RE: Cisco Pix VPN Windows 2003 domain integration
- From: v-crinal@xxxxxxxxxxxxxxxxxxxx ("Crina Li")
- Date: Tue, 07 Mar 2006 09:36:43 GMT
Hi Brown,
Thanks for your update.
Because we are not familiar with the third party hardware, you may need to
consult the hardware vendor for detailed configuration on PIX515. I can
only provide some general information regarding RADIUS for your reference:
Internet Authentication Service for Windows 2000
http://www.microsoft.com/technet/prodtechnol/windows2000serv/evaluate/featfu
nc/ias.mspx
Use RADIUS authentication
http://technet2.microsoft.com/WindowsServer/en/Library/5934dc6b-78ec-4d37-b4
5f-99754e5067801033.mspx
Thanks for your time and understanding.
Best regards,
Crina Li (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: Cisco Pix VPN Windows 2003 domain integration
| thread-index: AcZBYUghVtQY68WfTJO2FEpHadV9iA==
| X-WBNR-Posting-Host: 206.228.123.253
| From: =?Utf-8?B?QXJsaXMgQnJvd24=?= <ArlisBrown@xxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <3F2BFEC9-0E0F-4EB2-B7B1-F650D3A1E524@xxxxxxxxxxxxx>
<XGym#dMQGHA.5524@xxxxxxxxxxxxxxxxxxxxx>
| Subject: RE: Cisco Pix VPN Windows 2003 domain integration
| Date: Mon, 6 Mar 2006 13:02:30 -0800
| Lines: 111
| Message-ID: <F2A33979-BF94-4BF6-9906-80E2D452FFCA@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA03.phx.gbl microsoft.public.windows.server.sbs:249863
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Crina Li,
|
| Thanks for the insight into SBS 2003's capabilities. However, since I
| currently have a PIX515 I wanted to locate VPN services to this device as
an
| added security measure. Do I have to still run the wizards to enable
RADIUS
| or can I manually activate this feature? Also, what is required to
configure
| SBS RADIUS to support a PIX based VPN? Is there a knowledgebase article
on
| this subject?
| --
| AB
|
|
| ""Crina Li"" wrote:
|
| > Hi Brown,
| >
| > Thank you for posting in SBS newsgroup.
| >
| > From the description, I understand that you want to know how to allow
| > remote users to use their AD user account and password to VPN to SBS.
If I
| > have misunderstood your concerns, please do not hesitate to let me know.
| >
| > As I know, you can configure VPN on SBS as following:
| >
| > 1. Run CEICW, follow the wizard and select Enable firewall and then
make
| > sure Virtual Private Networking (VPN) is selected in the Services
| > Configuration page. And make sure you have typed the public FQDN of the
SBS
| > server on the Web Server Certificate page.
| > 2. Run Remote Access Wizard in Server Management\Internet and
| > E-mail\Configure Remote Access, and select VPN access in the Remote
Access
| > Method page. After finishing this wizard, RRAS is configured to allow
| > inbound VPN access, and it can assign IP addresses to the VPN clients
by
| > using DHCP.
| >
| > Note: When we run the remote access wizard to set up the VPN service,
we
| > need to input the public IP address or the public FQDN of the SBS
server.
| > We need to make sure that the address can be accessed from the internet.
| >
| > 3. On the VPN client, go to https://publicFQDN/remote, clear I'm using
a
| > public or shared computer, log in and download Connection Manager.
| > 4. Install Connection Manager on the VPN client.
| > 5. Is there a hardware router installed in front of the SBS server? If
so,
| > ensure that the port forwarding for TCP 1723 and GRE port (protocol
number
| > 47) are opened. PPTP VPN is negotiating a connection on TCP port 1723
and
| > send data to and from the PPTP server using the GRE protocol (IP
Protocol
| > 47, 0x2F if you are looking in Network Monitor). You should open port
1723
| > on the router and also make sure IP Protocol 47 is allowed.
| >
| > More information:
| >
| > http://www.isaserver.org/articles/2004vpnradius.html
| >
| > 884492 The RADIUS authentication process in ISA Server 2004
| > http://support.microsoft.com/?id=884492
| >
| > Hope it helps.
| >
| > I appreciate your time and look forward to hearing from you.
| >
| > Best regards,
| >
| > Crina Li (MSFT)
| >
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| >
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| > --------------------
| > | Thread-Topic: Cisco Pix VPN Windows 2003 domain integration
| > || From: =?Utf-8?B?QXJsaXMgQnJvd24=?=
<ArlisBrown@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > | Subject: Cisco Pix VPN Windows 2003 domain integration
| > | Date: Sat, 4 Mar 2006 21:19:27 -0800
| > | | Newsgroups: microsoft.public.windows.server.sbs
| > | |
| > | I'm planning an SBS 2003 installation and will be using a PIX 515e
for
| > Cisco
| > | VPN client access. How do I go about implementing a SBS Radius
server?
| > The
| > | end result I'm trying to achieve is to allow remote users to use
their AD
| > | user account and password for VPN authentication.
| > | --
| > | AB
| > |
| >
| >
|
.
- References:
- RE: Cisco Pix VPN Windows 2003 domain integration
- From: "Crina Li"
- RE: Cisco Pix VPN Windows 2003 domain integration
- From: Arlis Brown
- RE: Cisco Pix VPN Windows 2003 domain integration
- Prev by Date: Re: SBS Backup fails
- Next by Date: RE: FTP Upload
- Previous by thread: RE: Cisco Pix VPN Windows 2003 domain integration
- Next by thread: Accessing RWW on another server
- Index(es):
Relevant Pages
|
