyright 2006, ASUSTek Computer, Inc. i
Revision History
Version Author Date Status
1.0 Martin Su 2006/5/4 Initial draft
Copyright 2006, ASUSTek Computer, Inc. ii
Table of Contents
Revision History....................................................................................................................................ii
Table of Contents.................................................................................................................................iii
List of Figures ......................................................................................................................................iii
1 Introduction....................................................................................................................................1
2 Network Setup ...............................................................................................................................1
2.1 Setup Description ................................................................................................................1
2.2 Setup CISCO PIX Firewall...................................................................................................1
2.2.1 Setup IP address of LAN interface..........................................................................1
2.2.2 Setup IP address of WAN interface........................................................................1
2.2.3 Setup Routing Table ...............................................................................................2
2.3 Setup SL1000/SL500 system..............................................................................................2
2.3.1 Setup IP address of LAN interface..........................................................................2
2.3.2 Setup IP address of WAN interface........................................................................2
2.3.3 Setup Routing Table ...............................................................................................3
3 Establish VPN Tunnel using Automatic Keying.........................................................................3
3.1 Configure VPN Policy on PIX 501.......................................................................................3
3.2 Configure VPN Policy on SL1000/SL500............................................................................6
3.3 Verify VPN Tunnel Establishment .......................................................................................7
List of Figures
Figure 2.1 Network Connections.............................................................................................................1
Figure 2.2 Setup LAN port IP address on the PIX firewall......................................................................1
Figure 2.3 Setup WAN port IP address on the PIX firewall ....................................................................1
Figure 2.4 Setup a default route to the PIX firewall................................................................................2
Figure 2.5 Setup LAN port IP address on the SL1000/SL500................................................................2
Figure 2.6 Setup IP address of WAN interface on the SL1000/SL500...................................................2
Figure 2.7 Verify WAN interface configurations on the SL1000/SL500..................................................3
Figure 2.8 Setup a default route to the SL1000/SL500 ..........................................................................3
Figure 3.1 Setup VPN policy on the PIX firewall.....................................................................................4
Figure 3.2 Verify VPN configurations on the PIX firewall........................................................................5
Figure 3.3 Configure VPN policy on the SL1000/SL500.........................................................................6
Figure 3.4 Verify VPN configurations on the SL1000/SL500..................................................................6
Figure 3.5 Verify VPN tunnel establishment on the PIX firewall.............................................................8
Figure 3.6 Verify the VPN tunnel establishment on the SL1000/SL500.................................................8
Copyright 2006, ASUSTek Computer, Inc. iii
1 Introduction
This application note details the steps for creating an IPSec VPN tunnel between an ASUS Internet
Security Router and a CISCO PIX Firewall device. It is assumed that both devices have static IP
address on the WAN interface, and a default route configured. All settings and screen dumps
contained in this document are taken from a CISCO PIX 501 device running firmware PIX Fire wall
Version 6.3(4), and an ASUS SL1000/SL500 running firmware 1.1.72A.410.
2 Network Setup
This section describes how to setup the network to carry out the SL1000/SL500 and CISCO PIX 501
Network Configuration as illustrated in Figure 2.1.
Cross Ethernet Cable
WAN:
10.64.2.145
LAN:
10.64.3.1
PC2:
10.64.3.11
Internet Security
Router
Figure 2.1 Network Connections
LAN:
192.168.30.1
WAN:
10.64.2.130
CISCO PIX501
PC1:
192.168.30.2
2.1 Setup Description
PC1 and PC2 are hosts in protected networks running Windows NT/98/2000/XP or Redhat Linux.
Both SL1000/SL500 and PIX Firewall will protect their traffic from external network. NAT is not
required for traffic between the two intranets, which can be transmitted using a VP N tunnel over the
public Internet (in this setup example, a direct connection between two WAN interfaces serves as
public network). However, NAT is required for connections to public Internet.
2.2 Setup CISCO PIX Firewall
2.2.1 Setup IP address of LAN interface
pixfirewall# configure terminal
pixfirewall(config)# ip address inside 192.168.30.1 255.255.255.0
Figure 2.2 Setup LAN port IP address on the PIX firewall
2.2.2 Setup IP address of WAN interface
pixfirewall(config)# interface ethernet0 auto
pixfirewall(config)# ip address outside 10.64.2.130 255.255.255.0
Figure 2.3 Setup WAN port IP address on the PIX firewall
Copyright 2006, ASUSTek Computer, Inc. Page 1
Loading...