Here is what we have:
PIX 506E at corp HQ
PIX 501 at 12 remote offices
- two Active Directory servers that are fully functional DNS and WINS servers.
- one Application Server that runs Symantec AV Corp Edition + a few other apps
- one Network Attached Storage server (shares files only available to users at Corp)
- We want to manage remote computers over a VPN via PIX boxes
- We also want to be able to push out Symantec installs so we can mintor virus protection
- We also want to be able to setup a very limited set of IP's/URLs that remote office computers can visit
- We want to be able to manage all user accounts and passwords at Corp with Active directory
I have no cisco experience, but all these boxes were configured by a previous admin. We've rebuilt the Active directory structure correctly with a fully qualified domain name and everything is working fine but at this point we haven't added any of the remote computers to the domain - just the corp onese (there are about 15 of those).
Although the VPNs are configured already and are running, the previous admin failed to provide correct username's and passwords for the PIX boxes. I've already reset the password on the 506e at corp and have reviewed the PDM interface enough to know the VPN's are active. I will have to reset the passwords at each location on the PIX though, but when I do that I want to know how best to go about it and what are the recommended configurations for DNS traffic considering all the desires I listed above?
1.) Should I point DNS back to Corp over the VPN or use the ISP's DNS?
2.) Is there a need to specify WINS back to Corp?
3.) Whats the most secure way to remotely manage these PIX boxes?
4.) What is the best way to handel this conversion overall step by step?
5.) Am I missing any important details, because I'd like to take care of everything needed once remote site visits start so a second round of travel isn't required. Remote admin is key, being these offices are spread accross the state.
I know a imdiate question I will get is bandwidth, the corp office has a full T1 and each remote office has broadband with static IP's.
Any advice, feedback, ideas, suggestions would be greatly appreciated! Also, pointers on Cisco PIX and configuring them for remote access would be great.
Thank you all!!!