Solved

VPN connection to SBS2003 via PIX 501

Posted on 2006-11-01
2
211 Views
Last Modified: 2010-03-18
I am trying to make a client system authenticate to a Small Business Server 2003 server over a VPN connection.  At the front of that network is a PIX 501.  I am able to connect to the PIX 501 and authenticate the client on the PIX 501.  I am not able to autheticate to an account on the Small Business Server.

There are only three pieces to this puzzle at this point.  The client system (windows 2000 pro), The PIX 501, and the SBS 2003 box.

I feel the issue is at this point I am missing something in the PIX to tell it to communicate with the SBS but that is just a guess.

Thanks
0
Comment
Question by:cfische4
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 250 total points
ID: 17879162
You'll find lots of discussion about this here:  http://snipurl.com/11bqn

Do you really want to have the PIX be your endpoint?  If not, just pass the traffic through to the SBS on port 1723 with GRE Protocol 47.

Jeff
TechSoEasy
0
 

Author Comment

by:cfische4
ID: 17880941
I reviewed the link you sent and I will give the following a look and see what it does for me and let you know.

What we will need to do
to allow the GRE traffic manually is to change the current nat statement on
the firewall from "nat (inside) 1 192.168.254.0 255.255.255.0" to "nat
(inside) 1 0.0.0.0 0.0.0.0 0 0" and to add the line "access-list inbound
permit gre any host 12.12.20.12" to the access list.


My network is designed like this:


Interent --> PIX --> SBS --> Switch --> Workstations
12.12.20.12 (Public IP on WAN port of PIX). 192.168.254.1 internal port of
PIX. 192.168.254.2 is external NIC of SBS and the default internal NIC of
192.168.16.2 for SBS doing DHCP.


P.S. I made up 12.12.20.12 to protect the innocent. :-)


0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question