Re: vpn behind a pix

dlabbadia01 · ‎03-12-2003

Hi,

I currently have a pix at location A. It is setup to allow gre and 1723 through on a specific port. I can connect to my vpn server successfully from location B and login and everything is fine. The problem occurs when I am at location C. Location C is behind a pix itself. It gets to the server and timeouts when trying to verfify username and password. Can someone please let me know if there is a setting I need to configure on the pix at location C to allow this?

Thanks

PeterHagen · ‎03-12-2003

I think that you'll need an IP address for teh VPN server that can be reached from outside the PIX, GRE cannot be run through NAT. Believe me, I tried.

Also look at routing on both sides of the PIX.

wolfrikk · ‎03-12-2003

Actually, you can allow PPTP traffic through a PIX. Here is the link.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094a5a.shtml

gfullage · ‎03-12-2003

The above link is good, but means that you have to have a valid global Internet address for every internal PC behind PIX-C.

v6.3 of PIX code, due out late this month will have support for PPTP with PAT, so if you can upgrade this PIX-C to v6.3 when it becomes available you won't need a static for each internal PC.

dlabbadia01 · ‎03-12-2003

Thanks everyone for youre responses. I figured out that I could give a static to each IP but I was hoping to offer VPN access to my DHCP clients which seems to be impossible. I even tried opening the GRE and 1723 for the global address of the outgoing requests to no avail. I wish there was a way to allow it for all the DHCP clients but I guess i'll hjave to wait for the new version release.

thanks for all the help,

Dave