I've completed basic configuration of a pix501 - at least it works - but now want to add remote access previously supplied by PPTP to a RRAS server on the lan want to loose the RRas server.
Router----Pix---Internal 192.168.0.0 NT4 Lan with Web/Exchange Servers. Router previously supplied nats now routing address group inside.
external Pix ip 202.101.109.30 internal 192.168.0.3
202.101.109.26 xlated to Web Server
202.101.109.27 xlated to Exchange Server
202.101.109.28-29 NATs for inside out internet access
202.101.109.30 PAT for inside out overflow
Now I'm ready to re-establish remote access with better than PPTP security. We will be moving to Win2k next year.
No internal dns...will set up later.
Questions: 1. Do I need Tacas,Radius,SSH on an inside server to establish encryption/authentication or can I set the PIX up, say with Cisco VPN Client 3.0 at the remote, to terminate and then gain access loging on to the LAN as a client?
2. If latter which is best way for security and how do I configure the PIX to be the tunnel end - i.e. handleing authentication /encryption. I'm leaning to IPSEC with an
address pool of 192.168.1.1-15
3. Is there a quick way to test from the office or do I need to be two places at once...home/office.
I would like to get this done asap as boss is pushing for his remote access.
Thanks in advance for any help.
By the way...
to get an exchange server running inside pix don't forget reverse dns on the outside dns server - 2 weeks
work to figure that one out.
To get everything functioning don't forget to clear the arp cache on the router...1 day to figure that out...
Tks again.
The more I know...the dumber I get.
snrtech
Router----Pix---Internal 192.168.0.0 NT4 Lan with Web/Exchange Servers. Router previously supplied nats now routing address group inside.
external Pix ip 202.101.109.30 internal 192.168.0.3
202.101.109.26 xlated to Web Server
202.101.109.27 xlated to Exchange Server
202.101.109.28-29 NATs for inside out internet access
202.101.109.30 PAT for inside out overflow
Now I'm ready to re-establish remote access with better than PPTP security. We will be moving to Win2k next year.
No internal dns...will set up later.
Questions: 1. Do I need Tacas,Radius,SSH on an inside server to establish encryption/authentication or can I set the PIX up, say with Cisco VPN Client 3.0 at the remote, to terminate and then gain access loging on to the LAN as a client?
2. If latter which is best way for security and how do I configure the PIX to be the tunnel end - i.e. handleing authentication /encryption. I'm leaning to IPSEC with an
address pool of 192.168.1.1-15
3. Is there a quick way to test from the office or do I need to be two places at once...home/office.
I would like to get this done asap as boss is pushing for his remote access.
Thanks in advance for any help.
By the way...
to get an exchange server running inside pix don't forget reverse dns on the outside dns server - 2 weeks
work to figure that one out.
To get everything functioning don't forget to clear the arp cache on the router...1 day to figure that out...
Tks again.
The more I know...the dumber I get.
snrtech