?
Solved

(Uber Newbie) VPN with Cisco PIX

Posted on 2003-03-26
5
Medium Priority
?
243 Views
Last Modified: 2010-03-19
Greetings Group:  

I appologize for the tremendously easy question here ... but I know
nothing about real firewalls and routers.  I know a little bit about
home Netgear ones (which, aparantly, doesn't help at all).

I'm trying to set up a VPN to our network so I can access our intranet
at home.  I was able to do it with a dial-up connection very easily
(thanks to Win2K Wizards), but I need some real speed to be
productive.

The firewall that we have is a cisco PIX firewall and I've read the
manual, but for the life of me i can't seem to figure it out.  I was
going to start playing around with commands, but I really dont want to
mess it up.

What should I do to allow all traffic from my IP at home to access the
intranet at work?  Or atleast allow my IP at home to get past the
firewall?  Is there a easy command I can imput into the Cisco PIX terminal?  

Thanks, Alex Papadimoulis
0
Comment
Question by:sckdesign
  • 2
  • 2
5 Comments
 
LVL 2

Expert Comment

by:MCSE-2002
ID: 8214266
Set up a vpn connection to a RRAS server at your work, and allow port TCP/1723 through the PIX. That is, if you are authorized.

0
 
LVL 79

Accepted Solution

by:
lrmoore earned 2000 total points
ID: 8215662
You need to create a one-to-one static nat map to your inside server, then permit TCP 1723 and GRE inbound.
Example - your server real ip is 10.10.50.50, you have a global IP of 66.77.88.99 that you can use

static(inside,outside)66.77.88.99 10.10.50.50 netmask 255.255.255.255
# in addition to your existing acls:
access-list 105 permit tcp any host 66.77.88.99 eq 1723
access-list 105 permit gre any host 66.77.88.99
#

Done

Of course, you can always setup the PIX to terminate the VPN tunnel, then you wouldn't need a server, but that's another story.



0
 

Author Comment

by:sckdesign
ID: 8217877
Thanks, that was very helpful.  If I set it up this way, would all internet traffic (www.yahoo.com, etc) be routed through this VPN connection?

What do you mean by "you can always setup the PIX to terminate the VPN tunnel, then you wouldn't need a server"  Would this be a router-to-router connection?

Thanks
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8218024
All traffic will only be routed through the VPN if you check the box "use default gateway on remote network"

You can terminate client's VPNs on the PIX instead of the server. There are trade-offs in doing it, though.

http://www.cisco.com/warp/public/110/pptppix.html
0
 

Author Comment

by:sckdesign
ID: 8218043
Thanks! I appreciate the quick answer.
0

Featured Post

Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question