PIX 501 L2TP 2K RADIUS Microsoft VPN Client

[Hockeman]

I’m very new to Cisco Devices and the only think I really know how to do is reset factory defaults and take care of numerous tedious tasks. I’m interested in using the PIX 501 with L2TP to authenticate to a 2000 Radius server using the Microsoft VPN client for Windows 2K. If anyone has any info on how I can do this please let me know. Just for testing purposes I’m using a 10.0.0.0 Network range for external and a 192.168.0.0 range for internal. My Radius server is 192.168.1.100. Thanks guys!!

 

[yizhar]

HI.

If you're going to use MS VPN protocols, and you have a W2K server that you're going to use as part of it, then you can consider using the MS W2K server as the VPN tunnel endpoint (RRAS VPN server) instead of the pix.

If you're going to use the pix as VPN server, I suggest using the Cisco unity IPSEC VPN client.

Here is a list of pix related links, I guess that you'll find many answers there:

http://teachers.sivan.co.il/yizhar/files/pixlinks.htm

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar

 

[Hockeman]

So I just basically NAT The external IP to the internal of the RRAS/Radius Server? Is that a potential security breach?

 

[netwrkr]

>> If you're going to use MS VPN protocols, and you have a W2K server that you're going to use as part of it, then you can consider using the MS W2K server as the VPN tunnel endpoint (RRAS VPN server) instead of the pix.


If you already have a PIX firewall then whats the point of using a Microsoft server as your tunnel end point???



Set up your PIX for LT2P. Once your users VPN to the PIX have them authenticate to your Microsoft IAS (Radius) server:

http://www.cisco.com/warp/public/110/cvpn3k_pix_ias.html

And yes, use the Microsoft client -- the Cisco client sucks!

Tom

 

[Hockeman]

The article that you provided is for the Cisco VPN Client. Do i have to do any modifications to get it to use the Microsoft Client. That is the problem that i'm having. Thanks!