Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

PIX 501 PPTP Help?

I'm just trying to allow pptp (1723) from an outside network to access the servers behind the pix that I have installed. I know it is a simple access-list... any help?

Thanks!

2 REPLIES
Hall of Fame Super Blue

Re: PIX 501 PPTP Help?

Austin

object-group network pptp_servers

network-object host "server1 ip address"

network-object host "server2 ip address"

etc...

access-list acl_inbound permit tcp "outside net" "net mask" object-group pptp_servers eq 1723

access-list acl_inbound permit gre "outside net" "net mask" object-group pptp_servers

access-group acl_inbound in interface outside

Note for PPTP you need to allow GRE as well so i have included that in access-list. You will need to add any other access you need to the access-list as there is an implict deny at the end of an access-list.

One last thing. GRE is not stateful so if you have an access-list applied to your inside interface where your servers are you will need to allow GRE back out through the firewall.

HTH

Jon

New Member

Re: PIX 501 PPTP Help?

Hey thanks for the reply... I was just a little confused as to what "server1 ip address" should I use? The internal or external?

Thanks for your help!

126
Views
4
Helpful
2
Replies
CreatePlease to create content