Hello, using the following commands, I had configured packets to proxy pptp client connection to internal win2k server. This was working with one to one mapping at other customer, but this customer has only 1 global ip address so I had to do port redirection for this to work, but this did not work out, as the vpn clients were not connecting.
conduit permit gre host a.b.c.d any ( where a.b.c.d is global ip )
So I had configured pptp on pix firewall itself using vpdn group commands, but the customer is saying if u give only 1 username and password for vpn tunnel, its a security threat, so he wants to use internal Windows 2000 server's radius capability to authenticate, vpdn tunnel. I found a command vpdn client authentication radius ( Instead of local ) but could not find ariticle on configuring aaa to use radius for the purpose of vpdn. Pls advice where to find the doc, if none is available pls guide with the commands. Thanks in advance.
vpdn group 1 client authentication aaa my-aaa-server-group
vpdn group 1 ppp encryption mppe auto required
vpdn group 1 client configuration address local my-addr-pool
vpdn enable outside
Note the keyword "my-aa-server-group" that maps the PPTP authentication to the Radius server details. In this example the Radius server is at 192.168.0.10 and the key is 12345678. Note also that this config requires the client to do MPPE encryption, but unless the Radius server handles MPPE keys, which I don't think the Win2K server does, you won't be able to do this.
You might want to tell your customer that if his Radius server doesn't handle returning MPPE keys, he won't be doing any encryption of his data, which is an awful lot less secure than having the usernames on the PIX itself which does handle MPPE.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...