PPTP to pix outside, no corp internet access...please read

jasonhumes · ‎03-08-2004

Hi

We've got a pix501 being used as a PPTP gateway for secure wireless users. Basically we've got the pix501 switched around so that the 4 port switch is the outside and the single port is the inside. We've got 4 access-points connected to the outside. Users connect wireless to the pix through pptp and get an address of 192.168.55.x and they are able to reach anything on the PIX inside at 192.168.3.x. The problem is that users cannot get out to the internet through the gateway at 192.168.3.2...which is what I've configured the pixs default gateway as...and my PPTP clients have the "Use Default Gateway on Remote Network" box checked. My "nat (inside) 0 access-list nonat" statement ties to an access-list which says "access-list nonat permit ip 192.168.3.0 255.255.255.0 192.168.55.0 255.255.255.0". Anyone have any ideas why I cant get out. Thanks

steveriggs · ‎03-09-2004

Check the security levels on the PIX intrefaces since you basically reversed their roles and made outside ... inside. By default the PIX won't allow any traffic from a highrer security interface to a lower one with out a translation and access-list

jasonhumes · ‎03-10-2004

Nope...I 'switched' the inside and the outside...ie.

"nameif e0 inside sec100"

"nameif e1 outside sec0"

But I found the cause of my problem...my nat (inside) 0 access-list statement was wrong...the access list should have said from any to the IP pool...once this was configured...everything went fine. THanks for the post though.