?
Solved

Setting up VPN using Cisco Pix 501

Posted on 2006-11-14
14
Medium Priority
?
364 Views
Last Modified: 2010-04-12
Hi Guys

I've been given a task to setup a VPN for our remote users. All i need is a process how vpn works i.e what i need and where i need it (i.e physical location of each component). May be different options available to me

We have got a cisco pix 501, which i believe allow you to setup VPN connections.

I would like to know

What do i need to do on cisco pix, how the users would be authenticated, do i need a VPN server or does pix act as a server. Do i need a certificate? i would like users to use their normal username and password to connect to work LAN.

Once i know how VPN works then i can get down to start configuring the pix or servers..  I just want to know that if i go with option then i need this and this and if i go with this option then i need this and that. and how these components would be connected.

Point me to any good websites which has diagrams and then step on how to configure each bit?

Thanks

Sho
Thanks
 
0
Comment
Question by:shoaib2000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +1
14 Comments
 
LVL 32

Accepted Solution

by:
rsivanandan earned 200 total points
ID: 17939675
1. PIX is a wonderful device to act as a VPN Server.

2. You can have your users connect to PIX and get authenticated via Active Directory accounts, by using Radius authentication along with that.

Now, to solve all your problems, all you need to take a look at it is this one link from Cisco;

http://www.cisco.coam/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800b6099.shtml

Cheers,
Rajesh
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 200 total points
ID: 17939690
See if you can follow the directions in this thread where I'm trying to help someone else do the exact same thing.

http://www.experts-exchange.com/Security/Firewalls/Q_22050646.html

Post any questions that you may have here and we'll work you through it. It really is a simple process if you follow the directions.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17939704
Rajesh, your link is broken
This is the correct link:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800b6099.shtml

Yours = www.cisco.coam 
                                ^^
Correct = www.cisco.com
0
Supports up to 4K resolution!

The VS192 2-Port 4K DisplayPort Splitter is perfect for anyone who needs to send one source of DisplayPort high definition video to two or four DisplayPort displays. The VS192 can split and also expand DisplayPort audio/video signal on two or four DisplayPort monitors.

 
LVL 32

Expert Comment

by:rsivanandan
ID: 17939750
Oh, I don't know where that 'a' came from!

Cheers,
Rajesh
0
 

Author Comment

by:shoaib2000
ID: 17956384
Hi Rajesh

I've already seen that link before but it didn't make sense to me, it also talks about an IAS, i didnt know how did that fitted in with the rest of the system, So where does ISA server fits in. We already have a OutLook Web access working which is setup something like this.

All the internet traffic goes to our DrayTech router which is forwarding all the traffic to ISA server, ISA server is using the Radius to authenticate users with DC. So where did the IAS fitted in. I also need to know what should be where i.e infront of the fire wall or behind the fire wall?

Thanks

Sho

 
0
 

Author Comment

by:shoaib2000
ID: 17956441
Also i've been told that you can use the certificates to authenticate users using SSL?? How does this work with Cisco? Is this a better way of setting things up?

Thanks

Shoaib
0
 

Author Comment

by:shoaib2000
ID: 17956473
Sorry one more question, does the ISA server need 2 network cards or can it work with one and you configure the software to forward all the traffic to a DC which i guess would be behind a firewall??
0
 

Author Comment

by:shoaib2000
ID: 18218844
Hi

I answered my question myself. I rang the DreyTek's helpline and they talked me through setting and the VPN is working through a DreyTec router and ISA Server. The problem was the dreytec once i've setup a DMZ on the dreytec and open up the ports the VPN worked fine.

Could i please have the points refunded.

Thanks

Shoaib
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 18218853
>I would like to know
>What do i need to do on cisco pix,
That question was answered with a link to a detailed configuration example.
Where did DreyTek come from? There is nothing in your posted question about anything regarding a DreyTek router or ISA server - only a PIX 501.

Your original question was answerd points should be awarded.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 18218858
Thanks Les, that confirms my own view.
Happy new year

Keith
0
 

Author Comment

by:shoaib2000
ID: 18218888
Yes my origonal question was pix 501 but couldn't get it to work at all, followed all the links and no luck, a friend then recommended using a dreytec and ISA server which was lot more simple to configure and i gave up the idea to use pix 501.

Sorry i should have updated the forum, it just that once the VPN was working through dreytek and ISA i completely forgot about this Q i had posted here and only remembered it when i got the email about the question being abandoned.

Majority of the links provided in the possible solutions had already been seen by me as i mentioned in my comments previously.
 
>I've already seen that link before but it didn't make sense to me

So Appologies for any inconvenience this may have caused.

Thanks

Sho
0

Featured Post

Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the Top 10  common Cisco VPN problems are not-matching shared keys. This is an easy one to fix, but not always easy to notice, see the case below. A simple IPsec tunnel between fast Ethernet interfaces of routers SW1 (f1/1) and R1(f0/0). …
Overview Often, we set up VPN appliances where the connected clients are on a separate subnet and the company will have alternate internet connections and do not use this particular device as the gateway for certain servers or clients. In this case…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question