Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
406
Views
4
Helpful
2
Replies

PIX 501 PPTP Help?

homeboarder8
Level 1
Level 1

‎08-08-2007 03:13 PM - edited ‎03-11-2019 03:55 AM

I'm just trying to allow pptp (1723) from an outside network to access the servers behind the pix that I have installed. I know it is a simple access-list... any help?

Thanks!

Labels:
0 Helpful
2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

‎08-08-2007 03:39 PM

Austin

object-group network pptp_servers

network-object host "server1 ip address"

network-object host "server2 ip address"

etc...

access-list acl_inbound permit tcp "outside net" "net mask" object-group pptp_servers eq 1723

access-list acl_inbound permit gre "outside net" "net mask" object-group pptp_servers

access-group acl_inbound in interface outside

Note for PPTP you need to allow GRE as well so i have included that in access-list. You will need to add any other access you need to the access-list as there is an implict deny at the end of an access-list.

One last thing. GRE is not stateful so if you have an access-list applied to your inside interface where your servers are you will need to allow GRE back out through the firewall.

HTH

Jon

homeboarder8
Level 1
Level 1
In response to Jon Marshall

‎08-08-2007 04:26 PM

Hey thanks for the reply... I was just a little confused as to what "server1 ip address" should I use? The internal or external?

Thanks for your help!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card