VPN from remote client to the PIX

[HUANGDI]

Hi All,

Is it necesary to have both or either the wins or dns server for VPN. According to this template it looks for eith of the 2.

ip local pool vpnclients 192.168.48.20 -192.168.48.25

access-list nonat permit ip 192.168.10.0 255.255.255.224 192.168.100.0 255.255.255.0
access-list nonat permit ip 10.1.1.0 255.255.255.224 192.168.100.0 255.255.255.0

nat (inside) 0 access-list nonat
nat(dmz) 0 access-list nonat
sysopt connection permit-ipsec

crypto ipsec transform-set clients esp-des esp-md5-hmac
crypto dynamic-map newmap 10 set transform-set clients
crypto map mymap 100 ipsec-isakmp dynamic clients
crypto map mymap inertace outside
isakmp enable outside
isakmp policy 10 auth pre-share
isakmp policy 10 enc des
isakmp policy hash md5
isakmp policy group 2
isakmp policy lifetime 86400

then you need to add the comnd to push informtion to the clients.

vpngroup ( group name) address-pool vpnclients
vpngroup ( group name) dns-server ( ip address of dns server)
vpngroup (group name) wins-server ( ip address of wins server)
vpngroup ( group name) default-domain (domain name)
vpngroup (group name) password ( desired password for the group)

 

[charcarson]

No, you do not need DNS or WINS, however, they are helpful if you need name resolution inside the VPN.

 

[HUANGDI]

charcarson,

Thanks, peace.

But once inside the enterprise, how does the VPN client access the workgroup assets for services?