Setup VPN using PIX and windows 2003 Server

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi Experts,

Can some one point me in the right direction how to create a Vpn using
Win2k3 Server behind Cisco pix (with 3 interfaces) using l2tp/ipsec. any
advise on good and secure architecture for this VPN will be appreciated.

I have already tested using PPTP in lab which works. But I am not sure if
this is good approach i.e. having a vpn server in LAN and opening pix to
VPNserver box for PPTP traffic and GRE

thanks
 
Since you have setup PPTP pass through the PIX, it is easy to setup l2tp/ipsec. The below are the ports you may need to open. However, I would use PIX buil-in VPN instead of Windows VPN.

Quoted from http://www.howtonetworking.com/vpnsetup.htm
Which ports need to be opened for running VPN

A: PPTP VPN uses TCP Port 1723, IP Protocol 47 (GRE); L2TP: UDP Port 1701; IPSec: UDP Port 500, Pass IP protocol 50 and 51. Note: 47 is a protocol number and not TCP port. The protocol name is GRE. It'll make a big difference when configuring your firewall or router.

Don't send e-mail or reply to me except you need consulting services. Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, Remote Access on http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.

Hi Experts,

Can some one point me in the right direction how to create a Vpn using
Win2k3 Server behind Cisco pix (with 3 interfaces) using l2tp/ipsec. any
advise on good and secure architecture for this VPN will be appreciated.

I have already tested using PPTP in lab which works. But I am not sure if
this is good approach i.e. having a vpn server in LAN and opening pix to
VPNserver box for PPTP traffic and GRE

thanks
 
Thanks for the reply. The ports for l2tp/ipsec are already open. Can you
please tell or point to a resource that what is the best way to deploy this
kind of solution.
1) should I direct traffic from pix to VPN server in lan
2) or should i direct traffic from pix to dmz interface of VPN server and
then from DMZ interface to LAN interface.

Basically i am looking for various deployment scenarios.
thanks
 
Back
Top