cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
581
Views
5
Helpful
3
Replies

Cisco PIX 506E PPTP access to Internet. Help Please!

P-A-Swindon
Level 1
Level 1

Hi.

I'm fairly new to Cisco and am having some trouble configuring a Cisco PIX 506E. I would really appreciate some help.

The device is being used as the main firewall for our office and that part is working fine. It's also configured to provide PPTP connectivity/authentication for home users, and here lies the problem! The home users can connect fine, and are able to access office resources, however they cannot access the Internet. If I enable logging and try to browse to www.google.co.uk (from a PPTP client) the following entry is logged:

110001: No route to 207.46.193.254 from 172.25.101.100

I've attached a copy of the config (external IP has been changed for security reasons) and any help/advice would be very much appreciated.

Paul

3 Replies 3

JORGE RODRIGUEZ
Level 10
Level 10

Paul, you need to PAT the VPN pool network for internet traffic.

Try this and post results

nat (oustide) 1 172.25.101.0 255.255.255.0

Rgds

Jorge

Jorge Rodriguez

Paul, would like to make a correction.. I did not realized you are running pix 6.x code on 506E, so my above statement does not applies becuase in 6.x code traffic comming in one interface may not go out on the same interface, from what I understand you would need to implement split tunneling but I have not seen any documentation on slpit tunnel using PPTP , you would have to run Ipsec instead and configure split tunneling for internet.

Rgds

Jorge

Jorge Rodriguez

Many thanks for your help. I will have to try a VPN client with split-tunnel.

I must say that it's frustrating that something like this is not supported - you'd have thought it's a common requirement!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: