09-14-2012 11:45 AM
Can this piece of %^$ pix 501 allow port 1723 to be open so users can connect to a Windows VPN server configured by PDM?
pix 6.3(5)
Outside staic IP - whatever 111.111.111.111
Inside 192.168.1.1
Win VPN server 192.168.1.10
Thanks to anybody that can help.
Note - I wnat to know if thi can be accomplished using PDM 3.0.4
This pix has to have a use other than a glorified 4 port switch
09-14-2012 05:26 PM
Yes you can enable PIX501 with version 6.3.5 for PPTP pass through.
Command line:
static (inside,outside) tcp interface 1723 192.168.1.10 1723 netmask 255.255.255.255
fixup protocol pptp 1723
access-list
If you don't already have an access-list applied to outside interface, then you also need the following:
access-group
Then "clear xlate" after the above configuration. I also assume that you would like to use the outside interface ip address of the PIX for the translation. Otherwise, if 111.111.111.111 is actually a spare public ip address, then the above static command should say:
static (inside,outside) 111.111.111.111 192.168.1.10 netmask 255.255.255.255
Yes, it can be accomplished using PDM. But i have to apologize that i don't have a handy access to a PDM hence, i can only advise you on the configuration using CLI.
Hope that helps a little.
09-14-2012 07:40 PM
sh access-list (from PDM CLI)
access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 256)
alert-interval 300
So what would these commands be?
access-list
access-group
09-14-2012 08:40 PM
Ok, since there is no existing access-list, then you can configure a new one as follows:
access-list outside-acl permit tcp any host 111.111.111.111 eq 1723
access-group outside-acl in interface outside
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide