CISCO Pix 501 and Windows Server 2003 VPN Configuration

Hello,

I have the need to allow remote users access to one of our file servers in our internal network. We use a Cisco Pix 501 firewall and a Windows 2003 Domain with Active Directory. I'm thoroughly confused, don't know whether the configuration should take place in the domain or the pix. Would appreciate any help on this issue.

This is the first time for me so would appreciate step by step explanation.

Thanks in advance,

Frank
falpAsked:
Who is Participating?
 
Jay_GridleyCommented:
I would start with just setting up the mobile VPN itself.
Create a local user with which you can test.

After that you can setup the Pix to use Radius for authentication instead. You can use IAS from Microsoft wich is inculded in Windows Server 2003. You can install this through add/remove programs and add windows features.
When you have IAS installed it's only a few commands on the pix to have it use the Windows server for authentication.

If you prefer to do it all in one go this is also possible. Then start with setting up IAS on the Windows server and use this as your AAA server in the vpn wizard.
0
 
Jay_GridleyCommented:
I would personnally recommend using the PIX as your VPN terminator. I.e. configure your pix to allow incoming VPN sessions. This way they can securely access your network in general and the fileserver in particular.

I don't have a PIX handy to actually tell you all the seperate steps, so what I would recommend doing is the following.
Use the VPN wizard to setup your Mobile VPN. This should get you started. If you have specific problems you can post your config and I (and the other experts) will help you further.
0
 
lrmooreCommented:
I second the motion to use the inherent capabilities of the PIX. You could simply allow remote desktop through the pix to the server by allowing tcp 3389 (or set the server to listen on any other non-standard port... or setup the PIX for remote access VPN. The wizard does walk you through it, but it won't tell you that you need to use a different subnet for the address pool.
Here's a step-by-step command line example
http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a00801e71c0.shtml
0
 
falpAuthor Commented:
I still don't understand. Jay's suggestion of just allowing vpn traffic through and leaving WIndows server 2003 to deal with authentication, makes sense, but I just didn't see a way of configuring this in the pix, the vpn wizard ask me to set up a AAA server and I don't know how to set up this. Any help both front would be appreciated.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.