Solved

PIX VPN access to internal net

Posted on 2006-07-19
4
255 Views
Last Modified: 2013-11-16
Hi


I am able to connect with PPTP to the PIX (6.3) OK but cannot connect to the internal net. I believe that I need to set up access lists and NAT 0 etc.  I have an address pool on the same address range  as the internal net.  Unfortunately I only have command line access and am having trouble with the commands/syntax etc. I would appreciate some help understanding how do this.

Thanks

Roger
0
Comment
Question by:MlodeIT
  • 2
  • 2
4 Comments
 
LVL 32

Accepted Solution

by:
rsivanandan earned 500 total points
ID: 17139846
We could've fixed it in one stretch if you had posted your configuration;

Anyways;

1. Have a different ip pool for the vpn clients other than the internal Network ip, this could create a lot of routing issues.

Then to create the access-list part;

nat (inside) 0 access-list nonat

access-list nonat permit ip <InternalNetworkRange> <SubnetMask > <VPNClientIPRange> <SubnetMask>

That should be pretty much about it.

Cheers,
Rajesh
0
 

Author Comment

by:MlodeIT
ID: 17145295

many thanks

 seems to work fine - although I also had to add the sysopt connection permit-pptp .

I have a slight issue in that with PIX local athentication the user can connect and be presented with the windows log on box and authenticate OK- unless they are already connected to a domain eg on their local net in which case the local credentials  are used etc.(giving incorrect folder  permissions) Can the PIX authenticate a user with windows 2000 active directory? and how or is there a simpler way.

I will give the points now - if the above question is complicated then I will open a new question if you like.

Regards Roger
0
 

Author Comment

by:MlodeIT
ID: 17145303

many thanks

 seems to work fine - although I also had to add the sysopt connection permit-pptp .

I have a slight issue in that with PIX local athentication the user can connect and be presented with the windows log on box and authenticate OK- unless they are already connected to a domain eg on their local net in which case the local credentials  are used etc.(giving incorrect folder  permissions) Can the PIX authenticate a user with windows 2000 active directory? and how or is there a simpler way.

I will give the points now - if the above question is complicated then I will open a new question if you like.

Regards Roger
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17145462
Hmm.. So you want VPN Client to authenticate using Radius server to AD credentials...

Check out this link;

http://www.cisco.com/en/US/tech/tk583/tk547/tsd_technology_support_sub-protocol_home.html

See if that helps.

Cheers,
Rajesh
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ASA 5506 blocks telnet 11 36
Cisco 2960 unable to add SFP modules to device 9 107
Poll Active Directory user information 11 64
Cisco Wireless Access Controller 3 35
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question