Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Permitting IPSec VPN connection behind PIX to remote server

I have just configured a PIX Firewall 501 (using PAT) to allow internal PCs using Windows PPTP connect to a remote PIX successfully (need to open port 1723). Is there any setting/port that I must configure for Cisco VPN client in order for IPSec VPN connection traffic to return to internal PC behind PIX? Thanks.

1 REPLY
New Member

Re: Permitting IPSec VPN connection behind PIX to remote server

I have a sample config for you:

ClientPC--------PIX---------PPTPServer

10.0.33.1 170.143.82.9

In order for this to work, we need to create a static for the PC that you want to use vpn

through the pix with. Along with the static, we will need an access-list on the Sprint interface. The access lists are needed because the Point-to-Point Tunneling Protocol (PPTP) is a protocol for tunneling PPP traffic. A PPTP session is composed of one TCP channel and usually two PPTP GRE tunnels. The TCP channel is the control channel used for negotiating and managing the PPTP GRE tunnels. The GRE tunnels carries PPP sessions between the two hosts.

Say ou have the inside PC as 10.0.33.1 and you are going static it to 112.112.112.112.

Also, the site you are going to vpn to is at 170.143.82.9.

static (inside,outside) 112.112.112.112 10.0.33.1

access-list Sprint_access_in permit gre host 170.143.82.9 host 112.112.112.112

access-list Sprint_access_in permit tcp host 170.143.82.9 host 112.112.112.112 eq 1723

access-group Sprint_access_in in interface Sprint

109
Views
0
Helpful
1
Replies
CreatePlease to create content