Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

PIX VPN access to internal net

Posted on 2006-07-19
4
Medium Priority
?
257 Views
Last Modified: 2013-11-16
Hi


I am able to connect with PPTP to the PIX (6.3) OK but cannot connect to the internal net. I believe that I need to set up access lists and NAT 0 etc.  I have an address pool on the same address range  as the internal net.  Unfortunately I only have command line access and am having trouble with the commands/syntax etc. I would appreciate some help understanding how do this.

Thanks

Roger
0
Comment
Question by:MlodeIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 32

Accepted Solution

by:
rsivanandan earned 2000 total points
ID: 17139846
We could've fixed it in one stretch if you had posted your configuration;

Anyways;

1. Have a different ip pool for the vpn clients other than the internal Network ip, this could create a lot of routing issues.

Then to create the access-list part;

nat (inside) 0 access-list nonat

access-list nonat permit ip <InternalNetworkRange> <SubnetMask > <VPNClientIPRange> <SubnetMask>

That should be pretty much about it.

Cheers,
Rajesh
0
 

Author Comment

by:MlodeIT
ID: 17145295

many thanks

 seems to work fine - although I also had to add the sysopt connection permit-pptp .

I have a slight issue in that with PIX local athentication the user can connect and be presented with the windows log on box and authenticate OK- unless they are already connected to a domain eg on their local net in which case the local credentials  are used etc.(giving incorrect folder  permissions) Can the PIX authenticate a user with windows 2000 active directory? and how or is there a simpler way.

I will give the points now - if the above question is complicated then I will open a new question if you like.

Regards Roger
0
 

Author Comment

by:MlodeIT
ID: 17145303

many thanks

 seems to work fine - although I also had to add the sysopt connection permit-pptp .

I have a slight issue in that with PIX local athentication the user can connect and be presented with the windows log on box and authenticate OK- unless they are already connected to a domain eg on their local net in which case the local credentials  are used etc.(giving incorrect folder  permissions) Can the PIX authenticate a user with windows 2000 active directory? and how or is there a simpler way.

I will give the points now - if the above question is complicated then I will open a new question if you like.

Regards Roger
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17145462
Hmm.. So you want VPN Client to authenticate using Radius server to AD credentials...

Check out this link;

http://www.cisco.com/en/US/tech/tk583/tk547/tsd_technology_support_sub-protocol_home.html

See if that helps.

Cheers,
Rajesh
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question