cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
231
Views
0
Helpful
1
Replies

Cisco Pix and ISA Server 2004

mrrlg
Level 1
Level 1

I am trying to create a front end back end firewall solution using Pix Version 6.3(5) as my front end and Microsoft ISA server 2004 as my backend. I am trying to pass Microsoft client VPN connections thru the Pix firewall and terminate them on the ISA server. I have added these commands to the Pix.

access-list outside_acl permit tcp any host 64.206.48.XX (external address of Pix)

static (inside, outside) 64.206.48.xx 22.218.0.xx netmask 255.255.255.255 0 0

22.218.0.xx is the "external interface" of the ISA server. With this configuration, inside users can access the internet, but any attempts to create and terminate a external VPN connection receives the error "remote computer did not respond." What do I need to do to pass pptp and l2tp traffic to the ISA server?

1 Reply 1

bobd
Level 1
Level 1

You need to permit gre traffic to your ISA server

access-list outisde_acl permit gre any host 64.206.48.xx

Make sure your access list is applied to the outside interface.

access-group outside_acl in interface outside

You can reference the following link for additional information:

http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094a5a.shtml#pptpwith

Bob

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: