Client to VPN PPTP through PIX

Unanswered Question
Mar 30th, 2004
User Badges:

Hello,


I am required to connect to one of our customers sites using the microsoft vpn client. I need to be able to do this from behind our existing PIX firewall. Our firewall currently doesnt allow this.


I have opened 1723 *outbound* on the PIX which has allowed me to see the client session begin to setup, but then the session dies.


Question 1, Do i need gre also? Inbound or outbound?

Question 2, Do i need any static mappings for the vpn device we are trying to connect to? Our internal networks are all NAT 10.1.X.X.


Thanks,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
gfullage Tue, 03/30/2004 - 15:58
User Badges:
  • Cisco Employee,

Easiest way to do this is upgrade to 6.3(3) and issue the following command:


fixup protocol pptp 1723


The PIX will then open up the necessary TCP/1723 and GRE holes to allow your traffic to come back in, and you can continue to use your existing nat/global commands without alteration.


See http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/df.htm#wp1067379 for details.

Actions

This Discussion