Solved

VPN Newbie needs help

Posted on 2004-04-22
3
149 Views
Last Modified: 2010-04-11
I'm trying to figure out how to set up VPN access to my domain controller.  I have a T1 coming in to a Cisco 1720 router with a CSU/DSU module that is owned/controlled by my ISP, and lets all traffic through.  Next along the line is a Cisco PIX515E firewall that I own/control.  That is connected to an HP Procurve 2524 switch, as is the rest of my network.  This network has about 15 PCs and one server/domain controller, running W2k Server.  The goal of this VPN connection is to allow users to access their files from the road, using laptops from various hotels.

First, what rules do I need to add, and what and commands do I need to give to my firewall in order to allow VPN access to my domain controller (10.10.1.1)?

Second, how do I set up the VPN software on the server?  (encryption is a must)

My server has 2 network cards, one not in use right now, but I can easily put the server between the firewall and the switch if that will help.

Thanks!
0
Comment
Question by:BOlsz1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 

Accepted Solution

by:
Stevel123 earned 125 total points
ID: 10891451
Firstly, you need to confirm what VPN solution you want to use...simplest with Win2K is pptp which is simple to configure and imbedded into 2K and allows clients to connect without further software.
I assume your 1721 has public addresses on the ethernet interface, we will assume this is 1.1.1.1/24 in this example and assume the inside interface on your pix is 2.2.2.1/24 and your W2K server is 2.2.2.2.

On the Pix create an ACL to allow inbound traffic using PPTP (TCP Port 1723).

access-list vpn permit tcp any host 1.1.1.2 1723
static (inside, outside) 1.1.1.2 2.2.2.2 netmask 255.255.255.255 0 0
access-group vpn in interface outside

This will set up the pix to allow inbound traffic from any IP to be translated to the IP address 2.2.2.2 when the tcp port used is 1723. This config assumes the IP address 1.1.1.2 is an unused and public address available within the range allocated by your ISP.

To create the client side connection, use the network connection wizard.

On the server side, use the ISA server wizard to create the PPTP RAS service...so much info on the web on how to do this that it's simpler to read a number of views and associated pictures..

IPSEC is a more conventional and in my opinion, far more secure and configurable solution but maybe start with PPTP and develop the IPSEC solution in tandem with the working PPTP solution ?


Cheers
Steve
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question