Setting up VPN using Cisco Pix 501

Hi Guys

I've been given a task to setup a VPN for our remote users. All i need is a process how vpn works i.e what i need and where i need it (i.e physical location of each component). May be different options available to me

We have got a cisco pix 501, which i believe allow you to setup VPN connections.

I would like to know

What do i need to do on cisco pix, how the users would be authenticated, do i need a VPN server or does pix act as a server. Do i need a certificate? i would like users to use their normal username and password to connect to work LAN.

Once i know how VPN works then i can get down to start configuring the pix or servers..  I just want to know that if i go with option then i need this and this and if i go with this option then i need this and that. and how these components would be connected.

Point me to any good websites which has diagrams and then step on how to configure each bit?

Thanks

Sho
Thanks
 
shoaib2000Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
rsivanandanConnect With a Mentor Commented:
1. PIX is a wonderful device to act as a VPN Server.

2. You can have your users connect to PIX and get authenticated via Active Directory accounts, by using Radius authentication along with that.

Now, to solve all your problems, all you need to take a look at it is this one link from Cisco;

http://www.cisco.coam/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800b6099.shtml

Cheers,
Rajesh
0
 
lrmooreConnect With a Mentor Commented:
See if you can follow the directions in this thread where I'm trying to help someone else do the exact same thing.

http://www.experts-exchange.com/Security/Firewalls/Q_22050646.html

Post any questions that you may have here and we'll work you through it. It really is a simple process if you follow the directions.
0
 
lrmooreCommented:
Rajesh, your link is broken
This is the correct link:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800b6099.shtml

Yours = www.cisco.coam 
                                ^^
Correct = www.cisco.com
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
rsivanandanCommented:
Oh, I don't know where that 'a' came from!

Cheers,
Rajesh
0
 
shoaib2000Author Commented:
Hi Rajesh

I've already seen that link before but it didn't make sense to me, it also talks about an IAS, i didnt know how did that fitted in with the rest of the system, So where does ISA server fits in. We already have a OutLook Web access working which is setup something like this.

All the internet traffic goes to our DrayTech router which is forwarding all the traffic to ISA server, ISA server is using the Radius to authenticate users with DC. So where did the IAS fitted in. I also need to know what should be where i.e infront of the fire wall or behind the fire wall?

Thanks

Sho

 
0
 
shoaib2000Author Commented:
Also i've been told that you can use the certificates to authenticate users using SSL?? How does this work with Cisco? Is this a better way of setting things up?

Thanks

Shoaib
0
 
shoaib2000Author Commented:
Sorry one more question, does the ISA server need 2 network cards or can it work with one and you configure the software to forward all the traffic to a DC which i guess would be behind a firewall??
0
 
shoaib2000Author Commented:
Hi

I answered my question myself. I rang the DreyTek's helpline and they talked me through setting and the VPN is working through a DreyTec router and ISA Server. The problem was the dreytec once i've setup a DMZ on the dreytec and open up the ports the VPN worked fine.

Could i please have the points refunded.

Thanks

Shoaib
0
 
lrmooreCommented:
>I would like to know
>What do i need to do on cisco pix,
That question was answered with a link to a detailed configuration example.
Where did DreyTek come from? There is nothing in your posted question about anything regarding a DreyTek router or ISA server - only a PIX 501.

Your original question was answerd points should be awarded.
0
 
Keith AlabasterEnterprise ArchitectCommented:
Thanks Les, that confirms my own view.
Happy new year

Keith
0
 
shoaib2000Author Commented:
Yes my origonal question was pix 501 but couldn't get it to work at all, followed all the links and no luck, a friend then recommended using a dreytec and ISA server which was lot more simple to configure and i gave up the idea to use pix 501.

Sorry i should have updated the forum, it just that once the VPN was working through dreytek and ISA i completely forgot about this Q i had posted here and only remembered it when i got the email about the question being abandoned.

Majority of the links provided in the possible solutions had already been seen by me as i mentioned in my comments previously.
 
>I've already seen that link before but it didn't make sense to me

So Appologies for any inconvenience this may have caused.

Thanks

Sho
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.