Solved

VPN on Cisco Pix 515e

Posted on 2004-09-14
11
175 Views
Last Modified: 2013-11-16
What is the best way to set up a VPN to allow remote users from home to access the network?  I've tried setting up a simple vpn setup and connect fine; however, I cannot access email or anything on the network.  It pulls an IP address from the pool and assigns the WINS configurations, however, it does not add our gateway.  I'm not sure what I missed, but would like to start over "correctly".  Thanks for any help you can offer.
0
Comment
Question by:AdminBWC
  • 7
  • 4
11 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 12060614
If you use the configuration here, and the Cisco VPN client, it is a great solution:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009442e.shtml

Pay particular attention to the fact that the VPN pool is different from the local LAN subnet..

The other "gotcha" to watch out for is using the most common IP subnets - 10.10.10.x, 10.1.1.x, 10.0.0.x, 192.168.0.x, 192.168.1.x on your inside PIX. Since these are also the most  common on home broadband networks, having the same on both sides is inherently problematic..
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12076445
Are you still working on this? Any updates to your status?

0
 

Author Comment

by:AdminBWC
ID: 12077173
I am still working on this.  I do have a question though.  Do I have to use a VPN client?  Also, I failed to mention the PIX is set up with a DMZ.  Does this make a difference?
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 79

Expert Comment

by:lrmoore
ID: 12077499
No, you don't have to use any IPSEC client software, you can use Microsoft PPTP VPN client that comes with most Windows versions.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080143a5d.shtml

DMZ does not make a difference. If VPN users need access to both the inside and the DMZ, it will only affect how you craft your access-lists...

If you use the Microsoft client, make sure you have the properties checked "use default gateway on remote network" and you should be able to access your inside hosts.
0
 

Author Comment

by:AdminBWC
ID: 12084443
Ok, I can get connected, but I cannot browse the network, access email or anything else on the network.  The IP address assigned comes from the pool of IPs. Any suggestions?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12085057
On the VPN client, select Properties, Networking tab, TCP/IP, Properties, Advanced button, Use Default gateway on remote network - checked?

Is the pool of IP's a different subnet than your local LAN?
0
 

Author Comment

by:AdminBWC
ID: 12192879
Ok, I'm connected and working fine with VPN - Cisco helped me add/correct my commands on the PIX.  There's only one problem - outside email will not come through.  Exchange mail comes in fine, but SMTP/POP3 errors out.  Any suggestions?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12192927
> Exchange mail comes in fine, but SMTP/POP3 errors out
Does it error out on the client while connected to the VPN?
Do you have the "use default gateway on remote network" option checked? If yes, then this is expected behavior and only manual manipulation of the route table on the PC will fix it, and this will have to be done every time a VPn connection is established.
0
 

Author Comment

by:AdminBWC
ID: 12199178
Yes, Cisco gave the commands to do this, but I think I'd like to take a different route.  Can you help with Outlook Web Mail over VPN?  It works inside the network just fine by typing exchangeservername\user, but I can't get it to work from home over VPN.

I think our problem is this:
We have our Exchange and AD on one server and our IIS, SMTP and POP3 accounts within a DMZ on another server.  Is there a way to get Outlook Web Mail working in the VPN?

Thanks for all your help with this.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 150 total points
ID: 12201411
The server that you connect for OWA is actually located in the DMZ?
You would need to add the DMZ subnet to the nat-0 access-list
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12280440
Are you still working on this? Can we be of any more assistance?
Can you close out this question?
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question