Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Vpn setup help

Hi. I'm planning to setup a network which will look like this:

Internet -> Router (1760) -> Pix (501) -> Intranet

As there are VPN builtin to both the router and the pix, how should I go about to configure my vpn setup to allow remote clients to connect to the intranet resources.

I can currently think of the following solutions:

- Client connects and authenticates with the router, which will then allow the authenticated client access to the intranet resources. Is this possible? How should I configure the PIX to allow this type of traffic in.

- Client connects to the PIX vpn for authentication. Router will do a NAT on the outside interface and route the incoming vpn request to the PIX.

- Use a Windows 2000 VPN server located inside the intranet. Which ports do I need to open on the router's fw and pix? Do I need to do a NAT to translate the public IP to the private ip of the Windows VPN server? Will it look something like

Access-list <number or Name> permit tcp <source IP or ANY> <destination IP or ANY> eq 1723

Access-list <number or Name> permit gre <source IP or ANY> <destination IP or ANY>

Are these solutions feasible, or can the experts here recommend better solutions to me?

Thanks very much, your help will be very much appreciated!

3 REPLIES
Bronze

Re: Vpn setup help

Hi,

My suggestion would be to let the PIX be the VPN peer. If you terminate VPN's on the router your going to have to put holes in your PIX to allow access to intranet resources (MS browsing, HTTP etc..). I'm not a big fan of MS VPN's but that's just my personal opinion.

Couple of questions...

1. How many remote users are going to be connecting? (I believe the 501 will allow 10 vpn connections)

2. Are you having IP's routed down to you from your ISP? (just curious because you mentioned that your going to be NATing on the router)

New Member

Re: Vpn setup help

Hi. Thanks for the reply.

There will not be more than 5 vpn users at any 1 time. I will have a pool of static IPs from my ISPs. I'm really new at this, so I do not really know the best way to go about this.

I'm sorry but what does "Let the PIX be the VPN Peer means"? How will I go about configuring this sort of setup?

Thanks again for the reply.

Bronze

Re: Vpn setup help

Hi,

Here is a few documents that will helps you out. The first link is on VPN's and IPSec. The second is a config example for setting up client to LAN VPN's on a PIX.

http://www.cisco.com/warp/public/105/IPSECpart1.html

http://www.cisco.com/warp/public/110/pix3000.html

Have fun!!

87
Views
0
Helpful
3
Replies