need help, will pay

Discussion in 'Cisco' started by Michael Williams, Apr 29, 2005.

  1. I have a Pix 501 with 3DES, 10 Users license.

    I have a DSL connection to the internet, using PPPoE. Speed is 1.5 up/down.

    I have a small Windows 2003 Server with AD, Exchange, SQL, IIS, FTP, etc.

    I want to have a VPN set up with security formost in mind. I have access to
    the Cisco VPN client. My main goals, in the order:

    1) Security
    2) Remote users can fully act like they are inside my home when connected
    via VPN.

    I need the VPN part configured and am willing to pay via PayPal, for help.

    If interested, let me know.

    Todd
     
    Michael Williams, Apr 29, 2005
    #1
    1. Advertisements

  2. :I have a Pix 501 with 3DES, 10 Users license.
    :I have a DSL connection to the internet, using PPPoE. Speed is 1.5 up/down.
    :I have a small Windows 2003 Server with AD, Exchange, SQL, IIS, FTP, etc.

    :I want to have a VPN set up with security formost in mind. I have access to
    :the Cisco VPN client. My main goals, in the order:

    :1) Security
    :2) Remote users can fully act like they are inside my home when connected
    :via VPN.

    :I need the VPN part configured

    The Pix Device Manager (PDM) should be able to set this up for you
    with little difficulty.
     
    Walter Roberson, Apr 29, 2005
    #2
    1. Advertisements

  3. |In article <>,
    |:I have a Pix 501 with 3DES, 10 Users license.

    |:I need the VPN part configured

    |The Pix Device Manager (PDM) should be able to set this up for you

    Log in to PDM -- https:// to the IP of the PIX.
    Go through the login procedure. Wait for it to load your configuration.

    Then, look right at the top at the menu bar. Choose the Wizards menu,
    and the VPN Wizard from there. When the VPN Wizard comes up, click
    the 'Remote Access VPN' radio box, leave the interface as outside,
    then click Next. If you are intending to have the others connect using
    the Cisco VPN client, leave the radio box at the first entry
    (release 3 or later) and Next.
    Fill in an arbitrary group name -- this
    group name will be needed by the VPN client to log in, so make it easy
    to remember. Fill in a Group Password, confirm it, Next.
    Leave "Enable Extended Client Authentication" checked, but in the
    AAA Server Group dropbox, go to LOCAL instead of RADIUS or TACACS;
    then Next.

    Create some users on the next screen... you should probably change
    their privilege level to "Monitor Only (3)" in the dropbox. When you
    have enough users created, Next.

    Put in an address pool name, and put in start and end addresses.
    These addresses *must* be in a range different than your inside IPs --
    it is crucial that the inside IPs think of the IPs as being "outside".
    It is fine, though, for these IPs to be in a RFC 1918 private range. Next.

    Fill in DNS server, WINS server, domain name. In order for the users
    to see your network "just like" they were inside, you MUST have a WINS
    server... [unless, that is, your users are all going to use LMHOSTS to
    resolve everything in your network {i.e., not practical.}] Next.

    Choose an encryption such as 3DES SHA Group 2, or AES-128 SHA Group 5.
    Next.

    Choose an encryption and authentication on this new window. Trust me,
    they are used for different purposes than the previous window... but it's
    probably easiest to use whatever you used on the previous window. Next.

    On the Address Translation Exemption page, in the IP address box,
    fill in your inside IP network (e.g., 192.168.49.0) and choose the
    appropriate Mask, and then click >> so it shows up on the right-hand
    side. Then you -might- want to Enable Split Tunneling... or not.
    Split Tunneling is more convenient for your users, but less safe for you.

    Now click Finish and wait for the PDM to make the appropriate changes.

    After that, you may wish to click on the Save icon at the top.
     
    Walter Roberson, Apr 29, 2005
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.