Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX VPN Issue

I have a user who needs to VPN out from the internal network of the pix to a site on the internet. I tried settings which do not work. I know I need to allow protocol 50 in, just can'f figure out how to. Any help is appreciated.

Things I have tried:

static (inside,outside) x.x.5.21 x.x.x.104

access-list 101 permit ip host x.x.x.104 host x.x.22.248

access-list 101 permit ip host x.x.22.248 host x.x.5.21

access-list 101 permit esp any any

conduit permit tcp host x.x.x.104 host x.x.22.248

conduit permit udp host x.x.x.104 host x.x.22.248

conduit permit ip host x.x.x.104 host x.x.22.248

conduit permit 50 host x.x.x.104 host x.x.22.248

This does work if I do a access-list 100, but everything else stops working. We are still using conduit commands (PIX OS 6.01).

Thanks

1 REPLY
New Member

Re: PIX VPN Issue

Here is a config that works for me. Update to 6.3.1 or higher and use these statements:

access-list 101 permit gre any any

fixup protocol pptp 1723

Good luck!

MolineK

86
Views
0
Helpful
1
Replies
CreatePlease login to create content