Setup VPN using PIX and windows 2003 Server

G

Guest

Hi Experts,

Can some one point me in the right direction how to create a Vpn using
Win2k3 Server behind Cisco pix (with 3 interfaces) using l2tp/ipsec. any
advise on good and secure architecture for this VPN will be appreciated.

I have already tested using PPTP in lab which works. But I am not sure if
this is good approach i.e. having a vpn server in LAN and opening pix to
VPNserver box for PPTP traffic and GRE

thanks
 
R

Robert L [MS-MVP]

Since you have setup PPTP pass through the PIX, it is easy to setup l2tp/ipsec. The below are the ports you may need to open. However, I would use PIX buil-in VPN instead of Windows VPN.

Quoted from http://www.howtonetworking.com/vpnsetup.htm
Which ports need to be opened for running VPN

A: PPTP VPN uses TCP Port 1723, IP Protocol 47 (GRE); L2TP: UDP Port 1701; IPSec: UDP Port 500, Pass IP protocol 50 and 51. Note: 47 is a protocol number and not TCP port. The protocol name is GRE. It'll make a big difference when configuring your firewall or router.

Don't send e-mail or reply to me except you need consulting services. Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, Remote Access on http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.

Hi Experts,

Can some one point me in the right direction how to create a Vpn using
Win2k3 Server behind Cisco pix (with 3 interfaces) using l2tp/ipsec. any
advise on good and secure architecture for this VPN will be appreciated.

I have already tested using PPTP in lab which works. But I am not sure if
this is good approach i.e. having a vpn server in LAN and opening pix to
VPNserver box for PPTP traffic and GRE

thanks
 
G

Guest

Thanks for the reply. The ports for l2tp/ipsec are already open. Can you
please tell or point to a resource that what is the best way to deploy this
kind of solution.
1) should I direct traffic from pix to VPN server in lan
2) or should i direct traffic from pix to dmz interface of VPN server and
then from DMZ interface to LAN interface.

Basically i am looking for various deployment scenarios.
thanks
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Windows 2000 RRAS and ipSEC /L2TP VPN 1
VPN and "No logon servers available" error 5
Can't get L2TP VPN working with NAT...PPTP works fine 4
Help with Site-to-site VPN using 2k3 RRAS 2
VPN failure for only one client. XP SP3 -> 2003 ISA server 2
Problem connecting OSX and Vista Clients to Win2k3 L2TP VPN Server 0
windows server 2003 required for L2TP VPN? 1
VPN on Windows Server 2003 behind a D-Link DI-524 Router 5

Top