Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
410
Views
0
Helpful
6
Replies

PIX 515 outbound VPN connection?

gjeff80
Level 1
Level 1

‎01-02-2003 08:59 AM - edited ‎02-21-2020 12:15 PM

Does anyone know what I would need to do to allow a client on the inside of the PIX firewall to connect to another companies VPN server? When attempting to connect to a VPN server on the outside of the PIX it returns error 721, the computer failed to respond. The access list has the default explict lists, which should allow the connection to be established because it was initiated on the inside correct? Any help would be appreciated!.. Thanks

Glenn

Labels:
0 Helpful
6 Replies 6

ajagadee
Cisco Employee
Cisco Employee

‎01-02-2003 11:00 AM

Hi,

I guess you are trying to establish a PPTP Connection to the remote VPN Server. In order to PPTP through a PIX, you must have a one-to-one mapping from the external IP to an internal IP for type 47 GRE packets and port 1723.

Configure a static public ip address for this client and then try connecting to the remote side. And also, if possible test the client with a Dial Up, just to make sure that the PPTP is configured properly on the VPN Server and the Client.

Regards,

Arul

0 Helpful

gjeff80
Level 1
Level 1
In response to ajagadee

‎01-02-2003 11:16 AM

Arul,

Yes it is a PPTP connection to a remote VPN server that I am trying to establish. I've used Dial Up and can establish a connection fine, and I've set a laptop up on the public network and can connect fine to the VPN, which made me realize it was a problem w/ the PIX setup.

So if I want to establish a VPN connection in the future I will need to establish a one-to-one mapping for the private adderss to a public address? Is it possible to configure the PIX so any of the clients on the inside could establish a connection? The way the PIX is setup right now is that it is using a pool of IP address on the outside network, and using NAT for the private addresses. I'm new to the PIX, I was just surprised that the pix didn't establish a connection automatically.

Thanks,

Glenn

0 Helpful

blin
Level 1
Level 1
In response to gjeff80

‎01-03-2003 02:45 PM

We have the same problem (error 721). My question is what command is for establish one-to-one mapping from the external IP to an internal IP for type 47 GRE packets and port 1723.

thanks

0 Helpful

ajagadee
Cisco Employee
Cisco Employee
In response to blin

‎01-03-2003 05:54 PM

Hi,

You need a full routable ip address for the user behind the Pix and can do a static translation

static(inside,outside) a.b.c.d w.x.y.z

where,

a.b.c.d is the routable ip address

w.x.y.z is the internal ip address of the user that is trying to make the connection.

Regards,

Arul

0 Helpful

gjeff80
Level 1
Level 1
In response to ajagadee

‎01-03-2003 06:50 PM

So it is strictly a one to one, there isn't a way you could allow any client on the inside connect to a VPN server outside?

0 Helpful

blin
Level 1
Level 1
In response to ajagadee

‎01-04-2003 07:15 AM

Arul,

Thank you. But, I already have the traslation:

static(inside,outside) public ip host_name netmask 255.255.255.255 0 0

any thing wrong?

bob

0 Helpful
Customers Also Viewed These Support Documents