Setting up a RAS or VPN?

Posted on 2004-03-24
Last Modified: 2012-05-04
I would like to be able to RAS or VPN into the network here at work. I have recently taken over as the new network admin, and I am a bit over my head right now.

I currently have an ACL setup to connect to the network via terminal services, but I would like to have the ability to setup a ras and or vpn connection.

How hard is this? What do I need to do?

Any help would be greatly appreciated!
Question by:MrBean
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
  • +1

Expert Comment

ID: 10668137
Well for VPN you need a VPN endpoint.
most of the time it is a firewall so it would be helpful if I know which one.
RAS itself is easy.
BUt also depending on the hardware you like to use I assume a CISCO router ?
keep me posted mate :)

LVL 79

Accepted Solution

lrmoore earned 100 total points
ID: 10668267

Author Comment

ID: 10669149
Wow, I got alot to learn ...

I hear that there are gui interfaces that you can use to look at the router configs, and to add/edit, etc. Is this true? Is it hard to setup? Maybe thats going to be my best way to start out with all of this ...
Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.


Expert Comment

ID: 10669176
the gui is called CDM. But as you said RAS I understand that people will get a dial up connection towards you and if that is the case the config proposed by Irmoore is not possible.
If you are not familiar with those things yes do get CDM, install it and play a bit with it.
It is not a one step installation if you like to have VPN adn RAS.
LVL 27

Expert Comment

ID: 10669177
Just to be clear, RAS is Remote Access Server and VPN is Virtual Private Network.  They're related, but not the same.  

If you had a RAS to your network, you would have to have some kind of modem bank probably connected to an ISDN line or a T1.  Users would DIAL IN over the Plain Old Telephone System (POTS), connect to the modems, and then be authenticated by the RAS server or other authentication means - such as RADIUS, LDAP, etc.

VPN is usually used by remote users to connect to the network over the Internet by "tunnelling" their traffic - which means encrypting it and wrapping it in outside network information so it can get to you where it is authenticated, stripped, and unencrypted.  To do this, the users have to have a client, or a branch office vpn connection, and you have to have a VPN endpoint on your network.  You could use a firewall, a router, or a dedicated VPN concentrator to be the endpoint - depending on what you already have in place.

Checkpoint has a good firewall & VPN product.  Cisco can do VPN on their PIX firewalls as well.  I administer a Nortel Contivity VPN - which is regularly reviewed to be some of the best in breed concentrators.  There are also SOHO solutions - for instance new Linksys Broadband routers can be VPN endpoints.  Additionally, Microsoft Servers can act as VPN endpoints - although I would not recommend this solution, just from personal preference.


Author Comment

ID: 10669281
bloemkool1980 - Where do I get this CDM program? I would like to learn more about it ...

pseudocyber - Well, I am still attempting to learn the setup of the previous admin. Thus far, I know we have two T1 lines coming in, both on their own Cisco PIX firewall. I only have access to one of the firewalls, as we had to guess the login for almost an hour. He did not leave any logins, but we do have the passwords. I still do not yet know the routers address's, nor logins. There is so much to be done ... I am in over my head this point.

lrmoore has been a big help thus far, but I have sooo much to do, so much to learn. The fact that I came in here knowing so little, and now trying to learn what the previous admin has done, with little documentation, is not going to be fun ...

LVL 79

Expert Comment

ID: 10669530
What version PIX OS are you running?
firewall#show version
If you have 6.x, then you already have the PDM installed
You would access it with a web browser https://<ip address of PIX>
Note the "s" on https
If you don't have PIX 6.x, then you will need a support contract to download from Cisco, because you will first have to upgrade to 6.x, then install the PDM on the PIX.

Just to be clear.
Microsoft RAS includes a PPTP VPN service. Yes, a RAS server can have a modem/modem pool so that users can dial directly into the server/network. OR, users can dial up to their own ISP (AOL, broadband, whatever), and using the Microsoft VPN client that comes with every Windows PC, connect up to a RAS-PPtP server.
The PIX firewall can take the Microsoft RAS server out of the equation and terminate the PPtP VPN from a Microsoft client.

Author Comment

ID: 10669578
Well from lrmoore helped me do earlier, I should be able to access the network via terminal services. I will know later today about that ...

As for the version of the PIX - 5.3 ... So is it going to be a pain in the a$$ to upgrade?
LVL 79

Expert Comment

ID: 10669720
You'll have to buy a SmartNet maintenance package before you can upgrade.
What model PIX is it?
Anywhere from $75 for 501 (Category 1), to $595 for 515 (Category 7)


Author Comment

ID: 10669770
Good to know, I doubt they will want to pay for the upgrade though.

Got another quick question. How do I find out the address's of the routers on the network? I only know the firewalls address.

I attempted to traceroute an external address to my pc, but does not even pass through the firewall? I am confused at this point. What is the best method/tool to discovering everything on the network?
LVL 79

Expert Comment

ID: 10669902
ip network browser from
Get a 30day (engineer's toolset) eval free

Author Comment

ID: 10669955
Downloading now, thanks!

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question