03-21-2002 07:21 AM - edited 02-20-2020 10:00 PM
I have had a problem trying to establish an outbound PPTP session from inside our PIX 506. I have had this with version 5.x and 6.1 now. I have tried it using PAT and now with a total NAT setup
I can never do a tunnel through a PIX. I can do this through MS's NAT, 3com, and Linksys Firewalls, but not the PIX. What is the trick to setting this up?
03-23-2002 10:36 PM
Create a NAT static mapping between an available public IP and a private IP (you cannot use PAT wtih Cisco). Then, do an access-list to permit GRE. You do not need one for 1723. Here is an example:
static (inside, outside) 15.1.1.1 192.168.1.1 netmask 255.255.255.255
access-list out permit gre any host 15.1.1.1
access-group in in interface outside
15.1.1.1=outside available public IP
192.168.1.1=inside host that wants to do PPTP
Hope this helps.
Sincerely,
Alex
03-23-2002 11:19 PM
Cisco website has the config example for this. it's under "configuring the PIX filewall and vpn clients using pptp;mppe and ipsec"
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: