Hi,
I'm new to Cisco firewall and looking for advice to configure it correctly and run VPN PPTP (with MS client) and IPSEC (with cisco client). Here is the existing config:
PIX Version 6.3(4) interface ethernet0 auto interface ethernet1 auto interface ethernet2 auto nameif ethernet0 outside security0 nameif ethernet1 HH security99 nameif ethernet2 inside security100 enable password xxxxxxxxxx encrypted passwd xxxxxxxxxx encrypted hostname pixfirewall domain-name ciscopix.com clock timezone EST -4 fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names access-list outside_access_in permit icmp any any access-list inside_outbound_nat0_acl permit ip any 192.168.17.224
255.255.255.22 pager lines 24 mtu outside 1500 mtu HH 1500 mtu inside 1500 ip address outside zzz.zzz.zzz.35 255.255.255.240 ip address HH 192.168.0.1 255.255.255.0 ip address inside 192.168.17.1 255.255.255.0 ip verify reverse-path interface outside ip verify reverse-path interface HH ip verify reverse-path interface inside ip audit info action alarm ip audit attack action alarm ip local pool VPN 192.168.17.224-192.168.17.247 no failover failover timeout 0:00:00 failover poll 15 no failover ip address outside no failover ip address HH no failover ip address inside pdm location 192.168.17.0 255.255.255.128 inside pdm location 192.168.17.2 255.255.255.255 inside pdm history enable arp timeout 14400 global (outside) 1 interface nat (HH) 1 0.0.0.0 0.0.0.0 0 0 nat (inside) 0 access-list inside_outbound_nat0_acl nat (inside) 1 0.0.0.0 0.0.0.0 0 0 access-group outside_access_in in interface outside route outside 0.0.0.0 0.0.0.0 zzz.zzz.zzz.33 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server RADIUS (inside) host 192.168.17.2 isapassword timeout 5 aaa-server LOCAL protocol local http server enable http 192.168.17.0 255.255.255.128 inside no snmp-server location no snmp-server contact snmp-server community rrrrr no snmp-server enable traps floodguard enable sysopt connection permit-ipsec sysopt connection permit-pptp sysopt connection permit-l2tp service resetinbound service resetoutside telnet 192.168.17.0 255.255.255.128 inside telnet timeout 30 ssh timeout 5 console timeout 0 vpdn group VPN accept dialin pptp vpdn group VPN ppp authentication mschap vpdn group VPN ppp encryption mppe auto vpdn group VPN client configuration address local VPN vpdn group VPN client configuration dns xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy vpdn group VPN client authentication aaa RADIUS vpdn group VPN client accounting RADIUS vpdn group VPN pptp echo 60 vpdn enable outside vpdn enable inside dhcpd address 192.168.0.10-192.168.0.100 HH dhcpd address 192.168.17.10-192.168.17.50 inside dhcpd dns xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy dhcpd lease 3600 dhcpd ping_timeout 750 dhcpd domain wwwwww.com dhcpd auto_config outside dhcpd enable HH dhcpd enable inside username ddddd password aaaaaaa encrypted privilege 15 terminal width 80 Cryptochecksum:xxxxxxxxxxxxx : end pixfirewall#I have a Win2k server behind doing the authentication. Any advice is welcomed.