Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

How to Use PIX 515 with 2000 Server VPN?

I have the following situation:

Internet client-->PIX 515--->2000 Server on LAN

I am trying to figure out the best way to allow a 2000 professional client to establish a VPN using PPTP to authenticate with the 2000 server providing routing and ras. I found articles on the website, but they are confusing to me. Shouldn't there be a way to allow the firewall to pass traffic over port 1723 for PPTP and translate to the private address? I will be using the built in vpn software on Pro.

If the public interface on the PIX was and the 2000 server has, couldn't I do this?

static (inside, outside) netmask 0

conduit permit tcp host eq 1723 any

Would this work and is it safe to handle a VPN in this manner?


New Member

Re: How to Use PIX 515 with 2000 Server VPN?

This will work however there may be other ports that need to be open for the client to act properly. Although the communication is set at 1723 you may have to allow other ports for the communications portion of the call. We currently use a contivity box and have three ports that needed to be opened for the VPN to work properly. It is secure and safe we have had little problems with keeping it up and running but mostly just user errors.

CreatePlease to create content