Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Permitting IPSec VPN connection behind PIX to remote server

I have just configured a PIX Firewall 501 (using PAT) to allow internal PCs using Windows PPTP connect to a remote PIX successfully (need to open port 1723). Is there any setting/port that I must configure for Cisco VPN client in order for IPSec VPN connection traffic to return to internal PC behind PIX? Thanks.

New Member

Re: Permitting IPSec VPN connection behind PIX to remote server

I have a sample config for you:


In order for this to work, we need to create a static for the PC that you want to use vpn

through the pix with. Along with the static, we will need an access-list on the Sprint interface. The access lists are needed because the Point-to-Point Tunneling Protocol (PPTP) is a protocol for tunneling PPP traffic. A PPTP session is composed of one TCP channel and usually two PPTP GRE tunnels. The TCP channel is the control channel used for negotiating and managing the PPTP GRE tunnels. The GRE tunnels carries PPP sessions between the two hosts.

Say ou have the inside PC as and you are going static it to

Also, the site you are going to vpn to is at

static (inside,outside)

access-list Sprint_access_in permit gre host host

access-list Sprint_access_in permit tcp host host eq 1723

access-group Sprint_access_in in interface Sprint

CreatePlease to create content