• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 405
  • Last Modified:

VPN CONFIG

Hi There

I am running a server 2003 box with ISA 2000 SP2 which is sitting behind a Cisco PIX 501 firewall

I have now had a Line installed at home so that i can work and configure from home.

I am dialing up to my ISP "Mweb" from there i need to get into our network "VPN"

Where do i obtain the vpn client software, i am running XP Pro on my laptop does it have it? if not please supply a link as to where i can get it.

Second, I am going to leave my current firewall config in this question, please look through it and tell me what i need to do for it to be able to accepts VPN connections.

I am n not very good with cisco at all so please supply the exact command line in the pix terminal which i need to type in to enable VPN tunnel.

Here is the config...

Hi-Tech(config)# show config
: Saved
: Written by enable_15 at 07:19:17.849 UTC Mon Mar 14 2005
PIX Version 6.3(3)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password nC1TgPA/j9j.bzQi encrypted
passwd nC1TgPA/j9j.bzQi encrypted
hostname Hi-Tech
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol pptp 1273
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list OUT_IN permit tcp any host 196.34.84.1 eq smtp
access-list OUT_IN permit tcp any host 196.34.84.1 eq pop3
access-list OUT_IN permit icmp any any echo-reply
access-list OUT_IN permit icmp any any time-exceeded
access-list OUT_IN permit icmp any any timestamp-reply
access-list OUT_IN permit tcp any host 196.34.84.1 eq www
access-list OUT_IN permit tcp any host 196.34.84.1 eq ftp
access-list OUT_IN permit tcp any host 196.34.84.4 eq ftp
access-list OUT_IN permit tcp any any eq 81
access-list IN_OUT permit ip host 192.168.0.1 any
access-list IN_OUT permit ip host 192.168.0.2 any
access-list IN_OUT permit udp any any eq isakmp
access-list IN_OUT permit esp any any
access-list IN_OUT permit tcp any any eq 81
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 196.34.84.13 255.255.255.240
ip address inside 192.168.0.254 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location 192.168.0.1 255.255.255.255 inside
pdm location 192.168.0.2 255.255.255.255 inside
pdm history enable
arp timeout 14400
global (outside) 1 196.34.84.4-196.34.84.12 netmask 255.255.255.240
global (outside) 1 196.34.84.3 netmask 255.255.255.240
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp 196.34.84.1 smtp 192.168.0.1 smtp netmask 255.255.25
5.255 0 0
static (inside,outside) 196.34.84.1 192.168.0.1 netmask 255.255.255.255 0 0
access-group OUT_IN in interface outside
route outside 0.0.0.0 0.0.0.0 196.34.84.14 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet 192.168.0.254 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:a7e25e02cd7f43bf95707ce6d0e0cd74
Hi-Tech(config)#
Hi-Tech(config)#
Hi-Tech(config)#
Hi-Tech(config)#
0
hitechauto
Asked:
hitechauto
  • 2
1 Solution
 
mrwaqarCommented:
Hi,

VPN Client can be obtained from Cisco website. But thats not free. here is the link:
http://www.cisco.com/en/US/products/sw/secursw/ps2308/index.html

For using the VPN, you have to have a concentrator on the Host end  (in your office network in your case) which will authenticate the remote user and let it enter the network. In our setup concentrator is by-passing the firewall and hence pix is irrelivant in this case.(It didn't work behind firewall even after everything we tried).

Concentrator job is till you enter the network and there will be a tunnel established between your computer and the office network. You still will not be able to ping any of the computers of your network unless you change the Gateway as internal IP address if your concentrator. You probably can assign a terminal services enabled server for this purpose.

Hope this will help
0
 
mrwaqarCommented:
More details can be found on the below link:

http://www.cisco.com/univercd/cc/td/doc/product/vpn/client/4_6/ugmac/connect.htm


It's a usefull link and I would suggest you to go through this
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now