Solved

Setting up a RAS or VPN?

Posted on 2004-03-24
12
2,121 Views
Last Modified: 2012-05-04
I would like to be able to RAS or VPN into the network here at work. I have recently taken over as the new network admin, and I am a bit over my head right now.

I currently have an ACL setup to connect to the network via terminal services, but I would like to have the ability to setup a ras and or vpn connection.

How hard is this? What do I need to do?

Any help would be greatly appreciated!
0
Comment
Question by:MrBean
  • 5
  • 4
  • 2
  • +1
12 Comments
 
LVL 6

Expert Comment

by:bloemkool1980
Comment Utility
Well for VPN you need a VPN endpoint.
most of the time it is a firewall so it would be helpful if I know which one.
RAS itself is easy.
BUt also depending on the hardware you like to use I assume a CISCO router ?
keep me posted mate :)

cheers
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 100 total points
Comment Utility
0
 

Author Comment

by:MrBean
Comment Utility
Wow, I got alot to learn ...

I hear that there are gui interfaces that you can use to look at the router configs, and to add/edit, etc. Is this true? Is it hard to setup? Maybe thats going to be my best way to start out with all of this ...
0
 
LVL 6

Expert Comment

by:bloemkool1980
Comment Utility
the gui is called CDM. But as you said RAS I understand that people will get a dial up connection towards you and if that is the case the config proposed by Irmoore is not possible.
If you are not familiar with those things yes do get CDM, install it and play a bit with it.
It is not a one step installation if you like to have VPN adn RAS.
0
 
LVL 27

Expert Comment

by:pseudocyber
Comment Utility
Just to be clear, RAS is Remote Access Server and VPN is Virtual Private Network.  They're related, but not the same.  

If you had a RAS to your network, you would have to have some kind of modem bank probably connected to an ISDN line or a T1.  Users would DIAL IN over the Plain Old Telephone System (POTS), connect to the modems, and then be authenticated by the RAS server or other authentication means - such as RADIUS, LDAP, etc.

VPN is usually used by remote users to connect to the network over the Internet by "tunnelling" their traffic - which means encrypting it and wrapping it in outside network information so it can get to you where it is authenticated, stripped, and unencrypted.  To do this, the users have to have a client, or a branch office vpn connection, and you have to have a VPN endpoint on your network.  You could use a firewall, a router, or a dedicated VPN concentrator to be the endpoint - depending on what you already have in place.

Checkpoint has a good firewall & VPN product.  Cisco can do VPN on their PIX firewalls as well.  I administer a Nortel Contivity VPN - which is regularly reviewed to be some of the best in breed concentrators.  There are also SOHO solutions - for instance new Linksys Broadband routers can be VPN endpoints.  Additionally, Microsoft Servers can act as VPN endpoints - although I would not recommend this solution, just from personal preference.

HTH
0
 

Author Comment

by:MrBean
Comment Utility
bloemkool1980 - Where do I get this CDM program? I would like to learn more about it ...

pseudocyber - Well, I am still attempting to learn the setup of the previous admin. Thus far, I know we have two T1 lines coming in, both on their own Cisco PIX firewall. I only have access to one of the firewalls, as we had to guess the login for almost an hour. He did not leave any logins, but we do have the passwords. I still do not yet know the routers address's, nor logins. There is so much to be done ... I am in over my head this point.

lrmoore has been a big help thus far, but I have sooo much to do, so much to learn. The fact that I came in here knowing so little, and now trying to learn what the previous admin has done, with little documentation, is not going to be fun ...

0
Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
MrBean,
What version PIX OS are you running?
firewall#show version
If you have 6.x, then you already have the PDM installed
You would access it with a web browser https://<ip address of PIX>
Note the "s" on https
If you don't have PIX 6.x, then you will need a support contract to download from Cisco, because you will first have to upgrade to 6.x, then install the PDM on the PIX.

Just to be clear.
Microsoft RAS includes a PPTP VPN service. Yes, a RAS server can have a modem/modem pool so that users can dial directly into the server/network. OR, users can dial up to their own ISP (AOL, broadband, whatever), and using the Microsoft VPN client that comes with every Windows PC, connect up to a RAS-PPtP server.
The PIX firewall can take the Microsoft RAS server out of the equation and terminate the PPtP VPN from a Microsoft client.
0
 

Author Comment

by:MrBean
Comment Utility
Well from lrmoore helped me do earlier, I should be able to access the network via terminal services. I will know later today about that ...

As for the version of the PIX - 5.3 ... So is it going to be a pain in the a$$ to upgrade?
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
You'll have to buy a SmartNet maintenance package before you can upgrade.
What model PIX is it?
Anywhere from $75 for 501 (Category 1), to $595 for 515 (Category 7)

0
 

Author Comment

by:MrBean
Comment Utility
Good to know, I doubt they will want to pay for the upgrade though.

Got another quick question. How do I find out the address's of the routers on the network? I only know the firewalls address.

I attempted to traceroute an external address to my pc, but does not even pass through the firewall? I am confused at this point. What is the best method/tool to discovering everything on the network?
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
ip network browser from http://www.solarwinds.net
Get a 30day (engineer's toolset) eval free
0
 

Author Comment

by:MrBean
Comment Utility
Downloading now, thanks!
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now