LAN Access via Cisco Concentrator 3005 1

[andy5446]

The setup we currently have is a cisco concentrator 3005 infront of a Cyberguard firewall.
We have the users connect to the concentrator and authenticate via a radius server.
We would like the users to be able to browse the LAN with their usual access through the VPN.
On the concentrator a DHCP server can be specified and was thinking I could use that to gain IP's and the relevant DNS and Wins settings.
The other option was to input the DNS and WINS details at the client.
The cisco concentrator has the ability to assign IP's but that is as far it goes.
The main question I have which is relevant for either way I go, is what ports do I require opening on the firewall for DNS and WINS and any relevant DHCP traffic enabling users to access and browse the lan as normal

Thanks for your help

 

[dopehead]

>The cisco concentrator has the ability to assign IP's but >that is as far it goes.
No it's not, the concentrator can provide the wins/dns domain name for for your group and assign it to the client.

Maybe you have an old software in your concentrator, maybe in your clients ?

You can apply all these setting under each group in the c3005.
If it's a W2k environment, you only need dns, udp 53.

Hope this helps
Jan

 

[andy5446]

Jan,
Thanks for the reply - I was nt aware the 3005 could assign the DNS and WINS - is that configured in the IPSEC group area of the concentrator.
It is mixed enviroment not just a W2k.
Im assuming then : configure the concentrator to assign the ips to the relevant group and with the ips of the DNS and WINS on the corporate network, that will be sufficient to browse the network.
How is the users access to particular shares configured? - with regards to there usual access they have in the office as there is no point that the user logs onto the domain.

Again thanks for your help

 

[dopehead]

Well, if you configure Wins and DNS, it will work in both nt/w2k setup's. The user see any difference in his login sequence on win2k as long as you enable "start before logon" in the vpn client. If you do not wan't the client to logon to the domain and into a local profile instead, you can just do a .bat or script that maps his drives after the vpn client is started.

Jan

 

[andy5446]

Jan,
Thanks again, I noticed the 'start before login'....will that be the same as the user logging onto the domain at work thus giving all the required access he/she currently has.
Also we do have some users that would like to use home p.c.s with the vpn client installed obviously not having the ability to log onto the domain at work is this where we would have to maybe use scripts/.bat files to map drives or even get them to log onto the domain.

 

[dopehead]

Correct, if you use start before logon, you will get the same scenario is if you we're situated on the local lan at the company.

Good luck
Jan

 

[andy5446]

Jan,
Excellant thanks......On the assigning the WINS & DNS for the clients via the concentrator 3005, I have looked at the admin guide (I have nt got access to the box at the moment) and cant seem to find anything on the concentrator assigning the clients DNS & WINS on connection.

Sorry about the delay in responses.I'm in the U.K. 5 hours ahead!!!

Andy

 

[dopehead]

It's an option under client options in the group setup.

http://www.cisco.com/en/US/products...on_guide_chapter09186a008015ce2d.html#1756983

This should give you all the options you need.
Jan