Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

VPN on Cisco Pix 515e

Posted on 2004-09-14
11
Medium Priority
?
179 Views
Last Modified: 2013-11-16
What is the best way to set up a VPN to allow remote users from home to access the network?  I've tried setting up a simple vpn setup and connect fine; however, I cannot access email or anything on the network.  It pulls an IP address from the pool and assigns the WINS configurations, however, it does not add our gateway.  I'm not sure what I missed, but would like to start over "correctly".  Thanks for any help you can offer.
0
Comment
Question by:AdminBWC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
11 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 12060614
If you use the configuration here, and the Cisco VPN client, it is a great solution:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009442e.shtml

Pay particular attention to the fact that the VPN pool is different from the local LAN subnet..

The other "gotcha" to watch out for is using the most common IP subnets - 10.10.10.x, 10.1.1.x, 10.0.0.x, 192.168.0.x, 192.168.1.x on your inside PIX. Since these are also the most  common on home broadband networks, having the same on both sides is inherently problematic..
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12076445
Are you still working on this? Any updates to your status?

0
 

Author Comment

by:AdminBWC
ID: 12077173
I am still working on this.  I do have a question though.  Do I have to use a VPN client?  Also, I failed to mention the PIX is set up with a DMZ.  Does this make a difference?
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
LVL 79

Expert Comment

by:lrmoore
ID: 12077499
No, you don't have to use any IPSEC client software, you can use Microsoft PPTP VPN client that comes with most Windows versions.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080143a5d.shtml

DMZ does not make a difference. If VPN users need access to both the inside and the DMZ, it will only affect how you craft your access-lists...

If you use the Microsoft client, make sure you have the properties checked "use default gateway on remote network" and you should be able to access your inside hosts.
0
 

Author Comment

by:AdminBWC
ID: 12084443
Ok, I can get connected, but I cannot browse the network, access email or anything else on the network.  The IP address assigned comes from the pool of IPs. Any suggestions?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12085057
On the VPN client, select Properties, Networking tab, TCP/IP, Properties, Advanced button, Use Default gateway on remote network - checked?

Is the pool of IP's a different subnet than your local LAN?
0
 

Author Comment

by:AdminBWC
ID: 12192879
Ok, I'm connected and working fine with VPN - Cisco helped me add/correct my commands on the PIX.  There's only one problem - outside email will not come through.  Exchange mail comes in fine, but SMTP/POP3 errors out.  Any suggestions?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12192927
> Exchange mail comes in fine, but SMTP/POP3 errors out
Does it error out on the client while connected to the VPN?
Do you have the "use default gateway on remote network" option checked? If yes, then this is expected behavior and only manual manipulation of the route table on the PC will fix it, and this will have to be done every time a VPn connection is established.
0
 

Author Comment

by:AdminBWC
ID: 12199178
Yes, Cisco gave the commands to do this, but I think I'd like to take a different route.  Can you help with Outlook Web Mail over VPN?  It works inside the network just fine by typing exchangeservername\user, but I can't get it to work from home over VPN.

I think our problem is this:
We have our Exchange and AD on one server and our IIS, SMTP and POP3 accounts within a DMZ on another server.  Is there a way to get Outlook Web Mail working in the VPN?

Thanks for all your help with this.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 450 total points
ID: 12201411
The server that you connect for OWA is actually located in the DMZ?
You would need to add the DMZ subnet to the nat-0 access-list
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12280440
Are you still working on this? Can we be of any more assistance?
Can you close out this question?
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question