PIX 501 VPN question

[g8qypr]

What is the best way to setup the VPN on a PIX 501 with a Windows 2000 Server running AD, DNS, and Routing and Remote Access.

I will require my clients to have Windows 2000 or Windows XP to connect to the VPN and get access to the network shares. So, I have been trying a setup with PPTP and I was thinking about the Remote Desktop Connection feature.

If you have experience with a similar configuration, help is great.

Thanks,

Nick

 

[LloydSev]

The best way is to setup Internet Authentication Service on the Win2k server, and use that as your RADIUS server.

in the vpdn group you are using on the pix

set authentication to radius instead of local
you no longer need to identify a username or password on the pix, as it is done through the radius with AD.

here's my config for pptp.

access-list 101 permit ip 193.100.3.0 255.255.255.0 193.100.3.224 255.255.255.224
access-list 101 permit ip 193.100.1.0 255.255.255.0 193.100.3.224 255.255.255.224
ip local pool cssbh3 193.100.3.245-193.100.3.254
nat (inside) 0 access-list 101
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server RADIUS (inside) host cssnt03 <mypassword> timeout 10
sysopt connection permit-pptp
vpdn group 1 accept dialin pptp
vpdn group 1 ppp authentication mschap
vpdn group 1 ppp encryption mppe auto required
vpdn group 1 client configuration address local cssbh3
vpdn group 1 client configuration dns cssnt01 cssnt03
vpdn group 1 client configuration wins cssnt01
vpdn group 1 client authentication aaa RADIUS
vpdn group 1 client accounting RADIUS
vpdn group 1 pptp echo 60
vpdn enable outside


Computer/Network Technician
CCNA

 

[g8qypr]

LloydSev somehow I knew you would be the one to answer and help me out, thanks. We seem to be doing similar things based on all your posts.

I will give this a try and post back.