Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
333
Views
0
Helpful
1
Replies

using vpn client behind a firewall

pokey
Level 1
Level 1

‎11-26-2002 05:17 PM - edited ‎02-21-2020 12:12 PM

Hi all.

I want to use the vpn client behind a firewall. We have a pix between our internet connection and the inside. I want to be able to vpn to customer networks from our internal network rather than dialing up to the internet all the time. Anyone know what i have to permit on the pix for this to happen?

Labels:
0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎11-26-2002 06:29 PM

Whether doing IPSec or PPTP (you don't specify), the problem is that you're probably doing PAT on the PIX. PAT and IPSec/PPTP don't work well together, particularly through a PIX (in fact, 6.3 code due out next year will have support for one IPSec and one PPTP tunnel going through a PIX with PAT, but that doesn't help you much now).

The only way around this at the moment is to create a static one-to-one translation for your inside PC on the PIX, but of course that means you need a second global IP address. If you're coming from the inside, you'll also need to create conduits/ACL's to allow IP protocol 50 (IPsec, actually ESP) or IP protocl 47 (PPTP, actually GRE) to come back in, cause the PIX won't open a hole for these automatically cause they're not TCP/UDP protocols.

0 Helpful
Customers Also Viewed These Support Documents