Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

How to allow MS VPN outbound on PIX 501

I'm sure this is standard stuff, but I cant figure it out. I want to allow MS VPN connections initiated from inside to get out a PIX 501. Any help?

8 REPLIES

Re: How to allow MS VPN outbound on PIX 501

you need to allow through the ipsec vpn ports in firewall, udp 500 udp 4500 and protocol esp.

e.g

access-list inside permit udp any any eq 500

access-list inside permit udp any any eq 4500

access-list inside permit esp any any

access-group inside in interface inside

HTH

Jorge

rate any helpful post if it does!

Community Member

Re: How to allow MS VPN outbound on PIX 501

Thanks Jorge,

Does this apply if it's only a PPTP connection?

Re: How to allow MS VPN outbound on PIX 501

This is only for Cisco VPN client, for pptp use the info and link posted by others in this thread.

Jorge

Community Member

Re: How to allow MS VPN outbound on PIX 501

1) use Pix OS code 6.3(5),

2) fixup pptp protocol 1723

It will work after that.

Gold

Re: How to allow MS VPN outbound on PIX 501

http://www.cisco.com/warp/public/110/pix_pptp.html

(it pretty much says the same thing kevinjones says)

Community Member

Re: How to allow MS VPN outbound on PIX 501

Kevin,

That did the trick, thanks.

Would I still need these ACL statements I tried earlier?

access-list outside_access_in permit gre any any

access-list outside_access_in permit tcp any any eq pptp

Thanks again,

Community Member

Re: How to allow MS VPN outbound on PIX 501

you do NOT need to allow anything on the

outside interface. In fact you can even do

this:

access-list ccie_security deny ip any any log

access-group ccie_security in interface outside

your pptp still works after that because

the connection is initiated from the inside

interface.

Community Member

Re: How to allow MS VPN outbound on PIX 501

Didn't think so, but I was grasping at anything.

Thanks for helping.

172
Views
0
Helpful
8
Replies
CreatePlease to create content