05-31-2001 10:51 AM - edited 02-20-2020 09:48 PM
PIX 520 Version 4.2(3). I would like to have anyone on the inside establish a Microsoft PPTP client based VPN connection to outside devices through the firewall. What configuration commands are required? Thanks.
Don Williams
06-05-2001 12:13 PM
By default, the PIX is everything out, nothing in so your users should be able to connect outbound with PPTP. If its not working, check your PIX for access lists blocking traffic and make sure your users are picking up a valid IP address (not Port Address Translation). If your global pool has a single address, PPTP wont work until you get more valid IP addresses.
06-05-2001 12:49 PM
Thank you! Please answer one more: If I set up additional "real addresses" say 4 of them; does that mean that only 4 people can access the Internet through the firewall at one time? By that I mean is there a one to one correlation between the number of connections out and the number of "global" addresses? Thanks!
Don Williams
06-07-2001 07:10 AM
Once an internal host has been given an address from the global pool, its his until he quits using it and then it times out (timeout xlate nn:nn:nn). So if everyone is doing PPTP, you need enough addresses for everyone. If only a few users are allowed PPTP, dont dynamically assign them a global address. Instead, set static translations for them (make sure their machine is not using DHCP or that their DHCP lease never expires). Then everyone NOT using PPTP will grab your global (PAT) address and anyone using PPTP will be able to as long as the static is assigned.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide