We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now


Setting up a RAS or VPN?

Medium Priority
Last Modified: 2012-05-04
I would like to be able to RAS or VPN into the network here at work. I have recently taken over as the new network admin, and I am a bit over my head right now.

I currently have an ACL setup to connect to the network via terminal services, but I would like to have the ability to setup a ras and or vpn connection.

How hard is this? What do I need to do?

Any help would be greatly appreciated!
Watch Question

Well for VPN you need a VPN endpoint.
most of the time it is a firewall so it would be helpful if I know which one.
RAS itself is easy.
BUt also depending on the hardware you like to use I assume a CISCO router ?
keep me posted mate :)

Sr. Systems Engineer
Top Expert 2008
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview


Wow, I got alot to learn ...

I hear that there are gui interfaces that you can use to look at the router configs, and to add/edit, etc. Is this true? Is it hard to setup? Maybe thats going to be my best way to start out with all of this ...
the gui is called CDM. But as you said RAS I understand that people will get a dial up connection towards you and if that is the case the config proposed by Irmoore is not possible.
If you are not familiar with those things yes do get CDM, install it and play a bit with it.
It is not a one step installation if you like to have VPN adn RAS.
Top Expert 2004

Just to be clear, RAS is Remote Access Server and VPN is Virtual Private Network.  They're related, but not the same.  

If you had a RAS to your network, you would have to have some kind of modem bank probably connected to an ISDN line or a T1.  Users would DIAL IN over the Plain Old Telephone System (POTS), connect to the modems, and then be authenticated by the RAS server or other authentication means - such as RADIUS, LDAP, etc.

VPN is usually used by remote users to connect to the network over the Internet by "tunnelling" their traffic - which means encrypting it and wrapping it in outside network information so it can get to you where it is authenticated, stripped, and unencrypted.  To do this, the users have to have a client, or a branch office vpn connection, and you have to have a VPN endpoint on your network.  You could use a firewall, a router, or a dedicated VPN concentrator to be the endpoint - depending on what you already have in place.

Checkpoint has a good firewall & VPN product.  Cisco can do VPN on their PIX firewalls as well.  I administer a Nortel Contivity VPN - which is regularly reviewed to be some of the best in breed concentrators.  There are also SOHO solutions - for instance new Linksys Broadband routers can be VPN endpoints.  Additionally, Microsoft Servers can act as VPN endpoints - although I would not recommend this solution, just from personal preference.



bloemkool1980 - Where do I get this CDM program? I would like to learn more about it ...

pseudocyber - Well, I am still attempting to learn the setup of the previous admin. Thus far, I know we have two T1 lines coming in, both on their own Cisco PIX firewall. I only have access to one of the firewalls, as we had to guess the login for almost an hour. He did not leave any logins, but we do have the passwords. I still do not yet know the routers address's, nor logins. There is so much to be done ... I am in over my head this point.

lrmoore has been a big help thus far, but I have sooo much to do, so much to learn. The fact that I came in here knowing so little, and now trying to learn what the previous admin has done, with little documentation, is not going to be fun ...

Les MooreSr. Systems Engineer
Top Expert 2008

What version PIX OS are you running?
firewall#show version
If you have 6.x, then you already have the PDM installed
You would access it with a web browser https://<ip address of PIX>
Note the "s" on https
If you don't have PIX 6.x, then you will need a support contract to download from Cisco, because you will first have to upgrade to 6.x, then install the PDM on the PIX.

Just to be clear.
Microsoft RAS includes a PPTP VPN service. Yes, a RAS server can have a modem/modem pool so that users can dial directly into the server/network. OR, users can dial up to their own ISP (AOL, broadband, whatever), and using the Microsoft VPN client that comes with every Windows PC, connect up to a RAS-PPtP server.
The PIX firewall can take the Microsoft RAS server out of the equation and terminate the PPtP VPN from a Microsoft client.


Well from lrmoore helped me do earlier, I should be able to access the network via terminal services. I will know later today about that ...

As for the version of the PIX - 5.3 ... So is it going to be a pain in the a$$ to upgrade?
Les MooreSr. Systems Engineer
Top Expert 2008

You'll have to buy a SmartNet maintenance package before you can upgrade.
What model PIX is it?
Anywhere from $75 for 501 (Category 1), to $595 for 515 (Category 7)


Good to know, I doubt they will want to pay for the upgrade though.

Got another quick question. How do I find out the address's of the routers on the network? I only know the firewalls address.

I attempted to traceroute an external address to my pc, but does not even pass through the firewall? I am confused at this point. What is the best method/tool to discovering everything on the network?
Les MooreSr. Systems Engineer
Top Expert 2008

ip network browser from http://www.solarwinds.net
Get a 30day (engineer's toolset) eval free


Downloading now, thanks!
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.