Client to VPN PPTP through PIX

Unanswered Question
Mar 30th, 2004
User Badges:


I am required to connect to one of our customers sites using the microsoft vpn client. I need to be able to do this from behind our existing PIX firewall. Our firewall currently doesnt allow this.

I have opened 1723 *outbound* on the PIX which has allowed me to see the client session begin to setup, but then the session dies.

Question 1, Do i need gre also? Inbound or outbound?

Question 2, Do i need any static mappings for the vpn device we are trying to connect to? Our internal networks are all NAT 10.1.X.X.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
gfullage Tue, 03/30/2004 - 15:58
User Badges:
  • Cisco Employee,

Easiest way to do this is upgrade to 6.3(3) and issue the following command:

fixup protocol pptp 1723

The PIX will then open up the necessary TCP/1723 and GRE holes to allow your traffic to come back in, and you can continue to use your existing nat/global commands without alteration.

See for details.


This Discussion