Link to home
Start Free TrialLog in
Avatar of shoaib2000
shoaib2000Flag for United Kingdom of Great Britain and Northern Ireland

asked on

Setting up VPN using Cisco Pix 501

Hi Guys

I've been given a task to setup a VPN for our remote users. All i need is a process how vpn works i.e what i need and where i need it (i.e physical location of each component). May be different options available to me

We have got a cisco pix 501, which i believe allow you to setup VPN connections.

I would like to know

What do i need to do on cisco pix, how the users would be authenticated, do i need a VPN server or does pix act as a server. Do i need a certificate? i would like users to use their normal username and password to connect to work LAN.

Once i know how VPN works then i can get down to start configuring the pix or servers..  I just want to know that if i go with option then i need this and this and if i go with this option then i need this and that. and how these components would be connected.

Point me to any good websites which has diagrams and then step on how to configure each bit?

Thanks

Sho
Thanks
 
ASKER CERTIFIED SOLUTION
Avatar of rsivanandan
rsivanandan
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Les Moore
Les Moore
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Rajesh, your link is broken
This is the correct link:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800b6099.shtml

Yours = www.cisco.coam 
                                ^^
Correct = www.cisco.com
Oh, I don't know where that 'a' came from!

Cheers,
Rajesh
Avatar of shoaib2000

ASKER

Hi Rajesh

I've already seen that link before but it didn't make sense to me, it also talks about an IAS, i didnt know how did that fitted in with the rest of the system, So where does ISA server fits in. We already have a OutLook Web access working which is setup something like this.

All the internet traffic goes to our DrayTech router which is forwarding all the traffic to ISA server, ISA server is using the Radius to authenticate users with DC. So where did the IAS fitted in. I also need to know what should be where i.e infront of the fire wall or behind the fire wall?

Thanks

Sho

 
Also i've been told that you can use the certificates to authenticate users using SSL?? How does this work with Cisco? Is this a better way of setting things up?

Thanks

Shoaib
Sorry one more question, does the ISA server need 2 network cards or can it work with one and you configure the software to forward all the traffic to a DC which i guess would be behind a firewall??
Hi

I answered my question myself. I rang the DreyTek's helpline and they talked me through setting and the VPN is working through a DreyTec router and ISA Server. The problem was the dreytec once i've setup a DMZ on the dreytec and open up the ports the VPN worked fine.

Could i please have the points refunded.

Thanks

Shoaib
>I would like to know
>What do i need to do on cisco pix,
That question was answered with a link to a detailed configuration example.
Where did DreyTek come from? There is nothing in your posted question about anything regarding a DreyTek router or ISA server - only a PIX 501.

Your original question was answerd points should be awarded.
Thanks Les, that confirms my own view.
Happy new year

Keith
Yes my origonal question was pix 501 but couldn't get it to work at all, followed all the links and no luck, a friend then recommended using a dreytec and ISA server which was lot more simple to configure and i gave up the idea to use pix 501.

Sorry i should have updated the forum, it just that once the VPN was working through dreytek and ISA i completely forgot about this Q i had posted here and only remembered it when i got the email about the question being abandoned.

Majority of the links provided in the possible solutions had already been seen by me as i mentioned in my comments previously.
 
>I've already seen that link before but it didn't make sense to me

So Appologies for any inconvenience this may have caused.

Thanks

Sho