Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
306
Views
0
Helpful
1
Replies

Permitting IPSec VPN connection behind PIX to remote server

laupeng
Level 1
Level 1

‎09-18-2003 09:11 PM - edited ‎02-21-2020 12:46 PM

I have just configured a PIX Firewall 501 (using PAT) to allow internal PCs using Windows PPTP connect to a remote PIX successfully (need to open port 1723). Is there any setting/port that I must configure for Cisco VPN client in order for IPSec VPN connection traffic to return to internal PC behind PIX? Thanks.

Labels:
0 Helpful
1 Reply 1

atdhingr
Level 1
Level 1

‎09-19-2003 03:31 AM

I have a sample config for you:

ClientPC--------PIX---------PPTPServer

10.0.33.1 170.143.82.9

In order for this to work, we need to create a static for the PC that you want to use vpn

through the pix with. Along with the static, we will need an access-list on the Sprint interface. The access lists are needed because the Point-to-Point Tunneling Protocol (PPTP) is a protocol for tunneling PPP traffic. A PPTP session is composed of one TCP channel and usually two PPTP GRE tunnels. The TCP channel is the control channel used for negotiating and managing the PPTP GRE tunnels. The GRE tunnels carries PPP sessions between the two hosts.

Say ou have the inside PC as 10.0.33.1 and you are going static it to 112.112.112.112.

Also, the site you are going to vpn to is at 170.143.82.9.

static (inside,outside) 112.112.112.112 10.0.33.1

access-list Sprint_access_in permit gre host 170.143.82.9 host 112.112.112.112

access-list Sprint_access_in permit tcp host 170.143.82.9 host 112.112.112.112 eq 1723

access-group Sprint_access_in in interface Sprint

0 Helpful
Customers Also Viewed These Support Documents