Question : Configuring PIX 501 for VPN Remote Access

I'm a former software & computer systems engineer and system administrator for JPL/NASA currently responsible for all aspects of Operations at a small (seven person) office. While I have supported users in large (>5000 user) enterprise environments, and set up basic home and small office networks, I have little experience with Cisco devices. I hope someone can help me solve our problem.

We have a PIX 501 Firewall at our office. I'd like to set it up for VPN Remote Access by our employees. Cisco's free Tech Support talked me through basic configuration and configuring VPN remote login, but I am unable to see any devices once logged in.

Here's a description of our office network:

* We have four desktop Windows XP Pro computers and two printers in our office, plus three notebooks that come and go.
* Some day, we will have servers of some type in our office, but not right now.
* Internal IP addresses:
   192.168.1.1     PIX 501
   192.168.1.51 & 52 printers statically assigned to our printers via a DHCP server
   192.168.1.101 through 110 statically assigned to our desktop machines via a DHCP server
   192.168.1.151 through 200 assigned to guest machines via a DHCP server
   192.168.1.201 through 210 assigned to incoming VPN connections via PIX 501
* We have a fixed IP address from our T-1 provider.

I am trying to connect using the Windows VPN client. I'm agnostic about the client. I wouldn't mind trying out the Cisco client, but haven't found out how to purchase it other than by buying a Cisco Service Contract.

I read elsewhere that I might need to set up an access list for incoming VPN connections to see the office network devices.

I am looking for a simple to set up, easy to maintain, secure configuration. I realize that these constraints may contradict each other.

This had been a low-priority item for a few months. It has suddenly become a little more urgent.

Any assistance is appreciated!
Haj

Answer : Configuring PIX 501 for VPN Remote Access

Cisco does not license their client. It is free, with purchase of any VPN product. A Client CD comes with the product, and if you have a Smartnet support contract, you can download all the updates.
It would only be a max of $75 for a year of smartnet for your 501. That's pretty cheap for all the clients you need, plus updates to the PIX OS and PDM GUI.