Setting up a RAS or VPN?

Posted on 2004-03-24
Last Modified: 2012-05-04
I would like to be able to RAS or VPN into the network here at work. I have recently taken over as the new network admin, and I am a bit over my head right now.

I currently have an ACL setup to connect to the network via terminal services, but I would like to have the ability to setup a ras and or vpn connection.

How hard is this? What do I need to do?

Any help would be greatly appreciated!
Question by:MrBean
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
  • +1

Expert Comment

ID: 10668137
Well for VPN you need a VPN endpoint.
most of the time it is a firewall so it would be helpful if I know which one.
RAS itself is easy.
BUt also depending on the hardware you like to use I assume a CISCO router ?
keep me posted mate :)

LVL 79

Accepted Solution

lrmoore earned 100 total points
ID: 10668267

Author Comment

ID: 10669149
Wow, I got alot to learn ...

I hear that there are gui interfaces that you can use to look at the router configs, and to add/edit, etc. Is this true? Is it hard to setup? Maybe thats going to be my best way to start out with all of this ...
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Expert Comment

ID: 10669176
the gui is called CDM. But as you said RAS I understand that people will get a dial up connection towards you and if that is the case the config proposed by Irmoore is not possible.
If you are not familiar with those things yes do get CDM, install it and play a bit with it.
It is not a one step installation if you like to have VPN adn RAS.
LVL 27

Expert Comment

ID: 10669177
Just to be clear, RAS is Remote Access Server and VPN is Virtual Private Network.  They're related, but not the same.  

If you had a RAS to your network, you would have to have some kind of modem bank probably connected to an ISDN line or a T1.  Users would DIAL IN over the Plain Old Telephone System (POTS), connect to the modems, and then be authenticated by the RAS server or other authentication means - such as RADIUS, LDAP, etc.

VPN is usually used by remote users to connect to the network over the Internet by "tunnelling" their traffic - which means encrypting it and wrapping it in outside network information so it can get to you where it is authenticated, stripped, and unencrypted.  To do this, the users have to have a client, or a branch office vpn connection, and you have to have a VPN endpoint on your network.  You could use a firewall, a router, or a dedicated VPN concentrator to be the endpoint - depending on what you already have in place.

Checkpoint has a good firewall & VPN product.  Cisco can do VPN on their PIX firewalls as well.  I administer a Nortel Contivity VPN - which is regularly reviewed to be some of the best in breed concentrators.  There are also SOHO solutions - for instance new Linksys Broadband routers can be VPN endpoints.  Additionally, Microsoft Servers can act as VPN endpoints - although I would not recommend this solution, just from personal preference.


Author Comment

ID: 10669281
bloemkool1980 - Where do I get this CDM program? I would like to learn more about it ...

pseudocyber - Well, I am still attempting to learn the setup of the previous admin. Thus far, I know we have two T1 lines coming in, both on their own Cisco PIX firewall. I only have access to one of the firewalls, as we had to guess the login for almost an hour. He did not leave any logins, but we do have the passwords. I still do not yet know the routers address's, nor logins. There is so much to be done ... I am in over my head this point.

lrmoore has been a big help thus far, but I have sooo much to do, so much to learn. The fact that I came in here knowing so little, and now trying to learn what the previous admin has done, with little documentation, is not going to be fun ...

LVL 79

Expert Comment

ID: 10669530
What version PIX OS are you running?
firewall#show version
If you have 6.x, then you already have the PDM installed
You would access it with a web browser https://<ip address of PIX>
Note the "s" on https
If you don't have PIX 6.x, then you will need a support contract to download from Cisco, because you will first have to upgrade to 6.x, then install the PDM on the PIX.

Just to be clear.
Microsoft RAS includes a PPTP VPN service. Yes, a RAS server can have a modem/modem pool so that users can dial directly into the server/network. OR, users can dial up to their own ISP (AOL, broadband, whatever), and using the Microsoft VPN client that comes with every Windows PC, connect up to a RAS-PPtP server.
The PIX firewall can take the Microsoft RAS server out of the equation and terminate the PPtP VPN from a Microsoft client.

Author Comment

ID: 10669578
Well from lrmoore helped me do earlier, I should be able to access the network via terminal services. I will know later today about that ...

As for the version of the PIX - 5.3 ... So is it going to be a pain in the a$$ to upgrade?
LVL 79

Expert Comment

ID: 10669720
You'll have to buy a SmartNet maintenance package before you can upgrade.
What model PIX is it?
Anywhere from $75 for 501 (Category 1), to $595 for 515 (Category 7)


Author Comment

ID: 10669770
Good to know, I doubt they will want to pay for the upgrade though.

Got another quick question. How do I find out the address's of the routers on the network? I only know the firewalls address.

I attempted to traceroute an external address to my pc, but does not even pass through the firewall? I am confused at this point. What is the best method/tool to discovering everything on the network?
LVL 79

Expert Comment

ID: 10669902
ip network browser from
Get a 30day (engineer's toolset) eval free

Author Comment

ID: 10669955
Downloading now, thanks!

Featured Post

Webinar June 1st - Attacking Ransomware  

The global cyberattack that corrupted hundreds of thousands of computer systems on May 12th had a face, name, & price tag that we’ve seen all too often in recent years: Ransomware. With the stakes – and costs – of a ransomware attack higher than ever, is your business prepared ?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Connectivity drops 9 76
ASA NAT rule change 3 82
external website is 16 37
Hyper-V Replica establishing problem 11 26
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question