Re: PPTP VPN passthru on PIX to Windows 2003

cmorley · ‎01-17-2007

Hi, im looking to have my pix pass thru VPN requests to my win2k3 box.

I read in the cisco docs it only supports one connection at a time to be passed through, by that do they mean one client or one vpn only?

Thanks,

Chris

bthibode · ‎01-30-2007

Chris,

I'm not aware of any such limitation for PPTP/L2TP over IPSEC passthrough. Can you please provide a link to the document you're referencing?

tim.weid · ‎01-31-2007

I am running a RRAS box and my solution was to NAT the outside interface of the RRAS box to a public IP (1.1.1.1 in my example) then add the following lines to my outside access-list. You have to remember to allow GRE. The server is located in my DMZ so I nat from outside to dmz. works like a champ. We usually have 20+ people connected at any give time on this server.

access-list outside_access_in extended permit gre any host 1.1.1.1

access-list outside_access_in extended permit tcp any host 1.1.1.1 eq pptp

m-haddad · ‎01-31-2007

Hello,

YOu should be able to establish more than one connection. The scenario you are talking about was in old versions of PIX 6.1 where if a client behind the PIX requires to initiate a PPTP connection to the outside you would need to create a static NAT for this client and thus can support one connection.

Let me know if this clarifies your thoughts,

Regards,

cmorley · ‎02-01-2007

yes thanks for that :) I am running latest pix firmware.

Chris

m-haddad · ‎02-01-2007

Hello,

You should be able to establish more than one connection to your PPTP server. All you need is to create static for this server and allow TCP 1723 and GRE.

Let me know if you need anything more,

Appreciate your rating,

Regards,