Question

Locked

How to connect to my PIX 501 and use Windows Remote Desktop?

By bxicefire ·
I run a windows server 2003 standard sp3 dell poweredge sc440 server, with Active Directory Domain Services and it is connected to the internet and network through Verizon DSL modem (without Routing Capabilities), Cisco Pix 501 firewall, Cisco Catalyst 2950 24-port Switch. i Believe the server is running RAS and Possibly Terminal Services. I know the IP address, and the windows and cisco firewall(s) both have port 3389 open. the configuration is correct as it was setup by an IT pro. but i had to reinstall my laptop, and now i have lost remote access and i do not know what information i need in order to connect to the server. i have administrator password for the server and acces to the server and firewall/switch through telnet. i dont know how to get to the pdm either. can someone explain what information i must use to open pdm and also what info i need to open/use remote desktop. the server is running dhcp services if that helps any.
here is the firewall config data

PIX Version 6.3(1)
interface ethernet0 10full
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password *x*x*x*x*x*x encrypted
passwd *x*x*x*x*x*X encrypted
hostname BronxFW
domain-name ciscopix.com
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521

names

object-group service RemoteAccess tcp
port-object eq 3389
port-object eq ssh
access-list 101 permit ip 192.168.1.0 255.255.255.0 10.107.2.0 255.255.255.0
access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list 100 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list 102 permit tcp any interface outside object-group RemoteAccess
access-list 102 permit icmp any any
access-list 105 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
pager lines 24
logging on
logging timestamp
logging console debugging
logging buffered debugging
mtu outside 1500
mtu inside 1500
ip address outside 71.249.211.79 255.255.255.0
ip address inside 192.168.1.254 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool test 10.107.2.1-10.107.2.254
ip local pool Group1 192.168.1.30-192.168.1.40
pdm location 192.168.2.0 255.255.255.0 outside
pdm location 192.168.1.103 255.255.255.255 inside

pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list 101
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface 3389 192.168.1.123 3389 netmask 255.255.255.255 0 0
access-group 102 in interface outside
route outside 0.0.0.0 0.0.0.0 71.249.211.79 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community dml
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
sysopt connection permit-pptp

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto dynamic-map dynmap 20 set transform-set myset

crypto map vpn 10 ipsec-isakmp
crypto map vpn 10 match address 100
crypto map vpn 10 set peer 68.161.247.177
crypto map vpn 10 set transform-set myset
crypto map vpn 20 ipsec-isakmp dynamic dynmap

crypto map vpn client configuration address initiate

crypto map vpn client configuration address respond

crypto map vpn interface outside
isakmp enable outside
isakmp key amadeus address 68.161.247.177 netmask 255.255.255.255
isakmp identity address
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
vpngroup vpndml address-pool test
vpngroup vpndml dns-server 192.168.1.20
vpngroup vpndml split-tunnel 101
vpngroup vpndml idle-time 1800
vpngroup vpndml password *********
telnet 192.168.1.0 255.255.255.0 inside
telnet 10.107.2.0 255.255.255.0 inside
telnet timeout 5
ssh 68.197.144.89 255.255.255.255 outside
ssh 10.107.2.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
vpdn group PPTP-VPDN-GROUP accept dialin pptp

vpdn group PPTP-VPDN-GROUP ppp authentication pap

vpdn group PPTP-VPDN-GROUP ppp authentication chap

vpdn group PPTP-VPDN-GROUP ppp authentication mschap

vpdn group PPTP-VPDN-GROUP ppp encryption mppe 40

vpdn group PPTP-VPDN-GROUP client configuration address local Group1
vpdn group PPTP-VPDN-GROUP client configuration dns 192.168.1.15
vpdn group PPTP-VPDN-GROUP pptp echo 60
vpdn group PPTP-VPDN-GROUP client authentication local
vpdn username vpn1 password test
vpdn enable outside
vpdn enable inside
dhcpd dns 151.202.0.85 151.203.0.85
dhcpd lease 3600
dhcpd auto_config outside
terminal width 80
Cryptochecksum: *********
end

please don't hack my server, I will lose my Job! lol

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

you need your VPN client application

by CG IT In reply to How to connect to my PIX ...

and your RADIUS / TACS two factor authentication credentials.

your problem,....

"but i had to reinstall my laptop, and now i have lost remote access and i do not know what information i need in order to connect to the server"....

has nothing to do with the configuration you listed.

you need to get the Cisco VPN client from and install it on your laptop.

Collapse -

you get credentials from the IT department

by CG IT In reply to you need your VPN client ...

if your company is not using the Cisco VPN client, then using it isn't going to work. you need to get the vpn client used by the company and your credentials.

Related Discussions

Related Forums