03-08-2004 02:36 PM - edited 02-20-2020 11:16 PM
Hi
We've got a pix501 being used as a PPTP gateway for secure wireless users. Basically we've got the pix501 switched around so that the 4 port switch is the outside and the single port is the inside. We've got 4 access-points connected to the outside. Users connect wireless to the pix through pptp and get an address of 192.168.55.x and they are able to reach anything on the PIX inside at 192.168.3.x. The problem is that users cannot get out to the internet through the gateway at 192.168.3.2...which is what I've configured the pixs default gateway as...and my PPTP clients have the "Use Default Gateway on Remote Network" box checked. My "nat (inside) 0 access-list nonat" statement ties to an access-list which says "access-list nonat permit ip 192.168.3.0 255.255.255.0 192.168.55.0 255.255.255.0". Anyone have any ideas why I cant get out. Thanks
03-09-2004 01:09 PM
Check the security levels on the PIX intrefaces since you basically reversed their roles and made outside ... inside. By default the PIX won't allow any traffic from a highrer security interface to a lower one with out a translation and access-list
03-10-2004 05:13 AM
Nope...I 'switched' the inside and the outside...ie.
"nameif e0 inside sec100"
"nameif e1 outside sec0"
But I found the cause of my problem...my nat (inside) 0 access-list statement was wrong...the access list should have said from any to the IP pool...once this was configured...everything went fine. THanks for the post though.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: