Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX VPDN

Is it possible to terminate a PPTP on a PIX and then assigned an IP from a pool configured on the PIX then be able to access the outside again through this IP, how can the routing of this scenario be configured on the PIX???

I know i am asking for something look strange as all people want to access a VPN internally from outside, this time i want to access outside although i am connecting from outside ...

4 REPLIES
Cisco Employee

Re: PIX VPDN

You can't do this on a PIX since it won't route a packet back out the same interface it came in on. If you were terminating the PPTP connection on a router then this would work, but not a PIX, sorry.

New Member

Re: PIX VPDN

I'd like to thank you for your reply, i was afraid that i would fail to explain my problem.

Thnaks again

New Member

Re: PIX VPDN

HI.

The pix will not forward packets to the same interface they came from, so it won't work.

Depending on your needs, there are several ways to workaround this, here are some:

* If you switch to using Cisco IPSec VPN client, you can use the "split-tunnel" feature, and let VPN clients access the web directly (not via the pix) while accessing internal hosts via the VPN tunnel.

This is less secure (because a hacker might be accessing the remote client while it is connected) but it is more convinient to the users.

* If you establish a Proxy or Terminal server in the internal network, the remote VPN client can use it.

* If you terminate the VPN tunnel on another device (for example MS RRAS server), the VPN client will be able to go out via the pix.

Yizhar

New Member

Re: PIX VPDN

Thank you very much for your care, i just want to tell you in more details my plan, i just want to make a VPN from home (Dial-Up) to make use of the VPN supported by MS i know it is just protected by the username and password but for me it is better than nothing, at whatever the device i will terminate the tunnel on, i want to assign IP pool, then i will permit those (Administation Team with the username and password) who have this Pool just to access the devices on the network (routers, switches, ...).

I hope i have made the subject more clear ....

Thank you again

143
Views
0
Helpful
4
Replies
CreatePlease to create content