Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
441
Views
0
Helpful
2
Replies

Parking NT VPN server behind PIX 515

ivisops
Level 1
Level 1

‎10-26-2001 07:44 AM - edited ‎02-21-2020 11:27 AM

I have a PIX 515 UR and I am trying to put an NT VPN server behind it. I have opened TCP port 1723 and GRE any. I read in a tech article that I also need to open "IP protocol port 47". I cannot figure out the conduit statement that opens that. And is there any thing else I'm for getting?

Thanks

Brouck

Labels:
0 Helpful
2 Replies 2

macatalano
Level 1
Level 1

‎10-27-2001 07:53 AM

I think they probably meant IP protocol number 47, which is GRE. IANA assigned numbers can be found here:

http://www.iana.org/assignments/protocol-numbers

Are you using ACL's or conduits? Could you post the static and acl portion of you config (sanitized)?

0 Helpful

ivisops
Level 1
Level 1
In response to macatalano

‎10-29-2001 07:58 AM

Thanks, you are right and I do already have the GRE statement. I am using conduits and not ACL's. Is there an advantage to using ACLs? Here is a sample of my config sanitized. I am able to ping this ip from inside but not from outside and I do have ICMP permited in the config. My next step is probably to set it up outside the firewall to confirm that it works and then bring it back behind to trouble shoot.

static (inside,outside) 62.228.208.4 62.228.208.4 netmask 255.255.255.255 0 0

conduit permit tcp host 62.228.208.4 eq 1723 any

conduit permit gre host 62.228.208.4 any

0 Helpful
Customers Also Viewed These Support Documents