topic PIX 501 PPTP Help? in Network Security

PIX 501 PPTP Help?

homeboarder8 — Mon, 11 Mar 2019 10:55:22 GMT

I'm just trying to allow pptp (1723) from an outside network to access the servers behind the pix that I have installed. I know it is a simple access-list... any help?

Thanks!

Re: PIX 501 PPTP Help?

Jon Marshall — Wed, 08 Aug 2007 22:39:05 GMT

Austin

object-group network pptp_servers

network-object host "server1 ip address"

network-object host "server2 ip address"

etc...

access-list acl_inbound permit tcp "outside net" "net mask" object-group pptp_servers eq 1723

access-list acl_inbound permit gre "outside net" "net mask" object-group pptp_servers

access-group acl_inbound in interface outside

Note for PPTP you need to allow GRE as well so i have included that in access-list. You will need to add any other access you need to the access-list as there is an implict deny at the end of an access-list.

One last thing. GRE is not stateful so if you have an access-list applied to your inside interface where your servers are you will need to allow GRE back out through the firewall.

HTH

Jon

Re: PIX 501 PPTP Help?

homeboarder8 — Wed, 08 Aug 2007 23:26:40 GMT

Hey thanks for the reply... I was just a little confused as to what "server1 ip address" should I use? The internal or external?

Thanks for your help!