Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

PPTP....letting only access to internal network

Firewall is running NAT...PPTP is set up and doling out internal addresses from the Pool... when I connect to the untrusted interface, I can access internal address fine but I can access nothing else... can I configure the PPTP sesion to route off network requests....back out over the PIX?

Cisco Employee

Re: PPTP....letting only access to internal network

The PIX won't route a packet back out the same interface it came in on, so if you want to access the Internet with a PPTP tunnel established you're out of luck. PPTP is also a point-to-point tunnelling protocol, so there is no concept of split tunnelling in it like there is with IPSec, ALL traffic goes over the tunnel with the tunnel up.

Actually you can do split tunnelling with PPTP, but it's a bit of a pain and takes some manual intervention each time the tunnel is built. Uncheck the "Use

default gateway on remote network" check box in the VPN properties on the

client. Then add a static route onto the client in the form:

> route add mask

where is your PIX internal network, and is the IP address you got out of the pool on the PIX. As I said, each time you bring the tunnel up you'll probably get a different IP address so you have to manually add this route in each time the tunnel comes up, making sure to use the pool address as the gateway to the remote network.

New Member

Re: PPTP....letting only access to internal network

Thanks...this is what I suspected...I think the bestway to set this this up is to use a 3rd party VPN client... I have plenty of SafeNet Licenses... So I'll do it right this time...thanks for your help

CreatePlease to create content