Table of Contents
Advertisement
the recommended PIX OS version. Because of this, the HTTP/S management interface must
be deactivated. To deactivate the HTTP/S management interface, issue the command 'clear
http'.
Note If you have a separate static WAN IP address to assign to the SRA appliance, you do not
have to deactivate the HTTP/S management interface on the PIX.
Method One – SRA Appliance on LAN Interface
From a management system, log into the SRA appliance's management interface. By default
Step 1
the management interface is X0 and the default IP address is 192.168.200.1.
Navigate to the Network > Interfaces page and click on the configure icon for the X0 interface.
Step 2
On the pop-up that appears, change the X0 address to 192.168.100.2 with a mask of
255.255.255.0. When done, click on the OK button to save and activate the change.
Navigate to the Network > Routes page and change the Default Gateway to 192.168.100.1
Step 3
When done, click on the Accept button in the upper-right-hand corner to save and activate the
change.
Navigate to the NetExtender > Client Addresses page. You will need to enter a range of IP
Step 4
addresses for the 192.168.100.0/24 network that are not in use on your internal LAN network;
if your network has an existing DHCP server or the PIX is running a DHCP server on its internal
interface, you will need to make sure not to conflict with these addresses. For example: enter
192.168.100.201 in the field next to Client Address Range Begin:, and enter 192.168.100.249
in the field next to Client Address Range End:. When done, click on the Accept button in the
upper-right-hand corner to save and activate the change.
Navigate to the NetExtender > Client Routes page. Add a client route for 192.168.100.0. If
Step 5
there is an entry for 192.168.200.0, delete it.
Navigate to the Network > DNS page and enter your internal network's DNS addresses,
Step 6
internal domain name, and WINS server addresses. These are critical for NetExtender to
function correctly. When done, click on the Accept button in the upper-right-hand corner to
save and activate the change.
Navigate to the System > Restart page and click on the Restart... button.
Step 7
Install the SRA appliance's X0 interface on the LAN network of the PIX. Do not hook any of the
Step 8
appliance's other interfaces up.
Connect to the PIX's management CLI via console port, telnet, or SSH and enter configure
Step 9
mode.
Issue the command 'clear http' to shut off the PIX's HTTP/S management interface.
Step 10
Issue the command 'access-list sslvpn permit tcp any host x.x.x.x eq www' (replace x.x.x.x
Step 11
with the WAN IP address of your PIX)
Issue the command 'access-list sslvpn permit tcp any host x.x.x.x eq https' (replace x.x.x.x
Step 12
with the WAN IP address of your PIX)
Issue the command 'static (inside,outside) tcp x.x.x.x www 192.168.100.2 www netmask
Step 13
255.255.255.255 0 0' (replace x.x.x.x with the WAN IP address of your PIX)
360 | SRA 6.0 Administrator's Guide
Hide quick links:
Advertisement
Chapters
Table of Contents
