?
Solved

VPN CONFIG

Posted on 2005-03-15
2
Medium Priority
?
396 Views
Last Modified: 2012-05-05
Hi There

I am running a server 2003 box with ISA 2000 SP2 which is sitting behind a Cisco PIX 501 firewall

I have now had a Line installed at home so that i can work and configure from home.

I am dialing up to my ISP "Mweb" from there i need to get into our network "VPN"

Where do i obtain the vpn client software, i am running XP Pro on my laptop does it have it? if not please supply a link as to where i can get it.

Second, I am going to leave my current firewall config in this question, please look through it and tell me what i need to do for it to be able to accepts VPN connections.

I am n not very good with cisco at all so please supply the exact command line in the pix terminal which i need to type in to enable VPN tunnel.

Here is the config...

Hi-Tech(config)# show config
: Saved
: Written by enable_15 at 07:19:17.849 UTC Mon Mar 14 2005
PIX Version 6.3(3)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password nC1TgPA/j9j.bzQi encrypted
passwd nC1TgPA/j9j.bzQi encrypted
hostname Hi-Tech
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol pptp 1273
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list OUT_IN permit tcp any host 196.34.84.1 eq smtp
access-list OUT_IN permit tcp any host 196.34.84.1 eq pop3
access-list OUT_IN permit icmp any any echo-reply
access-list OUT_IN permit icmp any any time-exceeded
access-list OUT_IN permit icmp any any timestamp-reply
access-list OUT_IN permit tcp any host 196.34.84.1 eq www
access-list OUT_IN permit tcp any host 196.34.84.1 eq ftp
access-list OUT_IN permit tcp any host 196.34.84.4 eq ftp
access-list OUT_IN permit tcp any any eq 81
access-list IN_OUT permit ip host 192.168.0.1 any
access-list IN_OUT permit ip host 192.168.0.2 any
access-list IN_OUT permit udp any any eq isakmp
access-list IN_OUT permit esp any any
access-list IN_OUT permit tcp any any eq 81
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 196.34.84.13 255.255.255.240
ip address inside 192.168.0.254 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location 192.168.0.1 255.255.255.255 inside
pdm location 192.168.0.2 255.255.255.255 inside
pdm history enable
arp timeout 14400
global (outside) 1 196.34.84.4-196.34.84.12 netmask 255.255.255.240
global (outside) 1 196.34.84.3 netmask 255.255.255.240
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp 196.34.84.1 smtp 192.168.0.1 smtp netmask 255.255.25
5.255 0 0
static (inside,outside) 196.34.84.1 192.168.0.1 netmask 255.255.255.255 0 0
access-group OUT_IN in interface outside
route outside 0.0.0.0 0.0.0.0 196.34.84.14 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet 192.168.0.254 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:a7e25e02cd7f43bf95707ce6d0e0cd74
Hi-Tech(config)#
Hi-Tech(config)#
Hi-Tech(config)#
Hi-Tech(config)#
0
Comment
Question by:hitechauto
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 5

Expert Comment

by:mrwaqar
ID: 13553241
Hi,

VPN Client can be obtained from Cisco website. But thats not free. here is the link:
http://www.cisco.com/en/US/products/sw/secursw/ps2308/index.html

For using the VPN, you have to have a concentrator on the Host end  (in your office network in your case) which will authenticate the remote user and let it enter the network. In our setup concentrator is by-passing the firewall and hence pix is irrelivant in this case.(It didn't work behind firewall even after everything we tried).

Concentrator job is till you enter the network and there will be a tunnel established between your computer and the office network. You still will not be able to ping any of the computers of your network unless you change the Gateway as internal IP address if your concentrator. You probably can assign a terminal services enabled server for this purpose.

Hope this will help
0
 
LVL 5

Accepted Solution

by:
mrwaqar earned 1500 total points
ID: 13553280
More details can be found on the below link:

http://www.cisco.com/univercd/cc/td/doc/product/vpn/client/4_6/ugmac/connect.htm


It's a usefull link and I would suggest you to go through this
0

Featured Post

Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Make the most of your online learning experience.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question