Newbie Question - WIndows VPn Client to Pix 500 series firewall

Discussion in 'Cisco' started by Bugsy, Nov 29, 2003.

  1. Bugsy

    Bugsy Guest

    We have a 500 series firewall which is already providing a VPN to another
    site which is also using a PIX firewall so I now the device supports certain
    types of VPN

    My question is this. Can I use the same firewall to allow Windows clients to
    set-up a VPN with it?

    For example, a remote user will launch their Windows 2k VPN connection and
    point it to the PIX.

    If this is possible, can anyone point me in the direction of some
    configuration examples?

    I've searched but can't seem to find anything relevant.

    Thanks,

    Bugsy
     
    Bugsy, Nov 29, 2003
    #1
    1. Advertising

  2. Bugsy

    Bugsy Guest

    Just tried another search using different keywords "windows pix vpn" and
    found a document which I hadn;t seen before.

    See below...

    http://www.cisco.com/en/US/products...s_configuration_example09186a0080143a5d.shtml

    This maybe the answer to my own question!

    Bugsy

    "Bugsy" <> wrote in message
    news:bq9u66$5h5$...
    > We have a 500 series firewall which is already providing a VPN to another
    > site which is also using a PIX firewall so I now the device supports

    certain
    > types of VPN
    >
    > My question is this. Can I use the same firewall to allow Windows clients

    to
    > set-up a VPN with it?
    >
    > For example, a remote user will launch their Windows 2k VPN connection and
    > point it to the PIX.
    >
    > If this is possible, can anyone point me in the direction of some
    > configuration examples?
    >
    > I've searched but can't seem to find anything relevant.
    >
    > Thanks,
    >
    > Bugsy
    >
    >
     
    Bugsy, Nov 29, 2003
    #2
    1. Advertising

  3. In article <bq9u66$5h5$>,
    Bugsy <> wrote:
    :We have a 500 series firewall which is already providing a VPN to another
    :site which is also using a PIX firewall so I now the device supports certain
    :types of VPN

    :My question is this. Can I use the same firewall to allow Windows clients to
    :set-up a VPN with it?

    :For example, a remote user will launch their Windows 2k VPN connection and
    :point it to the PIX.

    There is one case that is difficult, but if you can avoid that one
    case then it should be fine.

    The one case that is difficult is if the other site with a PIX has
    a dynamic address and you are using pre-shared keys. If that is
    the setup, then you have to configure no-xauth on the wildcard
    preshared key, and then you can't turn xauth on for the Windows
    clients as their address is also matched by that wildcard.
    If the remote PIX has a fixed address then you could configure
    a preshared key with no-xauth that matches just that address, and
    a different preshared wildcard key for the windows clients.

    Looking at the documentation, I see that you aren't supposed to
    have xauth on anyhow for Windows (including for XP but excluding
    Windows 2000).

    Anyhow, other than this possible problem, you should just go-ahead
    and add in the configuration for the Windows clients pretty much as
    if the site-to-site entries weren't there (but making sure you
    use the same crypto map name, and that you put the crypto-map entries for
    the Windows client as a lower priority [higher number] than the
    site-to-site entries.)
    --
    Take care in opening this message: My grasp on reality may have shaken
    loose during transmission!
     
    Walter Roberson, Nov 29, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. GVB
    Replies:
    1
    Views:
    2,873
    Martin Bilgrav
    Feb 6, 2004
  2. hoser
    Replies:
    2
    Views:
    1,026
    hoser
    Apr 15, 2005
  3. Nick
    Replies:
    2
    Views:
    2,456
  4. Svenn
    Replies:
    3
    Views:
    755
    Svenn
    Mar 13, 2006
  5. D K
    Replies:
    4
    Views:
    492
Loading...

Share This Page