07-23-2007 05:58 PM - edited 03-09-2019 06:27 PM
Hi all.
I am trying to set up a multi site VPN using Cisco 857W Routers for DSL connectivity and a PIX-501 at each site. The client will also need Microsoft VPN client access to the PIX at the main site. I am having all sorts of trouble and I think it is due to the 857W stopping the PPTP traffic. Can someone give me some pointers on basically allowing all traffic through the 857W to the PIX. Do I need to create any port forwarding on the 857W to allow traffic through to the PIX? Any help greatly appreciated.
Cheers,
Damien
07-24-2007 03:42 AM
If you plan to use 857s, why don't you configure vpn and firewall on them? It is true to some extent that the 501s tend to be more 'stable' as the software 6.3(5) is very 'mature' But 857s work generally Ok too.
But if you stick with 501 and use 857 just to provide DSL connectivity, make sure there is no firewall running on it and no access-list is blocking the legitimate traffic. It is probably best to assign a public address to the external interface of the pix and do nat on it. (use ip innumbered on the DSL interface)
Then PPTP should work OK then.
07-24-2007 05:37 AM
Thanks for your reply. The client has purchased the PIX 501's so I would like to set them up with these if possible. The 857's are supplied standard from their DSL provider.
I will disable the firewall on the 857's as per your suggestion. Could you please explain further how I might assign their public IP to the outside PIX interface and not the 857? Sorry, I am learning fast but have only been working with Cisco gear a few weeks.
07-24-2007 07:04 AM
You need at least 2 public ip addresses from the ISP per site with /30 mask.
one of them you assign to the external interface of the pix (e.g. 2.2.2.2) and the other to the internal interface of the router
int vlan 1
ip add 2.2.2.1 255.255.255.252
then on the external interface of the router, depending on how it is configured, you do e.g.
int dialer0
ip unnumbered vlan 1
the vlan 1 interface of the router is the default gateway for the pix.
I hope this helps
Rafal
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: