Solved

Setting up VPN using Cisco Pix 501

Posted on 2006-11-14
14
362 Views
Last Modified: 2010-04-12
Hi Guys

I've been given a task to setup a VPN for our remote users. All i need is a process how vpn works i.e what i need and where i need it (i.e physical location of each component). May be different options available to me

We have got a cisco pix 501, which i believe allow you to setup VPN connections.

I would like to know

What do i need to do on cisco pix, how the users would be authenticated, do i need a VPN server or does pix act as a server. Do i need a certificate? i would like users to use their normal username and password to connect to work LAN.

Once i know how VPN works then i can get down to start configuring the pix or servers..  I just want to know that if i go with option then i need this and this and if i go with this option then i need this and that. and how these components would be connected.

Point me to any good websites which has diagrams and then step on how to configure each bit?

Thanks

Sho
Thanks
 
0
Comment
Question by:shoaib2000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +1
14 Comments
 
LVL 32

Accepted Solution

by:
rsivanandan earned 50 total points
ID: 17939675
1. PIX is a wonderful device to act as a VPN Server.

2. You can have your users connect to PIX and get authenticated via Active Directory accounts, by using Radius authentication along with that.

Now, to solve all your problems, all you need to take a look at it is this one link from Cisco;

http://www.cisco.coam/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800b6099.shtml

Cheers,
Rajesh
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 50 total points
ID: 17939690
See if you can follow the directions in this thread where I'm trying to help someone else do the exact same thing.

http://www.experts-exchange.com/Security/Firewalls/Q_22050646.html

Post any questions that you may have here and we'll work you through it. It really is a simple process if you follow the directions.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17939704
Rajesh, your link is broken
This is the correct link:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800b6099.shtml

Yours = www.cisco.coam 
                                ^^
Correct = www.cisco.com
0
Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

 
LVL 32

Expert Comment

by:rsivanandan
ID: 17939750
Oh, I don't know where that 'a' came from!

Cheers,
Rajesh
0
 

Author Comment

by:shoaib2000
ID: 17956384
Hi Rajesh

I've already seen that link before but it didn't make sense to me, it also talks about an IAS, i didnt know how did that fitted in with the rest of the system, So where does ISA server fits in. We already have a OutLook Web access working which is setup something like this.

All the internet traffic goes to our DrayTech router which is forwarding all the traffic to ISA server, ISA server is using the Radius to authenticate users with DC. So where did the IAS fitted in. I also need to know what should be where i.e infront of the fire wall or behind the fire wall?

Thanks

Sho

 
0
 

Author Comment

by:shoaib2000
ID: 17956441
Also i've been told that you can use the certificates to authenticate users using SSL?? How does this work with Cisco? Is this a better way of setting things up?

Thanks

Shoaib
0
 

Author Comment

by:shoaib2000
ID: 17956473
Sorry one more question, does the ISA server need 2 network cards or can it work with one and you configure the software to forward all the traffic to a DC which i guess would be behind a firewall??
0
 

Author Comment

by:shoaib2000
ID: 18218844
Hi

I answered my question myself. I rang the DreyTek's helpline and they talked me through setting and the VPN is working through a DreyTec router and ISA Server. The problem was the dreytec once i've setup a DMZ on the dreytec and open up the ports the VPN worked fine.

Could i please have the points refunded.

Thanks

Shoaib
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 18218853
>I would like to know
>What do i need to do on cisco pix,
That question was answered with a link to a detailed configuration example.
Where did DreyTek come from? There is nothing in your posted question about anything regarding a DreyTek router or ISA server - only a PIX 501.

Your original question was answerd points should be awarded.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 18218858
Thanks Les, that confirms my own view.
Happy new year

Keith
0
 

Author Comment

by:shoaib2000
ID: 18218888
Yes my origonal question was pix 501 but couldn't get it to work at all, followed all the links and no luck, a friend then recommended using a dreytec and ISA server which was lot more simple to configure and i gave up the idea to use pix 501.

Sorry i should have updated the forum, it just that once the VPN was working through dreytek and ISA i completely forgot about this Q i had posted here and only remembered it when i got the email about the question being abandoned.

Majority of the links provided in the possible solutions had already been seen by me as i mentioned in my comments previously.
 
>I've already seen that link before but it didn't make sense to me

So Appologies for any inconvenience this may have caused.

Thanks

Sho
0

Featured Post

Don't miss ATEN at NAB Show April 24-27!

Visit ATEN at NAB Show to learn how our "Seamlessly Entertaining" solutions deliver fast, precise video streaming without delays for the broadcasting and media environment. ATEN will showcase its 16x16 Modular Matrix Switch (VM1600) and KVM Over IP Solution (KE6900 series).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco ASA5508-X vs Barracuda X200 2 79
ASA Tunnel 18 49
Review of OCA certificate policy 1 41
Sonicwall VPN and DHCP Setup 10 63
Sometimes, you want your microsoft VPN to route all the traffic to the remote network. Usually your employer network. This makes it possible to access all the nodes inside this remote LAN, even if they have no "public DNS" entries. To do so, you wo…
For a while, I have wanted to connect my HTC Incredible to my corporate network to take advantage of the phone's powerful capabilities. I searched online and came up with varied answers from "it won't work" to super complicated statements that I did…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question