Question about Cisco PIX 501 Firewall

1 Answer

How to connect to my PIX 501 and use Windows Remote Desktop?

I run a windows server 2003 standard sp3 dell poweredge sc440 server, with Active Directory Domain Services and it is connected to the internet and network through Verizon DSL modem (without Routing Capabilities), Cisco Pix 501 firewall, Cisco Catalyst 2950 24-port Switch. i Believe the server is running RAS and Possibly Terminal Services. I know the IP address, and the windows and cisco firewall(s) both have port 3389 open. the configuration is correct as it was setup by an IT pro. but i had to reinstall my laptop, and now i have lost remote access and i do not know what information i need in order to connect to the server. i have administrator password for the server and acces to the server and firewall/switch through telnet. i dont know how to get to the pdm either. can someone explain what information i must use to open pdm and also what info i need to open/use remote desktop. the server is running dhcp services if that helps any. i also installed cisco vpn client on the laptop but it is unconfigured. someone said i need a radius/tac to use vpn... i dont have the slightest idea what a tac is but i know radius is a sort or tunnel encryption, and i dont know where i can find my radius info.
here is the firewall config data

PIX Version 6.3(1)
interface ethernet0 10full
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password *x*x*x*x*x*x encrypted
passwd *x*x*x*x*x*X encrypted
hostname BronxFW
domain-name ciscopix.com
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521

names

object-group service RemoteAccess tcp
port-object eq 3389
port-object eq ssh
access-list 101 permit ip 192.168.1.0 255.255.255.0 10.107.2.0 255.255.255.0
access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list 100 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list 102 permit tcp any interface outside object-group RemoteAccess
access-list 102 permit icmp any any
access-list 105 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
pager lines 24
logging on
logging timestamp
logging console debugging
logging buffered debugging
mtu outside 1500
mtu inside 1500
ip address outside 71.249.211.79 255.255.255.0
ip address inside 192.168.1.254 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool test 10.107.2.1-10.107.2.254
ip local pool Group1 192.168.1.30-192.168.1.40
pdm location 192.168.2.0 255.255.255.0 outside
pdm location 192.168.1.103 255.255.255.255 inside

pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list 101
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface 3389 192.168.1.123 3389 netmask 255.255.255.255 0 0
access-group 102 in interface outside
route outside 0.0.0.0 0.0.0.0 71.249.211.79 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community dml
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
sysopt connection permit-pptp

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto dynamic-map dynmap 20 set transform-set myset

crypto map vpn 10 ipsec-isakmp
crypto map vpn 10 match address 100
crypto map vpn 10 set peer 68.161.247.177
crypto map vpn 10 set transform-set myset
crypto map vpn 20 ipsec-isakmp dynamic dynmap

crypto map vpn client configuration address initiate

crypto map vpn client configuration address respond

crypto map vpn interface outside
isakmp enable outside
isakmp key amadeus address 68.161.247.177 netmask 255.255.255.255
isakmp identity address
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
vpngroup vpndml address-pool test
vpngroup vpndml dns-server 192.168.1.20
vpngroup vpndml split-tunnel 101
vpngroup vpndml idle-time 1800
vpngroup vpndml password *********
telnet 192.168.1.0 255.255.255.0 inside
telnet 10.107.2.0 255.255.255.0 inside
telnet timeout 5
ssh 68.197.144.89 255.255.255.255 outside
ssh 10.107.2.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
vpdn group PPTP-VPDN-GROUP accept dialin pptp

vpdn group PPTP-VPDN-GROUP ppp authentication pap

vpdn group PPTP-VPDN-GROUP ppp authentication chap

vpdn group PPTP-VPDN-GROUP ppp authentication mschap

vpdn group PPTP-VPDN-GROUP ppp encryption mppe 40

vpdn group PPTP-VPDN-GROUP client configuration address local Group1
vpdn group PPTP-VPDN-GROUP client configuration dns 192.168.1.15
vpdn group PPTP-VPDN-GROUP pptp echo 60
vpdn group PPTP-VPDN-GROUP client authentication local
vpdn username vpn1 password test
vpdn enable outside
vpdn enable inside
dhcpd dns 151.202.0.85 151.203.0.85
dhcpd lease 3600
dhcpd auto_config outside
terminal width 80
Cryptochecksum: *********
end

please don't hack my server, I will lose my Job! lol

Posted by Anonymous on

  • Gopi Venkatesan
    Gopi Venkatesan May 11, 2010

    1. Before formatting what was the ip address given to your laptop, and now what is the ip address you are using.

    2. Earlier you were able to take PDM Access or not?

    3. TACACAS - Terminal Access Control Access Control Server which is an alternate protocol for RADIUS

  • Mark Carnahan May 11, 2010

    Let me clear up a few things...



    1) You don't need RADIUS or TACACS+ in order to use the VPN. RADIUS stands for Remote Authentication Dial In User Service and is simply used to authenticate remote connections. It is also often used to authenticate network access at the switch level. TACACS+ or tac as you referred to it is an authorization and accounting protocol/server for controlling who can enter what commands on a network device.



    From the config you posted it doesn't appear as if either RADIUS or TACACS+ is configured. But that's okay because you can use the Local user database on the PIX to authenicate the VPN.



    2) It looks as though the http server is not running on the PIX. Go ahead and access the PIX either through telnet or SSH and enter the following:



    enable (you'll be prompted for the enable password)



    conf t



    http server enable



    http 0.0.0.0 0.0.0.0 inside



    exit



    copy run start



    Now from a computer on the inside of the network, open up a browser and enter the ip address of the inside interface on the PIX (http://192.168.1.254) That should give you access to PDM on the inside interface.



    If you are trying to open PDM on the Outside interface, first off, I wouldn't advise it, but it can be done by adding the following command.



    http 0.0.0.0 0.0.0.0 outside


    3) I'm not sure how you used to connect to the remote desktop, but I'm guessing that you would connect to the VPN and then launch and RDP session. Is that correct?



    If so, I think you would need to enter 192.168.1.123 into the address field of the RDP Client. Otherwise, you would just need to enter the actual address of the server, but it appears as though there is a static nat configured and the address listed above is linked to the server.



    4) The VPN client's configuration is going to be a little more tricky as you'll need to have the password for the vpn client group.



    Right now it looks like the vpn clients group name is: PPTP-VPDN-GROUP but the password is hidden for obvious reasons. However it looks as though the username is vpn1 and the password is test. For the host ip address you would need to put in the outside interfaces ip address which is 71.249.211.79.



    This probably won't fix all the problems, but should get you a step closer. Repost and let me know if you need any other help.



×

Ad

1 Answer

Anonymous

  • Level 2:

    An expert who has achieved level 2 by getting 100 points

    MVP:

    An expert that got 5 achievements.

    Governor:

    An expert whose answer got voted for 20 times.

    Hot-Shot:

    An expert who has answered 20 questions.

  • Expert
  • 68 Answers

Here's a real simple problem to your remote access problems.
Go to: http://www.logmein.com
Sign up for a free acct, download/install their free software on your Server.
Now go over to your laptop, login to your new logmein acct.
In the next page, you'll see your Server listed. Click on it - follow instructions to connect.
This will tunnel through whatever stuff you have on your network!
Trust me - esp. in your scenario, this is *by far* the *simplest remote connect you'll ever perform! And it just .... works! Everytime.

gurutim

Posted on Mar 21, 2009

  • Anonymous Mar 24, 2009

    Please explain why you rated my answer re: logmein.com to your remote access problem as inappropriate? Wasn't the bottom line to connect to your server via your laptop? I believe that is (but one of the many) logmein was designed to do!
    Please let me know. Thanx.


×

Ad

Add Your Answer

×

Uploading: 0%

my-video-file.mp4

Complete. Click "Add" to insert your video. Add

×

Loading...
Loading...

Related Questions:

2 Answers

How can i istall windows server 2000 on Dell Poweredge T300


Windows 2000 is not supported on this machine. The closest you could get is using a hypervisor XenServer or VMWare ESXi and then installing Windows 2000 on a virtual machine.

Jan 26, 2015 | Dell PowerEdge T300 Server

1 Answer

I want to install windos 2003 server on dell poweredge 2600 but the server is very slow i want help


Hello,

I am not sure what you mean by "slow" so I will anwer in general terms. I would recommend 1st that you make sure the PowerEdge meets the recommended hardware specs for Windows Swerver 2003. (Memory, CPU speed, Hard drive capacity, etc.) 2nd- I would run two Xeon processors instead of one and add as much memory as you can put in your system.

I run MS Server 2003 on one of my servers and here is the configuration that I am using:
2 Xeon 2.8GHz processors
6GB ECC Memory
120GB hard drive for the server operating system (Nothing else is on this drive)
750GB hard drive for all other applications
External NAS storage for files, data, etc. (connected to my netword via Ethernet 5e)

With this setup, my server has been running very well for 6 years now. I do maintanance every week on it to keep it up to par. (Simple dusting, checking cables, etc.)

Good Luck.

C2Solutions

Sep 11, 2011 | Dell PowerEdge 2600 Server

1 Answer

What operating system can be installed on Dell PowerEdge 600SC Server


depending on the amount of memory and processor speed i have installed windows 2000, windows XP. Linux, windows 200 server and windows 2003 server. it all depends on hardware requirements.

Jan 05, 2011 | Dell PowerEdge 600SC (Refurbished)...

1 Answer

I have dell 1800 server and i want to repair my


Have you tried to follow the solution from microsoft?
If not here's the link:
http://support.microsoft.com/kb/325375

Did this information solve your problem?

May 05, 2010 | Dell PowerEdge 1800 Server

1 Answer

What audio driver to i need for my dell poweredge 600sc server running windows server 2003? Is there a direct link? I search and have not found anything.


dell poweredge servers are not needed for sound. DELL support will not support any sound cards or care anything about your audio issues. You will not find audio drivers because again, a server's purpose has nothing to do with audio.

Jan 11, 2010 | Dell PowerEdge 600SC (Refurbished)...

1 Answer

I have a Dell PowerEdge 6850 with 64gb ram running Windows 200 ENT x86 SP1, When I installed SP2 the server wants to start in safe mode or Last Known good unless I remove some of the memory.


I assume your are using Windows 2003 Server Enterprise Edition (the last but crucial number is missing in your post!)

The maximum RAM that can used is 32 GB for x86-based computers.
If you want to install more RAM, you have to switch to an Itanium-based processor, which allows you to utilize up to 512 GB.

See the complete list for Hardware Requirements for Windows Server 2003 here.

Aug 12, 2009 | Dell PowerEdge 6850 (PE6850SAPP) Server

1 Answer

Need network drivers for dell poweredge sc 440


Firstly Uninstall The Current Driver Software And Kindly Follow This Link Below To Download And Enter The SERVICE TAG of Your Dell Power Edge Server And Choose The Appropriate Driver As There Are More Than 1 Options...
If u are not aware about the correct driver software then contact DELL CHAT SUPPORT as they have to provide u the right information because everything these guys tell u got DOCUMENTED so don't worry this time your issue would be taken care of or else if could share the SERVICE TAG i vl contact them on your behalf and provide the the CORRECT DRIVER DETAILS as i understood ur emergency to get this up and running.....

May 21, 2009 | Computers & Internet

1 Answer

Problems connecting to the internet


unplug from power all things then plug back in,in this orderthe modem,then in 2 minutes,the computer,it should reset

Apr 20, 2017 | Dell PowerEdge 1800 Server

2 Answers

SIte to site vpn/remote desktop


Open up the vpn client any any of the working machine, and then

click on

file>>save Prfoile>>give a name

Take a copy of that and paste it in your machine.

On your machine install the vpn client (Straight Forward Installation). Then

Click on Import Profile , Identify the location where you have pasted the profile (Which is copied from other machine).

You are done with that.


Mar 13, 2009 | Cisco PIX 501 Firewall

1 Answer

My Dell powerEdge 1600SC Server Fail.....


Sounds like you're running Windows Server 2003 and want to run a backup utility.

Fortunately, this OS ships with a built-in backup utility called we call "ntbackup."

You can launch this program from Start -> Run, or you can find it in Start -> Accessories -> System Tools -> Backup.

Jan 03, 2009 | Dell PowerEdge 1600SC Server

Not finding what you are looking for?
Cisco PIX 501 Firewall Logo

1,710 views

Ask a Question

Usually answered in minutes!

Top Cisco Computers & Internet Experts

Prashant M
Prashant M

Level 3 Expert

2278 Answers

Mike

Level 3 Expert

4376 Answers

Resolution IT Dubai
Resolution IT Dubai

Level 3 Expert

541 Answers

Are you a Cisco Computer and Internet Expert? Answer questions, earn points and help others

Answer questions

Manuals & User Guides

Loading...