Re: PIX 501 VPN RAS

Hi Lutz

This is getting complicated! I had hoped it would be a little easier... I am
thinking that I may start again from the beginning.

If you get a moment could you give me the benefit of your knowledge and
recommend how I should set up a simple VPN.

We have a Win2003 server (if relevant), obviously we have the PIX501 and
Netgear ADSL router.My only requirements are that I must be able to use
Terminal Server and be able to access any drive on any server on our
network.....

Even if it meant buying additional equipment, how would you set up a VPN?

Please.....

Tony




"Lutz Donnerhacke" <lutz@xxxxxxxxxxx> wrote in message
news:slrndq04gk.101.lutz@xxxxxxxxxxxxxxxxxxxxxx
>* POP3.demon.co.uk wrote:
>> I am still a little confused over having to need two fixed public
>> addresses
>>
>> We currently have one fixed IP from the ISP which connects to a Netgear
>> router which acts as a DHCP server and gives out an IP address to the
>> PIX.
>
> So the Pix itself is behind NAT.
> => Forget about PPTP (Windows VPN)
> Forget about L2TP over native IPSec (Windows VPN)
>
> You will need at least a patch for Windows (NAT traversal). Futhermore
> connecting to a NATted server is not supported in Windows.
>
>> I have a diagram off the Cisco site which seems to indicate only one is
>> needed. I do not mean to offend but can you explain why the following
>> will
>> not work (or rather where I am getting confused)
>
> PPTP is not supported by PIX itself. If you want to use a Windows Server
> as
> RAS device, you will need to forward GRE protocol, which does not contain
> any session information. In order to forward this protocol, the PIX must
> know which session refers to a single packet. Because the payload of the
> GRE
> packet is encrypted the only usable value is the IP address. Therefore you
> need a distinct public IP address for such PPTP connections. PIX 7.0
> contains an educated guess algoithm which might remoce this restriction.
>
> L2TP over IPSec is supported by PIX itself. Therefore you can use a single
> address. Unfortunly IPSec is not specified for NAT enviroments, so you
> have
> to use a public address on the PIX. PIX 7.0 does not support L2TP over
> IPSec.
>
> If possible, drop the Netgear router from your setup.


.

Relevant Pages

  • Re: minimum and recommended hardware requirement
    ... SMS Site Server System Requirements ... Windows 2000 Datacenter Server ... Microsoft's SMS 2003 support for server operating systems requires ...
    (microsoft.public.sms.setup)
  • RE: Upgrade Problem
    ... How to Gather Information After a Memory Dump in Windows XP ... If the suggestions do not help, please contact Microsoft Product Support ... | During the final installation stages of upgrading a DC I ... | BSOD for less than one second and then reboots the server ...
    (microsoft.public.windows.server.migration)
  • Re: Application Hang
    ... provide free email support, sorry. ... >> Windows XP Pro system on a network with Celeron CPU (small cpu since ... >> it works as a so called printer server as well). ... >> The system is running a printer which is shared by the whole network, ...
    (microsoft.public.windowsxp.general)
  • RE: Internet Connection Wizard failing at Firewall Config and Secu
    ... You can use the Dcdiag.exe (Domain Controller Diagnostic Tool) included ... in Windows Support Tools to verify the AD status. ... Windows Server 2003 Active Directory Diagnostics, ...
    (microsoft.public.windows.server.sbs)
  • Re: Can SSAS 2005 work in Novell network?
    ... windows account which was used to log on to the local machine. ... the server to the relevant OLAP roles you should be good to go. ... SSAS only supports Windows ... Microsoft Online Community Support ...
    (microsoft.public.sqlserver.olap)