Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 258
  • Last Modified:

PIX VPN access to internal net

Hi


I am able to connect with PPTP to the PIX (6.3) OK but cannot connect to the internal net. I believe that I need to set up access lists and NAT 0 etc.  I have an address pool on the same address range  as the internal net.  Unfortunately I only have command line access and am having trouble with the commands/syntax etc. I would appreciate some help understanding how do this.

Thanks

Roger
0
MlodeIT
Asked:
MlodeIT
  • 2
  • 2
1 Solution
 
rsivanandanCommented:
We could've fixed it in one stretch if you had posted your configuration;

Anyways;

1. Have a different ip pool for the vpn clients other than the internal Network ip, this could create a lot of routing issues.

Then to create the access-list part;

nat (inside) 0 access-list nonat

access-list nonat permit ip <InternalNetworkRange> <SubnetMask > <VPNClientIPRange> <SubnetMask>

That should be pretty much about it.

Cheers,
Rajesh
0
 
MlodeITAuthor Commented:

many thanks

 seems to work fine - although I also had to add the sysopt connection permit-pptp .

I have a slight issue in that with PIX local athentication the user can connect and be presented with the windows log on box and authenticate OK- unless they are already connected to a domain eg on their local net in which case the local credentials  are used etc.(giving incorrect folder  permissions) Can the PIX authenticate a user with windows 2000 active directory? and how or is there a simpler way.

I will give the points now - if the above question is complicated then I will open a new question if you like.

Regards Roger
0
 
MlodeITAuthor Commented:

many thanks

 seems to work fine - although I also had to add the sysopt connection permit-pptp .

I have a slight issue in that with PIX local athentication the user can connect and be presented with the windows log on box and authenticate OK- unless they are already connected to a domain eg on their local net in which case the local credentials  are used etc.(giving incorrect folder  permissions) Can the PIX authenticate a user with windows 2000 active directory? and how or is there a simpler way.

I will give the points now - if the above question is complicated then I will open a new question if you like.

Regards Roger
0
 
rsivanandanCommented:
Hmm.. So you want VPN Client to authenticate using Radius server to AD credentials...

Check out this link;

http://www.cisco.com/en/US/tech/tk583/tk547/tsd_technology_support_sub-protocol_home.html

See if that helps.

Cheers,
Rajesh
0

Featured Post

Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now