Solved

PIX VPN access to internal net

Posted on 2006-07-19
4
253 Views
Last Modified: 2013-11-16
Hi


I am able to connect with PPTP to the PIX (6.3) OK but cannot connect to the internal net. I believe that I need to set up access lists and NAT 0 etc.  I have an address pool on the same address range  as the internal net.  Unfortunately I only have command line access and am having trouble with the commands/syntax etc. I would appreciate some help understanding how do this.

Thanks

Roger
0
Comment
Question by:MlodeIT
  • 2
  • 2
4 Comments
 
LVL 32

Accepted Solution

by:
rsivanandan earned 500 total points
ID: 17139846
We could've fixed it in one stretch if you had posted your configuration;

Anyways;

1. Have a different ip pool for the vpn clients other than the internal Network ip, this could create a lot of routing issues.

Then to create the access-list part;

nat (inside) 0 access-list nonat

access-list nonat permit ip <InternalNetworkRange> <SubnetMask > <VPNClientIPRange> <SubnetMask>

That should be pretty much about it.

Cheers,
Rajesh
0
 

Author Comment

by:MlodeIT
ID: 17145295

many thanks

 seems to work fine - although I also had to add the sysopt connection permit-pptp .

I have a slight issue in that with PIX local athentication the user can connect and be presented with the windows log on box and authenticate OK- unless they are already connected to a domain eg on their local net in which case the local credentials  are used etc.(giving incorrect folder  permissions) Can the PIX authenticate a user with windows 2000 active directory? and how or is there a simpler way.

I will give the points now - if the above question is complicated then I will open a new question if you like.

Regards Roger
0
 

Author Comment

by:MlodeIT
ID: 17145303

many thanks

 seems to work fine - although I also had to add the sysopt connection permit-pptp .

I have a slight issue in that with PIX local athentication the user can connect and be presented with the windows log on box and authenticate OK- unless they are already connected to a domain eg on their local net in which case the local credentials  are used etc.(giving incorrect folder  permissions) Can the PIX authenticate a user with windows 2000 active directory? and how or is there a simpler way.

I will give the points now - if the above question is complicated then I will open a new question if you like.

Regards Roger
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17145462
Hmm.. So you want VPN Client to authenticate using Radius server to AD credentials...

Check out this link;

http://www.cisco.com/en/US/tech/tk583/tk547/tsd_technology_support_sub-protocol_home.html

See if that helps.

Cheers,
Rajesh
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question