Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to set up PIX for VPN

Status
Not open for further replies.
Rookcr

Rookcr

MIS
Aug 12, 2002
325
US
OK this is what I want to do. I want to set up VPN access for myself and 4 other users. I have a Pix 515 with the 56bit DES encrytption. I just installed the Gui interface for the Pix and it has the VPN wizard. Now I am a real novice on this and it starts to ask aboud a radius server so I need the step by step.

Does the pix do the authenticating or can I have one of my W2k servers handle that for me. I know this is a broad question but I am at a loss for a place to start.

Thanks,

Rook
 
Sort by date Sort by votes
HI.

Here is a short roadway for you.

1) Install IAS on one of the W2K servers in the domain.
(Add/Remove programs - Windows Components - Networking).

2) Configure IAS to accept PAP and CHAP authentication -
Look for the "Edit Profile" button in the IAS policy configuration.

3) Add the pix as a RADIUS client in the IAS console.

4) Still in the W2K configuration - Double click a user account in Active Directory Users and Computers, and grant it "Dial In" permission.

5) Now go back to the PDM - VPN wizard at the pix. When asked, create a new AAA group using RADIUS protocol and with the ip of your IAS server .

You will probably have further questions, so you can post them here but please take a look here first:

Bye
Yizhar Hurwitz
 
Upvote 0 Downvote
Great.

What if I am not running active directory?
 
Upvote 0 Downvote
And one other question. If I get this running do I use a cisco client or a windows client. If that is the case where do I get the clients.

Thanks again for your help.
 
Upvote 0 Downvote
Rookcr,

You can still use the IAS server to authenticate users it's basically just RADIUS.

I suggest using the Cisco client there are exact examples for configuring a PIX to allow a Cisco client to connect. Here's a link directly to the client (you'll need a CCO login) if you don't have a CCO login, get one, you'll need it to get to the good Cisco documents.

A better link to Cisco PIX/VPN arcticles is at;

That link has pretty much every way you can connect to a PIX VPN.

post again if you need any further help, I've setup several of these.
 
Upvote 0 Downvote
HI.

> What if I am not running active directory?
No problem, it should be the same.
You just manage the "Local Users and Groups" from Computer Management.

> do I use a cisco client or a windows client?
The Cisco VPN client.

> If that is the case where do I get the clients?
If you do not have a CCO login, then ask your Cisco dealer for it.
It should cose about 50$ but I'm not sure about that.

Bye
Yizhar Hurwitz
 
Upvote 0 Downvote
Rookcr: Would there be anyway I could get a copy of the GUI software for the pix. I cannot seem to get it off the Cisco site. I'm having trouble setting up a VPN also and think it would help out. e-mail me to let me know thanx
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
726
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
617
Johnkite
Johnkite
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
750
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
163
WhosYourDiffie
WhosYourDiffie
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
555
XLNTech1
XLNTech1

Part and Inventory Search

Sponsor

Back
Top