Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Client to VPN PPTP through PIX

Hello,

I am required to connect to one of our customers sites using the microsoft vpn client. I need to be able to do this from behind our existing PIX firewall. Our firewall currently doesnt allow this.

I have opened 1723 *outbound* on the PIX which has allowed me to see the client session begin to setup, but then the session dies.

Question 1, Do i need gre also? Inbound or outbound?

Question 2, Do i need any static mappings for the vpn device we are trying to connect to? Our internal networks are all NAT 10.1.X.X.

Thanks,

1 REPLY
Cisco Employee

Re: Client to VPN PPTP through PIX

Easiest way to do this is upgrade to 6.3(3) and issue the following command:

fixup protocol pptp 1723

The PIX will then open up the necessary TCP/1723 and GRE holes to allow your traffic to come back in, and you can continue to use your existing nat/global commands without alteration.

See http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/df.htm#wp1067379 for details.

87
Views
0
Helpful
1
Replies
CreatePlease to create content