Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Access to vpn,from internal network to external network-configuration pix

I have one firewall pix of face to internet. I need to give access to a computer

in my internal network to a a ip address in the external network for

one vpn conection

I read and, i think that the configuration is the following:

I don't know the type of vpn.

i.i.i.i = ip address of PC in internal network

e.e.e.e = ip address VPN destination in external network

VPN Ipsec

---------

access-list dmzx extended permit udp host i.i.i.i host e.e.e.e eq 500

access-list dmzx extended permit ip host i.i.i.i host e.e.e.e eq 50 (esp)

access-list dmzx extended permit ip host i.i.i.i host e.e.e.e eq 51 (AH)

VPN lp2tp

--------

The same configuration

VPN ssl

-------

access-list dmzx extended permit udp host i.i.i.i host e.e.e.e eq 1194

VPN pptp

-------

access-list dmzx extended permit tcp host i.i.i.i host e.e.e.e eq 1723 (Control channel)

access-list dmzx extended permit tcp host i.i.i.i host e.e.e.e eq 47 (gre)

1 REPLY

Re: Access to vpn,from internal network to external network-conf

It's been a long time since I've worked on a pix, but I believe you can do:

fixup protocol pptp

If the host can get on the internet, you should be able to use the above command without any extra configuration. Now, if you have an inside acl that exists (you're showing a dmz acl), then you'd need to allow whatever type ports you need. And it really depends on what type of client you're using as to what ports to open.

HTH,

John

HTH, John *** Please rate all useful posts ***
140
Views
4
Helpful
1
Replies
CreatePlease to create content