Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Parking NT VPN server behind PIX 515

I have a PIX 515 UR and I am trying to put an NT VPN server behind it. I have opened TCP port 1723 and GRE any. I read in a tech article that I also need to open "IP protocol port 47". I cannot figure out the conduit statement that opens that. And is there any thing else I'm for getting?

Thanks

Brouck

2 REPLIES
New Member

Re: Parking NT VPN server behind PIX 515

I think they probably meant IP protocol number 47, which is GRE. IANA assigned numbers can be found here:

http://www.iana.org/assignments/protocol-numbers

Are you using ACL's or conduits? Could you post the static and acl portion of you config (sanitized)?

New Member

Re: Parking NT VPN server behind PIX 515

Thanks, you are right and I do already have the GRE statement. I am using conduits and not ACL's. Is there an advantage to using ACLs? Here is a sample of my config sanitized. I am able to ping this ip from inside but not from outside and I do have ICMP permited in the config. My next step is probably to set it up outside the firewall to confirm that it works and then bring it back behind to trouble shoot.

static (inside,outside) 62.228.208.4 62.228.208.4 netmask 255.255.255.255 0 0

conduit permit tcp host 62.228.208.4 eq 1723 any

conduit permit gre host 62.228.208.4 any

120
Views
0
Helpful
2
Replies
CreatePlease login to create content