Solved

VPN Newbie needs help

Posted on 2004-04-22
3
146 Views
Last Modified: 2010-04-11
I'm trying to figure out how to set up VPN access to my domain controller.  I have a T1 coming in to a Cisco 1720 router with a CSU/DSU module that is owned/controlled by my ISP, and lets all traffic through.  Next along the line is a Cisco PIX515E firewall that I own/control.  That is connected to an HP Procurve 2524 switch, as is the rest of my network.  This network has about 15 PCs and one server/domain controller, running W2k Server.  The goal of this VPN connection is to allow users to access their files from the road, using laptops from various hotels.

First, what rules do I need to add, and what and commands do I need to give to my firewall in order to allow VPN access to my domain controller (10.10.1.1)?

Second, how do I set up the VPN software on the server?  (encryption is a must)

My server has 2 network cards, one not in use right now, but I can easily put the server between the firewall and the switch if that will help.

Thanks!
0
Comment
Question by:BOlsz1
3 Comments
 

Accepted Solution

by:
Stevel123 earned 125 total points
ID: 10891451
Firstly, you need to confirm what VPN solution you want to use...simplest with Win2K is pptp which is simple to configure and imbedded into 2K and allows clients to connect without further software.
I assume your 1721 has public addresses on the ethernet interface, we will assume this is 1.1.1.1/24 in this example and assume the inside interface on your pix is 2.2.2.1/24 and your W2K server is 2.2.2.2.

On the Pix create an ACL to allow inbound traffic using PPTP (TCP Port 1723).

access-list vpn permit tcp any host 1.1.1.2 1723
static (inside, outside) 1.1.1.2 2.2.2.2 netmask 255.255.255.255 0 0
access-group vpn in interface outside

This will set up the pix to allow inbound traffic from any IP to be translated to the IP address 2.2.2.2 when the tcp port used is 1723. This config assumes the IP address 1.1.1.2 is an unused and public address available within the range allocated by your ISP.

To create the client side connection, use the network connection wizard.

On the server side, use the ISA server wizard to create the PPTP RAS service...so much info on the web on how to do this that it's simpler to read a number of views and associated pictures..

IPSEC is a more conventional and in my opinion, far more secure and configurable solution but maybe start with PPTP and develop the IPSEC solution in tandem with the working PPTP solution ?


Cheers
Steve
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question