Solved

Setting up VPN using Cisco Pix 501

Posted on 2006-11-14
14
357 Views
Last Modified: 2010-04-12
Hi Guys

I've been given a task to setup a VPN for our remote users. All i need is a process how vpn works i.e what i need and where i need it (i.e physical location of each component). May be different options available to me

We have got a cisco pix 501, which i believe allow you to setup VPN connections.

I would like to know

What do i need to do on cisco pix, how the users would be authenticated, do i need a VPN server or does pix act as a server. Do i need a certificate? i would like users to use their normal username and password to connect to work LAN.

Once i know how VPN works then i can get down to start configuring the pix or servers..  I just want to know that if i go with option then i need this and this and if i go with this option then i need this and that. and how these components would be connected.

Point me to any good websites which has diagrams and then step on how to configure each bit?

Thanks

Sho
Thanks
 
0
Comment
Question by:shoaib2000
  • 5
  • 3
  • 2
  • +1
14 Comments
 
LVL 32

Accepted Solution

by:
rsivanandan earned 50 total points
Comment Utility
1. PIX is a wonderful device to act as a VPN Server.

2. You can have your users connect to PIX and get authenticated via Active Directory accounts, by using Radius authentication along with that.

Now, to solve all your problems, all you need to take a look at it is this one link from Cisco;

http://www.cisco.coam/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800b6099.shtml

Cheers,
Rajesh
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 50 total points
Comment Utility
See if you can follow the directions in this thread where I'm trying to help someone else do the exact same thing.

http://www.experts-exchange.com/Security/Firewalls/Q_22050646.html

Post any questions that you may have here and we'll work you through it. It really is a simple process if you follow the directions.
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
Rajesh, your link is broken
This is the correct link:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800b6099.shtml

Yours = www.cisco.coam
                                ^^
Correct = www.cisco.com
0
 
LVL 32

Expert Comment

by:rsivanandan
Comment Utility
Oh, I don't know where that 'a' came from!

Cheers,
Rajesh
0
 

Author Comment

by:shoaib2000
Comment Utility
Hi Rajesh

I've already seen that link before but it didn't make sense to me, it also talks about an IAS, i didnt know how did that fitted in with the rest of the system, So where does ISA server fits in. We already have a OutLook Web access working which is setup something like this.

All the internet traffic goes to our DrayTech router which is forwarding all the traffic to ISA server, ISA server is using the Radius to authenticate users with DC. So where did the IAS fitted in. I also need to know what should be where i.e infront of the fire wall or behind the fire wall?

Thanks

Sho

 
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 

Author Comment

by:shoaib2000
Comment Utility
Also i've been told that you can use the certificates to authenticate users using SSL?? How does this work with Cisco? Is this a better way of setting things up?

Thanks

Shoaib
0
 

Author Comment

by:shoaib2000
Comment Utility
Sorry one more question, does the ISA server need 2 network cards or can it work with one and you configure the software to forward all the traffic to a DC which i guess would be behind a firewall??
0
 

Author Comment

by:shoaib2000
Comment Utility
Hi

I answered my question myself. I rang the DreyTek's helpline and they talked me through setting and the VPN is working through a DreyTec router and ISA Server. The problem was the dreytec once i've setup a DMZ on the dreytec and open up the ports the VPN worked fine.

Could i please have the points refunded.

Thanks

Shoaib
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
>I would like to know
>What do i need to do on cisco pix,
That question was answered with a link to a detailed configuration example.
Where did DreyTek come from? There is nothing in your posted question about anything regarding a DreyTek router or ISA server - only a PIX 501.

Your original question was answerd points should be awarded.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
Thanks Les, that confirms my own view.
Happy new year

Keith
0
 

Author Comment

by:shoaib2000
Comment Utility
Yes my origonal question was pix 501 but couldn't get it to work at all, followed all the links and no luck, a friend then recommended using a dreytec and ISA server which was lot more simple to configure and i gave up the idea to use pix 501.

Sorry i should have updated the forum, it just that once the VPN was working through dreytek and ISA i completely forgot about this Q i had posted here and only remembered it when i got the email about the question being abandoned.

Majority of the links provided in the possible solutions had already been seen by me as i mentioned in my comments previously.
 
>I've already seen that link before but it didn't make sense to me

So Appologies for any inconvenience this may have caused.

Thanks

Sho
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

For a while, I have wanted to connect my HTC Incredible to my corporate network to take advantage of the phone's powerful capabilities. I searched online and came up with varied answers from "it won't work" to super complicated statements that I did…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now