Solved

VPN Newbie needs help

Posted on 2004-04-22
3
145 Views
Last Modified: 2010-04-11
I'm trying to figure out how to set up VPN access to my domain controller.  I have a T1 coming in to a Cisco 1720 router with a CSU/DSU module that is owned/controlled by my ISP, and lets all traffic through.  Next along the line is a Cisco PIX515E firewall that I own/control.  That is connected to an HP Procurve 2524 switch, as is the rest of my network.  This network has about 15 PCs and one server/domain controller, running W2k Server.  The goal of this VPN connection is to allow users to access their files from the road, using laptops from various hotels.

First, what rules do I need to add, and what and commands do I need to give to my firewall in order to allow VPN access to my domain controller (10.10.1.1)?

Second, how do I set up the VPN software on the server?  (encryption is a must)

My server has 2 network cards, one not in use right now, but I can easily put the server between the firewall and the switch if that will help.

Thanks!
0
Comment
Question by:BOlsz1
3 Comments
 

Accepted Solution

by:
Stevel123 earned 125 total points
ID: 10891451
Firstly, you need to confirm what VPN solution you want to use...simplest with Win2K is pptp which is simple to configure and imbedded into 2K and allows clients to connect without further software.
I assume your 1721 has public addresses on the ethernet interface, we will assume this is 1.1.1.1/24 in this example and assume the inside interface on your pix is 2.2.2.1/24 and your W2K server is 2.2.2.2.

On the Pix create an ACL to allow inbound traffic using PPTP (TCP Port 1723).

access-list vpn permit tcp any host 1.1.1.2 1723
static (inside, outside) 1.1.1.2 2.2.2.2 netmask 255.255.255.255 0 0
access-group vpn in interface outside

This will set up the pix to allow inbound traffic from any IP to be translated to the IP address 2.2.2.2 when the tcp port used is 1723. This config assumes the IP address 1.1.1.2 is an unused and public address available within the range allocated by your ISP.

To create the client side connection, use the network connection wizard.

On the server side, use the ISA server wizard to create the PPTP RAS service...so much info on the web on how to do this that it's simpler to read a number of views and associated pictures..

IPSEC is a more conventional and in my opinion, far more secure and configurable solution but maybe start with PPTP and develop the IPSEC solution in tandem with the working PPTP solution ?


Cheers
Steve
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now