4-5
Cisco PIX Device Manager Installation Guide
78-15483-01
Chapter 4 Configuring PDM
VPN Wizard
Step 4
When you have completed all the wizard pages, the Startup Wizard Completed page displays. To send
the configuration to your PIX Firewall and exit the wizard, click Finish. Otherwise, click Back to make
changes to previous pages.
VPN Wizard
Use the VPN Wizard panel to select the type of Virtual Private Network (VPN) tunnel that you are
defining and to identify the interface on which the tunnel will be enabled. A VPN tunnel provides secure
communication over an insecure network, such as the public Internet, by encrypting traffic between two
IPSec peers, such as your local PIX Firewall and a remote PIX Firewall or VPN concentrator.
To configure a secure tunnel, first decide if you are using your PIX Firewall to provide remote access to
your local area network (LAN), or to provide connectivity to a LAN in another geographic location.
Next, identify the interface to use to connect to the remote IPSec peer. If your PIX Firewall has only two
interfaces, this will always be the lower security interface, which is named “outside” by default. If your
PIX Firewall has multiple interfaces, you should plan your VPN configuration before running this
wizard and identify the interface to use for each remote IPSec peer with which you need to establish
secure connectivity.
To set up your PIX Firewall as a remote access client in relation to another PIX Firewall or Cisco VPN
Concentrator, select the Startup Wizard from the Wizards menu.
You can configure the VPN Wizard as follows:
•
Site-to-Site VPN, page 4-5
•
Remote Access VPN, page 4-5
•
Select Interface, page 4-6
Site-to-Site VPN
This configuration is used between two IPSec security gateways, which can include PIX Firewalls, VPN
concentrators, or other devices that support site-to-site IPSec connectivity. When you select this option,
a series of panels are displayed lets you enter the configuration required for this type of VPN. With a
site-to-site VPN, your local PIX Firewall provides secure connectivity between your LAN and a LAN in
a different geographic location.
Remote Access VPN
This configuration is used to allow secure remote access for VPN clients, such as mobile users. A remote
access VPN lets remote users securely access centralized network resources. When you select this
option, the system displays a series of panels that let you enter the configuration required for this type
of VPN. With a remote access VPN, your local PIX Firewall provides secure connectivity between
individual remote users and the LAN resources protected by your local PIX Firewall.