Solved

CISCO Pix 501 and Windows Server 2003 VPN Configuration

Posted on 2008-10-02
4
499 Views
Last Modified: 2012-05-05
Hello,

I have the need to allow remote users access to one of our file servers in our internal network. We use a Cisco Pix 501 firewall and a Windows 2003 Domain with Active Directory. I'm thoroughly confused, don't know whether the configuration should take place in the domain or the pix. Would appreciate any help on this issue.

This is the first time for me so would appreciate step by step explanation.

Thanks in advance,

Frank
0
Comment
Question by:falp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 8

Expert Comment

by:Jay_Gridley
ID: 22623581
I would personnally recommend using the PIX as your VPN terminator. I.e. configure your pix to allow incoming VPN sessions. This way they can securely access your network in general and the fileserver in particular.

I don't have a PIX handy to actually tell you all the seperate steps, so what I would recommend doing is the following.
Use the VPN wizard to setup your Mobile VPN. This should get you started. If you have specific problems you can post your config and I (and the other experts) will help you further.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22623692
I second the motion to use the inherent capabilities of the PIX. You could simply allow remote desktop through the pix to the server by allowing tcp 3389 (or set the server to listen on any other non-standard port... or setup the PIX for remote access VPN. The wizard does walk you through it, but it won't tell you that you need to use a different subnet for the address pool.
Here's a step-by-step command line example
http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a00801e71c0.shtml
0
 

Author Comment

by:falp
ID: 22625359
I still don't understand. Jay's suggestion of just allowing vpn traffic through and leaving WIndows server 2003 to deal with authentication, makes sense, but I just didn't see a way of configuring this in the pix, the vpn wizard ask me to set up a AAA server and I don't know how to set up this. Any help both front would be appreciated.
0
 
LVL 8

Accepted Solution

by:
Jay_Gridley earned 500 total points
ID: 22631565
I would start with just setting up the mobile VPN itself.
Create a local user with which you can test.

After that you can setup the Pix to use Radius for authentication instead. You can use IAS from Microsoft wich is inculded in Windows Server 2003. You can install this through add/remove programs and add windows features.
When you have IAS installed it's only a few commands on the pix to have it use the Windows server for authentication.

If you prefer to do it all in one go this is also possible. Then start with setting up IAS on the Windows server and use this as your AAA server in the vpn wizard.
0

Featured Post

MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

631 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question