Solved

VPN connection to SBS2003 via PIX 501

Posted on 2006-11-01
2
207 Views
Last Modified: 2010-03-18
I am trying to make a client system authenticate to a Small Business Server 2003 server over a VPN connection.  At the front of that network is a PIX 501.  I am able to connect to the PIX 501 and authenticate the client on the PIX 501.  I am not able to autheticate to an account on the Small Business Server.

There are only three pieces to this puzzle at this point.  The client system (windows 2000 pro), The PIX 501, and the SBS 2003 box.

I feel the issue is at this point I am missing something in the PIX to tell it to communicate with the SBS but that is just a guess.

Thanks
0
Comment
Question by:cfische4
2 Comments
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 250 total points
Comment Utility
You'll find lots of discussion about this here:  http://snipurl.com/11bqn

Do you really want to have the PIX be your endpoint?  If not, just pass the traffic through to the SBS on port 1723 with GRE Protocol 47.

Jeff
TechSoEasy
0
 

Author Comment

by:cfische4
Comment Utility
I reviewed the link you sent and I will give the following a look and see what it does for me and let you know.

What we will need to do
to allow the GRE traffic manually is to change the current nat statement on
the firewall from "nat (inside) 1 192.168.254.0 255.255.255.0" to "nat
(inside) 1 0.0.0.0 0.0.0.0 0 0" and to add the line "access-list inbound
permit gre any host 12.12.20.12" to the access list.


My network is designed like this:


Interent --> PIX --> SBS --> Switch --> Workstations
12.12.20.12 (Public IP on WAN port of PIX). 192.168.254.1 internal port of
PIX. 192.168.254.2 is external NIC of SBS and the default internal NIC of
192.168.16.2 for SBS doing DHCP.


P.S. I made up 12.12.20.12 to protect the innocent. :-)


0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now