Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Connecting to VPN Behind a PIX 515

I'm sure that this has been asked an answered but need info fast!

I have a PIX 515 Version 6.3(5). What ports do I need to open to connect to another VPN using the Microsoft Remote Connection Tools.

Thanks in Advance

4 REPLIES
Silver

Re: Connecting to VPN Behind a PIX 515

You can do a global xlate pool of public addresses that invokes off gre traffic going out of the PIX.

HTH

New Member

Re: Connecting to VPN Behind a PIX 515

New to Pix and Firewall configs. Can you explain the above.

Thanks

New Member

Re: Connecting to VPN Behind a PIX 515

If you use an accesslist on the inside of the pix, make sure you enable TCP connections to port 1723 (Microsoft PPTP port) and enter the command:

fixup protocol pptp 1723

and add the gre protocol to be allowed

access-l acl_inside permit gre

The fixup command allows you to use GRE in combination with NAT/PAT. The access-list is also necessary, otherwise the GRE Tunnel is not established. Usually this happens when the Microsoft VPN Client stays in the authenticating phase (verifying username and password)..

Hope this helps

New Member

Re: Connecting to VPN Behind a PIX 515

Ok I'm new to Pix configs so I understand the Fixup protocall. I have access list for Outside to In but none from Inside to Out. If I type the command reference above with my IP's will that be enough?

What command do I enter for the TCP Connections on Port 1723?

Thanks in Advance

112
Views
0
Helpful
4
Replies
CreatePlease to create content