Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
252
Views
0
Helpful
1
Replies

PIX VPN Issue

haigb
Level 1
Level 1

‎01-22-2004 10:12 AM - edited ‎02-21-2020 01:00 PM

I have a user who needs to VPN out from the internal network of the pix to a site on the internet. I tried settings which do not work. I know I need to allow protocol 50 in, just can'f figure out how to. Any help is appreciated.

Things I have tried:

static (inside,outside) x.x.5.21 x.x.x.104

access-list 101 permit ip host x.x.x.104 host x.x.22.248

access-list 101 permit ip host x.x.22.248 host x.x.5.21

access-list 101 permit esp any any

conduit permit tcp host x.x.x.104 host x.x.22.248

conduit permit udp host x.x.x.104 host x.x.22.248

conduit permit ip host x.x.x.104 host x.x.22.248

conduit permit 50 host x.x.x.104 host x.x.22.248

This does work if I do a access-list 100, but everything else stops working. We are still using conduit commands (PIX OS 6.01).

Thanks

Labels:
0 Helpful
1 Reply 1

molinek
Level 1
Level 1

‎01-22-2004 10:31 AM

Here is a config that works for me. Update to 6.3.1 or higher and use these statements:

access-list 101 permit gre any any

fixup protocol pptp 1723

Good luck!

MolineK

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents