01-16-2011 04:27 PM
Hi,
I'v successed to open webserver to public internet by following command on ASA5510.
access-list DMZ_nat_static extended permit tcp host 192.168.10.210 eq www any
static (DMZ,pppoe) tcp 200.200.200.10 www access-list DMZ_nat_static
I can connect [Web server] from internet. (http://200.200.200.10).
[Question]
How to open MS-Windows pptp server to public internet (TCP:1723 and GRE).
*****************************
[internet] IP16 (ISP provides 200.200.200.1 to 200.200.200.16 by pppoe)
|
|
|eth0/0 [Interface name : pppoe] 200.200.200.1
[ASA5510]
|eth0/1 [Interface name : DMZ]
|
+---
+---[Web server] 192.168.10.210 : 80 (⇒200.200.200.10 : 80)
+---[pptp server] 192.168.10.208 (TCP:1723 & GRE) ⇒ 200.200.200.8 (TCP:1723 & GRE)
*****************************
Regards,
okumura
Solved! Go to Solution.
01-16-2011 04:34 PM
You can perform 1:1 static NAT between the PPTP server 192.168.10.208 to 200.200.200.8, and also you would need to allow TCP/1723 on ACL applied to the pppoe interface, and lastly to enable "inspect pptp".
The following is the 3 things that need to be configured:
1) Static 1:1 NAT for 192.168.10.208 to 200.200.200.8
2) ACL to allow TCP/1723 on the pppoe interface
3) Enable "inspect pptp" on your global_policy policy-map.
Hope that answers your question.
01-16-2011 08:15 PM
Assuming that you already have the following configured:
service-policy global_policy global
--> you can check by issueing: sh run service-policy
If you already have that, then here is how you would enable pptp inspection:
policy-map global_policy
class inspection_default
inspect pptp
01-16-2011 09:18 PM
Cheers, and thanks for the ratings.
01-16-2011 04:34 PM
You can perform 1:1 static NAT between the PPTP server 192.168.10.208 to 200.200.200.8, and also you would need to allow TCP/1723 on ACL applied to the pppoe interface, and lastly to enable "inspect pptp".
The following is the 3 things that need to be configured:
1) Static 1:1 NAT for 192.168.10.208 to 200.200.200.8
2) ACL to allow TCP/1723 on the pppoe interface
3) Enable "inspect pptp" on your global_policy policy-map.
Hope that answers your question.
01-16-2011 08:07 PM
Hi, Jennifer.
Thank you for your reply!
3) Enable "inspect pptp" on your global_policy policy-map.
⇒ Could you tell me sample command about this?
Regards,
okumura
01-16-2011 08:15 PM
Assuming that you already have the following configured:
service-policy global_policy global
--> you can check by issueing: sh run service-policy
If you already have that, then here is how you would enable pptp inspection:
policy-map global_policy
class inspection_default
inspect pptp
01-16-2011 08:59 PM
Hi, Jennifer.
Thank you for your help!
My question has been resolved.
Regards,
okumura
01-16-2011 09:18 PM
Cheers, and thanks for the ratings.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: