Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PPTP from inside PIX 506

I have had a problem trying to establish an outbound PPTP session from inside our PIX 506. I have had this with version 5.x and 6.1 now. I have tried it using PAT and now with a total NAT setup

I can never do a tunnel through a PIX. I can do this through MS's NAT, 3com, and Linksys Firewalls, but not the PIX. What is the trick to setting this up?

2 REPLIES
New Member

Re: PPTP from inside PIX 506

Create a NAT static mapping between an available public IP and a private IP (you cannot use PAT wtih Cisco). Then, do an access-list to permit GRE. You do not need one for 1723. Here is an example:

static (inside, outside) 15.1.1.1 192.168.1.1 netmask 255.255.255.255

access-list out permit gre any host 15.1.1.1

access-group in in interface outside

15.1.1.1=outside available public IP

192.168.1.1=inside host that wants to do PPTP

Hope this helps.

Sincerely,

Alex

New Member

Re: PPTP from inside PIX 506

Cisco website has the config example for this. it's under "configuring the PIX filewall and vpn clients using pptp;mppe and ipsec"

116
Views
0
Helpful
2
Replies
CreatePlease to create content