PIX VPN access to internal net

Hi


I am able to connect with PPTP to the PIX (6.3) OK but cannot connect to the internal net. I believe that I need to set up access lists and NAT 0 etc.  I have an address pool on the same address range  as the internal net.  Unfortunately I only have command line access and am having trouble with the commands/syntax etc. I would appreciate some help understanding how do this.

Thanks

Roger
MlodeITAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
rsivanandanConnect With a Mentor Commented:
We could've fixed it in one stretch if you had posted your configuration;

Anyways;

1. Have a different ip pool for the vpn clients other than the internal Network ip, this could create a lot of routing issues.

Then to create the access-list part;

nat (inside) 0 access-list nonat

access-list nonat permit ip <InternalNetworkRange> <SubnetMask > <VPNClientIPRange> <SubnetMask>

That should be pretty much about it.

Cheers,
Rajesh
0
 
MlodeITAuthor Commented:

many thanks

 seems to work fine - although I also had to add the sysopt connection permit-pptp .

I have a slight issue in that with PIX local athentication the user can connect and be presented with the windows log on box and authenticate OK- unless they are already connected to a domain eg on their local net in which case the local credentials  are used etc.(giving incorrect folder  permissions) Can the PIX authenticate a user with windows 2000 active directory? and how or is there a simpler way.

I will give the points now - if the above question is complicated then I will open a new question if you like.

Regards Roger
0
 
MlodeITAuthor Commented:

many thanks

 seems to work fine - although I also had to add the sysopt connection permit-pptp .

I have a slight issue in that with PIX local athentication the user can connect and be presented with the windows log on box and authenticate OK- unless they are already connected to a domain eg on their local net in which case the local credentials  are used etc.(giving incorrect folder  permissions) Can the PIX authenticate a user with windows 2000 active directory? and how or is there a simpler way.

I will give the points now - if the above question is complicated then I will open a new question if you like.

Regards Roger
0
 
rsivanandanCommented:
Hmm.. So you want VPN Client to authenticate using Radius server to AD credentials...

Check out this link;

http://www.cisco.com/en/US/tech/tk583/tk547/tsd_technology_support_sub-protocol_home.html

See if that helps.

Cheers,
Rajesh
0
All Courses

From novice to tech pro — start learning today.