Re: VPN USERS
From: Julian Dragut (julianmd_at_groups.com)
Date: 02/16/05
- Next message: Julian Dragut: "Re: VPN USERS"
- Previous message: Steven L Umbach: "Re: Backup and restore Win2k Member server Local groups"
- In reply to: Steven L Umbach: "Re: VPN USERS"
- Next in thread: Julian Dragut: "Re: VPN USERS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 15 Feb 2005 19:12:51 -0500
Hi Steven,
As usual your quality and prompt responses are truly helpful, thank you.
The setup is a little more complex than what I presented to make my problem
easyer, but....PIXes are VPN-ed Site to Site to all my domain sites and the
data center, two by two for redundancy, and it's been tested, the best
perfomance and reliability for vpn-ing is the cisco vpn client, so after
years of using it without any probs, that would be a hard task for me to
convince them to change it to win native software.
I could make the vpn connection through the pix transparent and the users
would be able to surf the net , but then I would expose the network to the
home and mobile pc's infected with all kinds of bs; therefore my only
solution is to find out how to give them access by
using ISA as webproxy.
Thank you,
"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:ejnxx$xEFHA.3908@TK2MSFTNGP12.phx.gbl...
> Since you are using ISA 2004 I would not use the PIX for VPN or for DHCP.
> Just have it allow pptp/l2tp traffic to the ISA 2004 server and configure
> ISA as the VPN server, starting out with pptp before you try to implement
> l2tp and if do want to try l2tp start with preshared key [if using XP Pro]
> to make sure it works. Use the built in Windows VPN client to connect to
> the ISA 2004 server - not the Cisco. ISA 2004 installs in a locked down
> mode, so you need to configure access for VPN clients by access rules. ISA
> 2004 will allow VPN users to access the internet with the proper access
> rules also. Pptp requires the use of port 1723 TCP and protocol 47/GRE.
> The ISA 2004 logs can be helpful when trying to grant access by seeing
> what traffic is being blocked. The links below may help. --- Steve
>
> http://www.isaserver.org/articles/2004vpnserver.html
> http://www.microsoft.com/seminar/events/series/isaserversecurity.mspx
> http://www.microsoft.com/technet/community/events/isa/tnt1-125.mspx
>
> "Julian Dragut" <julianmd@groups.com> wrote in message
> news:cQdQd.27017$Sw6.846421@weber.videotron.net...
>> Hi,
>>
>> I have a LAN with 192.168.0.0/24 which is protected by a Cisco PIX
>> Firewall, and the internal interface is 192.168.0.1.
>> I have implemented ISA 2004 for testing inside the network and I have
>> setup a few users with firewall client (with autodiscovery and stuff) so
>> they're (test clients) are NAt-ed by the ISA before they reach the PIX.
>>
>> PIX Firewall comes with a VPN Software, and I have set it up to mobile
>> users so they can connect from outside and access resources. By default,
>> PIX Firewall doesn't allow outbound connection through the same interface
>> the inbound connection was initially made; therefore, the mobile clients
>> once connected they cannot browse the internet (in my case they cannot
>> use our email server, which is hosted outside the company), so I am
>> looking at a way to set ISA up as gateway for them. The mobile clients
>> take their ip addresses from the PIX firewall as 192.168.254.1-10. I have
>> set up all kind of combinations for them, they still cannot ping ISA nor
>> browse the net as webproxy clients.
>> Am I missing something here?
>>
>> Thanks,
>>
>> Julian Dragut
>>
>
>
- Next message: Julian Dragut: "Re: VPN USERS"
- Previous message: Steven L Umbach: "Re: Backup and restore Win2k Member server Local groups"
- In reply to: Steven L Umbach: "Re: VPN USERS"
- Next in thread: Julian Dragut: "Re: VPN USERS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
