Re: WKS outside PIX

From: Kevin D. Goodknecht Sr. [MVP] (admin_at_nospam.WFTX.US)
Date: 12/10/04 

Date: Fri, 10 Dec 2004 07:57:02 -0600

In news:17C70EAE-E420-4B7C-8A0A-6439958B9206@microsoft.com,
Maurizio <Maurizio@discussions.microsoft.com> commented
Then Kevin replied below:
> The situation is this:
> We have a private and very important internal network
> inside an another private and very large intranet.
> Between this network there is a pix Firewall.
> Both network have private ip address
> Inside PIX 192.168.x.x
> Outside PIX 10.x.x.x
> The our necessity is that from network 10.0.0.0 place
> outside PIX, many WKS (2000 professional) must to join to
> DC that are inside to PIX.
> No access is request from internet but only from intranet.
> The problem is DNS on DC that have SRV record with
> association 192.168.0.0 that are unreachable from
> intranet why pix done a Nat.
> We would like avoid to use Ipsec and VPN from intranet
> station.

The problem is, unless you VPN through the firewall, you'll have to make the
firewall like swiss cheese. If you make VPN connections through the Pix, all
you need is the VPN port. So do you want a firewall made of swiss cheese?
310111 - HOW TO Configure Packet Filter Support for PPTP VPN Clients in
Windows 2000:
http://support.microsoft.com/default.aspx?scid=kb;en-us;310111&sd=RMVP
832017 - Port Requirements for the Microsoft Windows Server System:
http://support.microsoft.com/default.aspx?scid=kb;en-us;832017&sd=RMVP 

-- 
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

Relevant Pages

  • RE: [fw-wiz] PIX split tunneling
    ... Split tunneling is an excellent option for saving bandwidth and SA's on your ... To use a VPN the user would need access to the internet ( ... on a public network then if they change the config then they change it. ... If your users are inside the PIX then I don't understand the question. ...
    (Firewall-Wizards)
  • PIX 515E dropping existing TCP connections
    ... I recently took over administration of a PIX 515E. ... network, and VPN to the PIX to access a private network. ... When the VPN is connected, I can SSH to hosts on the private network. ... PIX drops the connection after transferring just a few kilobytes. ...
    (comp.dcom.sys.cisco)
  • Re: Cisco VPN client connecting trough ISA 2004 - problem
    ... If you use the PDM to configure your PIX then there is a tick ... Clients are Cisco VPN 4.6 connecting to PIX IOS 6.3. ... My problem is that clients connectig from network behing ISA 2004 which i ... VPN client. ...
    (microsoft.public.isa.vpn)
  • Re: cups relaying remote broadcasts to a local subnet
    ... This sounds like an application that could use a vpn (virtual private ... network) over the internet. ... The 10.x.x.x series of IP addresses is set aside as private address space. ...
    (Fedora)
  • Re: VPN client address range question
    ... The VPN client address range should never be the same as the Internal ... Use a private range that is not duplicated in any network seen by TMG. ...
    (microsoft.public.isa.vpn)