Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
258
Views
0
Helpful
1
Replies

PIX 6.2 PPTP outbound

jdepies
Level 1
Level 1

‎04-14-2003 10:55 AM - edited ‎02-20-2020 10:41 PM

Hello, I want to confirm that it is not possible (with the default config) to get inside clients (static and natted) to make a PPTP connection through the PIX? Is this correct?

I know that 6.3.1 supports the pptp fixup prot, but I am very hesitant on upgrading the IOS so soon after 6.3's release. What can I do to get my inside clients to be able to PPTP through the PIX? I can give them static IPS if necessary.

Thanks

Jeff

0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎04-14-2003 02:25 PM

Internal hosts with a one-to-one static translation will be able to PPTP out through the PIX, only PAT'd hosts will have the problem. You will need to allow GRE into these hosts with an access-list, since the PIX won't open up a hole for this since it isn't a TCP/UDP protocol. Something like:

> access-list inbound permit gre any host

> access-group inbound in interface outside

The PPTP (TCP 1723) packets will automatically be allowed back in, so just the static and the GRE ACL is all that's needed.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card