Using Win2003 VPN server behind PIX 501

[adarmus]

I want to allow remote access to our LAN, if possoble just using Windows 2003 VPN Server and the built-in WinXP VPN client (had this working before but now upgraded firewall to a PIX).

Can I use a Windows 2003 VPN server that is behind a PIX 501? As this isn't discussed in this forum is this unadvisable for some reason?

Do I just NAT the Win2003 server to an external IP and set up an ACL to allow PPTP through.
Do I need to set the VPN System Option to "Bypass access check for PPTP traffic"? (Instead of the ACL entry?)

Thanks, Adam

 

[boymarty24]

The pix501 supports pptp connections. So you dont need to setup the 2003 server as Remote access server. You can let the pix do that for you.

 

[adarmus]

Thanks, but if I do that, the remote user has to log in once to the PIX, then login again to access hosts on the remote domain. And then I have to set up LMHOST entries on the client to be able to access remote hosts by name.

Unless there are ways round these issues?

 

[boymarty24]

Never used xp pptp that much so i cant give any good advice there.

But if you want to let pptp thru remember to make a static and create the right access-lists.
Then you need to enable fixup protocol pptp 1723

 

[Supergrrover]

Try this link

http://www.cisco.com/en/US/products...erence_chapter09186a00801727ae.html#wp1083965

There are some examples lower down. You can authenticate the VPN against IAS on the windows server and supply a WINS and DNS server to the client. That will fix the lookup by name issue.

Create shortcuts in Windows that user different user credentials that are saved.


Brent
Systems Engineer / Consultant
CCNP, CCSP

 

[adarmus]

Brilliant, thats a great help.

Adam