Solved

VPN Newbie needs help

Posted on 2004-04-22
3
144 Views
Last Modified: 2010-04-11
I'm trying to figure out how to set up VPN access to my domain controller.  I have a T1 coming in to a Cisco 1720 router with a CSU/DSU module that is owned/controlled by my ISP, and lets all traffic through.  Next along the line is a Cisco PIX515E firewall that I own/control.  That is connected to an HP Procurve 2524 switch, as is the rest of my network.  This network has about 15 PCs and one server/domain controller, running W2k Server.  The goal of this VPN connection is to allow users to access their files from the road, using laptops from various hotels.

First, what rules do I need to add, and what and commands do I need to give to my firewall in order to allow VPN access to my domain controller (10.10.1.1)?

Second, how do I set up the VPN software on the server?  (encryption is a must)

My server has 2 network cards, one not in use right now, but I can easily put the server between the firewall and the switch if that will help.

Thanks!
0
Comment
Question by:BOlsz1
3 Comments
 

Accepted Solution

by:
Stevel123 earned 125 total points
Comment Utility
Firstly, you need to confirm what VPN solution you want to use...simplest with Win2K is pptp which is simple to configure and imbedded into 2K and allows clients to connect without further software.
I assume your 1721 has public addresses on the ethernet interface, we will assume this is 1.1.1.1/24 in this example and assume the inside interface on your pix is 2.2.2.1/24 and your W2K server is 2.2.2.2.

On the Pix create an ACL to allow inbound traffic using PPTP (TCP Port 1723).

access-list vpn permit tcp any host 1.1.1.2 1723
static (inside, outside) 1.1.1.2 2.2.2.2 netmask 255.255.255.255 0 0
access-group vpn in interface outside

This will set up the pix to allow inbound traffic from any IP to be translated to the IP address 2.2.2.2 when the tcp port used is 1723. This config assumes the IP address 1.1.1.2 is an unused and public address available within the range allocated by your ISP.

To create the client side connection, use the network connection wizard.

On the server side, use the ISA server wizard to create the PPTP RAS service...so much info on the web on how to do this that it's simpler to read a number of views and associated pictures..

IPSEC is a more conventional and in my opinion, far more secure and configurable solution but maybe start with PPTP and develop the IPSEC solution in tandem with the working PPTP solution ?


Cheers
Steve
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
Let’s list some of the technologies that enable smooth teleworking. 
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now