Setting up a RAS or VPN?

Posted on 2004-03-24
Last Modified: 2012-05-04
I would like to be able to RAS or VPN into the network here at work. I have recently taken over as the new network admin, and I am a bit over my head right now.

I currently have an ACL setup to connect to the network via terminal services, but I would like to have the ability to setup a ras and or vpn connection.

How hard is this? What do I need to do?

Any help would be greatly appreciated!
Question by:MrBean
  • 5
  • 4
  • 2
  • +1

Expert Comment

ID: 10668137
Well for VPN you need a VPN endpoint.
most of the time it is a firewall so it would be helpful if I know which one.
RAS itself is easy.
BUt also depending on the hardware you like to use I assume a CISCO router ?
keep me posted mate :)

LVL 79

Accepted Solution

lrmoore earned 100 total points
ID: 10668267

Author Comment

ID: 10669149
Wow, I got alot to learn ...

I hear that there are gui interfaces that you can use to look at the router configs, and to add/edit, etc. Is this true? Is it hard to setup? Maybe thats going to be my best way to start out with all of this ...

Expert Comment

ID: 10669176
the gui is called CDM. But as you said RAS I understand that people will get a dial up connection towards you and if that is the case the config proposed by Irmoore is not possible.
If you are not familiar with those things yes do get CDM, install it and play a bit with it.
It is not a one step installation if you like to have VPN adn RAS.
LVL 27

Expert Comment

ID: 10669177
Just to be clear, RAS is Remote Access Server and VPN is Virtual Private Network.  They're related, but not the same.  

If you had a RAS to your network, you would have to have some kind of modem bank probably connected to an ISDN line or a T1.  Users would DIAL IN over the Plain Old Telephone System (POTS), connect to the modems, and then be authenticated by the RAS server or other authentication means - such as RADIUS, LDAP, etc.

VPN is usually used by remote users to connect to the network over the Internet by "tunnelling" their traffic - which means encrypting it and wrapping it in outside network information so it can get to you where it is authenticated, stripped, and unencrypted.  To do this, the users have to have a client, or a branch office vpn connection, and you have to have a VPN endpoint on your network.  You could use a firewall, a router, or a dedicated VPN concentrator to be the endpoint - depending on what you already have in place.

Checkpoint has a good firewall & VPN product.  Cisco can do VPN on their PIX firewalls as well.  I administer a Nortel Contivity VPN - which is regularly reviewed to be some of the best in breed concentrators.  There are also SOHO solutions - for instance new Linksys Broadband routers can be VPN endpoints.  Additionally, Microsoft Servers can act as VPN endpoints - although I would not recommend this solution, just from personal preference.


Author Comment

ID: 10669281
bloemkool1980 - Where do I get this CDM program? I would like to learn more about it ...

pseudocyber - Well, I am still attempting to learn the setup of the previous admin. Thus far, I know we have two T1 lines coming in, both on their own Cisco PIX firewall. I only have access to one of the firewalls, as we had to guess the login for almost an hour. He did not leave any logins, but we do have the passwords. I still do not yet know the routers address's, nor logins. There is so much to be done ... I am in over my head this point.

lrmoore has been a big help thus far, but I have sooo much to do, so much to learn. The fact that I came in here knowing so little, and now trying to learn what the previous admin has done, with little documentation, is not going to be fun ...

New! My Passport Wireless Pro Wi-Fi Mobile Storage

Portable wireless storage to offload, edit, and stream anywhere.

High-capacity, wireless mobile storage designed to accompany professional photographers and videographers in the field to easily offload, edit and stream captured photos and high-definition videos.

LVL 79

Expert Comment

ID: 10669530
What version PIX OS are you running?
firewall#show version
If you have 6.x, then you already have the PDM installed
You would access it with a web browser https://<ip address of PIX>
Note the "s" on https
If you don't have PIX 6.x, then you will need a support contract to download from Cisco, because you will first have to upgrade to 6.x, then install the PDM on the PIX.

Just to be clear.
Microsoft RAS includes a PPTP VPN service. Yes, a RAS server can have a modem/modem pool so that users can dial directly into the server/network. OR, users can dial up to their own ISP (AOL, broadband, whatever), and using the Microsoft VPN client that comes with every Windows PC, connect up to a RAS-PPtP server.
The PIX firewall can take the Microsoft RAS server out of the equation and terminate the PPtP VPN from a Microsoft client.

Author Comment

ID: 10669578
Well from lrmoore helped me do earlier, I should be able to access the network via terminal services. I will know later today about that ...

As for the version of the PIX - 5.3 ... So is it going to be a pain in the a$$ to upgrade?
LVL 79

Expert Comment

ID: 10669720
You'll have to buy a SmartNet maintenance package before you can upgrade.
What model PIX is it?
Anywhere from $75 for 501 (Category 1), to $595 for 515 (Category 7)


Author Comment

ID: 10669770
Good to know, I doubt they will want to pay for the upgrade though.

Got another quick question. How do I find out the address's of the routers on the network? I only know the firewalls address.

I attempted to traceroute an external address to my pc, but does not even pass through the firewall? I am confused at this point. What is the best method/tool to discovering everything on the network?
LVL 79

Expert Comment

ID: 10669902
ip network browser from
Get a 30day (engineer's toolset) eval free

Author Comment

ID: 10669955
Downloading now, thanks!

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Opening Ports 18 83
No RSTP between switches 3 46
SOFS cluser offline 3 39
Linksys 4 port wireless router 62 42
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now