Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Win2k Internet sharing PIX 501 VPN

Status
Not open for further replies.
deadishduck

deadishduck

Technical User
May 6, 2003
2
GB
Hello all,

hope someone can help only just started to play with firewalls.. Anyway I have setup a small Lan (3-4 users)all using Win2k Internet sharing, the Server is linked to a Cisco PIX 501 which is then linked to a Router. Access to the internet is not a problem every thing works fine the problem is that I need at least one user to be able to access the server remotely using Terminal server has anybody got any ideas ? The cisco is set to its deafult config (out-of-box) if anyone can help it would make my year

:((

 
Sort by date Sort by votes
Hi,

I guess you have only one public IP address that you assigned to the outside interface of the PIX. Another possibility is a dynamic assignment of the public IP address assigned by your provider. All client IP addresses (private) behind the PIX inside interface will be translated to this public IP address. In that case you can´t establish a connection from outside to any client on your lokal network. Any client which should be reached from outside must be translated to a dedicated public IP address different to any other used public IP address.
 
Upvote 0 Downvote


well what I want to do is setup a VPN to the server, then use Windows terminal server. Access to the client workstations is not needed just the server. I have installed the Cisco VPN client on the remote workstation. I have also managed to setup the PIX for VPN with users Ect. I have tested the PIX on a LAN just to make sure it worked ok..(access terminal server) next step is the PIX connected to the ADSL router and access from the outside world, I now have a new problem, BT has supplied the router (5861) and ofcource BT being BT have locked it down so tight not even the console port is active. All I want is the router to send everything to the pix. just want the router to be a interface the WEB. can this be done? it works in my head but...

thanks for your help.

deadish
 
Upvote 0 Downvote
HI.

> well what I want to do is setup a VPN to the server, then use Windows terminal server.
For what purpose?
Remote management and support for the server is fine, but don't let a regular user work on the server in TS - read email browse the Inet, etc...

> All I want is the router to send everything to the pix
You'll need to contact your ISP and ask them about your options. If you don't like their answers, you can go with another ISP.
The pix should have a fixed registered ip address if you want to use VPN.

An additional recommended change for your network is to stop using ICS, and connect workstations directly to the pix (not via the W2K server). There is no benefit using ICS the way you currently do.

Bye


Yizhar Hurwitz
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
299
intel233
intel233
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
128
gkittelson
gkittelson
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
367
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
88
WhosYourDiffie
WhosYourDiffie
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
61
xwray
xwray

Part and Inventory Search

Sponsor

Back
Top