Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN Connection Using a PIX 515e to a Single Server

Status
Not open for further replies.
SolidRightOn

SolidRightOn

IS-IT--Management
Jan 3, 2003
1
US
Hello,
I have a client in NJ who wants to setup PIX 515e firewall.
They want to setup a VPN connection for a remote workgroup
in Missouri that will access only one server on their 10.1.1.0 network here in NJ.
The NJ client has two networks, (1) the 10.1.1.0 network where the file server will reside and 2) their internal network which has NO domain server for login purposes.
All workstations and devices have static IPs addresses.

Can I setup NAT to do this.
Does NJ need a server to authenticate the user coming in from Missouri?

Thanks in advance.
 
Sort by date Sort by votes
You can setup a static VPN tunnel from the workgroup to that one server w/o authentication.
 
Upvote 0 Downvote
HI.

What is the connection type of the workgroup in Missouri?
Do all remote workstation connect from their office, or must they have roaming access as well?
Do they have fixed ip/range?
Do the have a firewall? What kind?
What is their connection type (dialup/adsl/leased line)?

What OS is the file server running on?
If this is an MS file server, then using FTP or HTTP (see below) will work better for remote clients then MS file sharing (SMB) protocols, and can be more secure because you can open only the needed ports and have better access control.

I suggest that you install FTP server software on the file server, configure and use it to share the folders that remote users will need, and to define permissions for remote users. This FTP server will only be available for connections from Missouri, not to the whole Internet.
Or you can publish the files by implementing a "parternet" HTTP or HTTPS server in NJ that will accept connections only from Missouri. HTTPS can provide encryption instead of VPN.
Then you can limit access to that FTP server using either simple access-list on the pix and/or VPN. VPN will also encrypt the data and will provide additional authentication.

If you're going to use VPN, you should limit the access for VPN clients to only ftp (TCP port 21) and only to that file server, unless you think otherwise.

> Can I setup NAT to do this?
Can you explain?

> Does NJ need a server to authenticate the user coming in from Missouri?
This is optional.
If you have fix ip in Missouri and using FTP server in NJ, then I think that FTP authentication can be good enough, since you also filter the source ip address.

Bye
Yizhar Hurwitz
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
723
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
614
Johnkite
Johnkite
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
605
intel233
intel233
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
163
WhosYourDiffie
WhosYourDiffie
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
747
Shmid
Shmid

Part and Inventory Search

Sponsor

Back
Top