Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Having problem in PIX for outgoing Windows VPN connections!!

Dear All,

I'm having a problem while trying to connect to a windows VPN server outside my network, I'm using FWSM. Is there any recommendation?

Thanks..

3 REPLIES
Cisco Employee

Re: Having problem in PIX for outgoing Windows VPN connections!!

Are you doing PAT on the FWSM? Is the Windows VPN server you mention a PPTP server?

If you answered yes to both the above then you may be out of luck. PIX 6.3 code introduced a PPTP "fixup" that allowed PAT for PPTP sessions, but since the FWSM code is based on 6.0 and 6.2 that command is not available in the FWSM.

Try adding a static translation for your inside host so that it gets a one-to-one translation rather than PAT and see if that works. Since PPTP also uses GRE, and since the PIX/FWSM won't open a hole for this, you'll need to add the following to your inbound ACL:

access-list inbound permit gre host host

where is the IP address that your inside PC is statically translated to with the new static command you've added.

New Member

Re: Having problem in PIX for outgoing Windows VPN connections!!

Thanks gfullage,

U are correct i do have PAT, but even if i use one-to-one translation to connect to the PPTP windows VPN and after enabling the GRE it didn't work..!!

i don't know what to do..!!

Any help..

regards..

New Member

Re: Having problem in PIX for outgoing Windows VPN connections!!

If you are using an outbound access-list you will also need to do the following even if you already are allowing IP:

access-list outbound permit gre host host

Hope this helps!

159
Views
0
Helpful
3
Replies
CreatePlease to create content