01-16-2011 04:27 PM
Hi,
I'v successed to open webserver to public internet by following command on ASA5510.
access-list DMZ_nat_static extended permit tcp host 192.168.10.210 eq www any
static (DMZ,pppoe) tcp 200.200.200.10 www access-list DMZ_nat_static
I can connect [Web server] from internet. (http://200.200.200.10).
[Question]
How to open MS-Windows pptp server to public internet (TCP:1723 and GRE).
*****************************
[internet] IP16 (ISP provides 200.200.200.1 to 200.200.200.16 by pppoe)
|
|
|eth0/0 [Interface name : pppoe] 200.200.200.1
[ASA5510]
|eth0/1 [Interface name : DMZ]
|
+---
+---[Web server] 192.168.10.210 : 80 (⇒200.200.200.10 : 80)
+---[pptp server] 192.168.10.208 (TCP:1723 & GRE) ⇒ 200.200.200.8 (TCP:1723 & GRE)
*****************************
Regards,
okumura
Solved! Go to Solution.
01-16-2011 04:34 PM
You can perform 1:1 static NAT between the PPTP server 192.168.10.208 to 200.200.200.8, and also you would need to allow TCP/1723 on ACL applied to the pppoe interface, and lastly to enable "inspect pptp".
The following is the 3 things that need to be configured:
1) Static 1:1 NAT for 192.168.10.208 to 200.200.200.8
2) ACL to allow TCP/1723 on the pppoe interface
3) Enable "inspect pptp" on your global_policy policy-map.
Hope that answers your question.
01-16-2011 08:15 PM
Assuming that you already have the following configured:
service-policy global_policy global
--> you can check by issueing: sh run service-policy
If you already have that, then here is how you would enable pptp inspection:
policy-map global_policy
class inspection_default
inspect pptp
01-16-2011 09:18 PM
Cheers, and thanks for the ratings.
01-16-2011 04:34 PM
You can perform 1:1 static NAT between the PPTP server 192.168.10.208 to 200.200.200.8, and also you would need to allow TCP/1723 on ACL applied to the pppoe interface, and lastly to enable "inspect pptp".
The following is the 3 things that need to be configured:
1) Static 1:1 NAT for 192.168.10.208 to 200.200.200.8
2) ACL to allow TCP/1723 on the pppoe interface
3) Enable "inspect pptp" on your global_policy policy-map.
Hope that answers your question.
01-16-2011 08:07 PM
Hi, Jennifer.
Thank you for your reply!
3) Enable "inspect pptp" on your global_policy policy-map.
⇒ Could you tell me sample command about this?
Regards,
okumura
01-16-2011 08:15 PM
Assuming that you already have the following configured:
service-policy global_policy global
--> you can check by issueing: sh run service-policy
If you already have that, then here is how you would enable pptp inspection:
policy-map global_policy
class inspection_default
inspect pptp
01-16-2011 08:59 PM
Hi, Jennifer.
Thank you for your help!
My question has been resolved.
Regards,
okumura
01-16-2011 09:18 PM
Cheers, and thanks for the ratings.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide