Solved

CISCO Pix 501 and Windows Server 2003 VPN Configuration

Posted on 2008-10-02
4
492 Views
Last Modified: 2012-05-05
Hello,

I have the need to allow remote users access to one of our file servers in our internal network. We use a Cisco Pix 501 firewall and a Windows 2003 Domain with Active Directory. I'm thoroughly confused, don't know whether the configuration should take place in the domain or the pix. Would appreciate any help on this issue.

This is the first time for me so would appreciate step by step explanation.

Thanks in advance,

Frank
0
Comment
Question by:falp
  • 2
4 Comments
 
LVL 8

Expert Comment

by:Jay_Gridley
ID: 22623581
I would personnally recommend using the PIX as your VPN terminator. I.e. configure your pix to allow incoming VPN sessions. This way they can securely access your network in general and the fileserver in particular.

I don't have a PIX handy to actually tell you all the seperate steps, so what I would recommend doing is the following.
Use the VPN wizard to setup your Mobile VPN. This should get you started. If you have specific problems you can post your config and I (and the other experts) will help you further.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22623692
I second the motion to use the inherent capabilities of the PIX. You could simply allow remote desktop through the pix to the server by allowing tcp 3389 (or set the server to listen on any other non-standard port... or setup the PIX for remote access VPN. The wizard does walk you through it, but it won't tell you that you need to use a different subnet for the address pool.
Here's a step-by-step command line example
http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a00801e71c0.shtml
0
 

Author Comment

by:falp
ID: 22625359
I still don't understand. Jay's suggestion of just allowing vpn traffic through and leaving WIndows server 2003 to deal with authentication, makes sense, but I just didn't see a way of configuring this in the pix, the vpn wizard ask me to set up a AAA server and I don't know how to set up this. Any help both front would be appreciated.
0
 
LVL 8

Accepted Solution

by:
Jay_Gridley earned 500 total points
ID: 22631565
I would start with just setting up the mobile VPN itself.
Create a local user with which you can test.

After that you can setup the Pix to use Radius for authentication instead. You can use IAS from Microsoft wich is inculded in Windows Server 2003. You can install this through add/remove programs and add windows features.
When you have IAS installed it's only a few commands on the pix to have it use the Windows server for authentication.

If you prefer to do it all in one go this is also possible. Then start with setting up IAS on the Windows server and use this as your AAA server in the vpn wizard.
0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco USB console Windows 8.1 unable to open serial port 4 75
Change name on 7940 Cisco UM 10 59
Edge switch problems cisco 2960 25 48
Static Route on Cisco ISR 4431's 4 30
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question