How to connect remote Windows XP clients to PIX 525  using Windows inbuilt VPN.

Posted on 2004-08-23
Last Modified: 2010-04-12
I want to be able to configure Windows XP clients to be able to VPN to a Cisco PIX 525. Unfortunately the user community at this particular company are VERY computer illiterate and putting the Cisco VPN client in front of them may cause a heart attack. All the users have DSL and can cope with connecting their machines, and are also able to cope with the concept of double clicking a Windows DUN connection Icon.
I have sat in front of Google for a solution on using XP's built in VPN support, but there are so many results showing out of date or conflicting solutions. I just need the clients to be able to be able to browse the Windows network in the office. There is a Windows 2003 standard edition server there that runs AD and file sharing. What is the best solution and the best PIX configuration?

Thanks Guys

Question by:kjorviss
  • 3
  • 2
LVL 36

Expert Comment

ID: 11867955

Author Comment

ID: 11868037

I saw that example, but what put me off that is I will never know what IP address the client will be assigned. Most of these remote workers just have standard DSL with DHCP assigned addresses from whatever ISP they are using. In addition to that the company has the PIX connected to a BellSouth DSL line with a static IP so the config is one public address that has all the outgoing connections via PAT on that address. Does that mean I could dispose of the router portion of the Cisco example and use the public IP on the outside interface of the PIX instead?


LVL 36

Accepted Solution

grblades earned 500 total points
ID: 11868134
Don't worry about the fact that the example shows the IP address of the client. This IP address is not specified anywhere in the configuration. They only list it so you can correlate it's IP address from the example 'debug' output.

The router in your case will be the router belinging to your DSL provider. You just put the public internet address on the outside of your PIX and put the default gateway in the 'route' command as in the example.

Author Comment

ID: 11868334
Thanks for that, I can go to bed now! I thought that  a static client address was dependent on that example which is why I ignored it. So I can use the same address that is being used for the outgoing connections or would I use another free address from the ISP just for the PPTP connections?
LVL 36

Expert Comment

ID: 11868374
For the pptp address pool you can use any private address range you like. I would avoid 192.168.0.x and 192.168.1.x as these are commonly used by home DSL routers and if you used these ranges it could cause problems. I would just pick a random number between 5 and 250 and use 192.168.random_num.0/ as the address range.

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Setting up ipSec VPN between ZyXEL routers 3 43
SOHO Router with software VPN access 1 42
VPN issue 2 57
Setting up L2TP/IPsec in RRAS 5 14
For a while, I have wanted to connect my HTC Incredible to my corporate network to take advantage of the phone's powerful capabilities. I searched online and came up with varied answers from "it won't work" to super complicated statements that I did…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now