Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
363
Views
0
Helpful
4
Replies

PIX VPDN

mrcomm2000
Level 1
Level 1

‎04-09-2003 06:03 AM - edited ‎02-20-2020 10:40 PM

Is it possible to terminate a PPTP on a PIX and then assigned an IP from a pool configured on the PIX then be able to access the outside again through this IP, how can the routing of this scenario be configured on the PIX???

I know i am asking for something look strange as all people want to access a VPN internally from outside, this time i want to access outside although i am connecting from outside ...

0 Helpful
4 Replies 4

gfullage
Cisco Employee
Cisco Employee

‎04-09-2003 08:53 PM

You can't do this on a PIX since it won't route a packet back out the same interface it came in on. If you were terminating the PPTP connection on a router then this would work, but not a PIX, sorry.

0 Helpful

mrcomm2000
Level 1
Level 1
In response to gfullage

‎04-10-2003 01:04 AM

I'd like to thank you for your reply, i was afraid that i would fail to explain my problem.

Thnaks again

0 Helpful

yizhar
Level 1
Level 1

‎04-12-2003 12:44 PM

HI.

The pix will not forward packets to the same interface they came from, so it won't work.

Depending on your needs, there are several ways to workaround this, here are some:

* If you switch to using Cisco IPSec VPN client, you can use the "split-tunnel" feature, and let VPN clients access the web directly (not via the pix) while accessing internal hosts via the VPN tunnel.

This is less secure (because a hacker might be accessing the remote client while it is connected) but it is more convinient to the users.

* If you establish a Proxy or Terminal server in the internal network, the remote VPN client can use it.

* If you terminate the VPN tunnel on another device (for example MS RRAS server), the VPN client will be able to go out via the pix.

Yizhar

0 Helpful

mrcomm2000
Level 1
Level 1
In response to yizhar

‎04-13-2003 12:45 AM

Thank you very much for your care, i just want to tell you in more details my plan, i just want to make a VPN from home (Dial-Up) to make use of the VPN supported by MS i know it is just protected by the username and password but for me it is better than nothing, at whatever the device i will terminate the tunnel on, i want to assign IP pool, then i will permit those (Administation Team with the username and password) who have this Pool just to access the devices on the network (routers, switches, ...).

I hope i have made the subject more clear ....

Thank you again

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card