Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

vpn and the pix


I am trying to configure the pix for my client. The need vpn access to another company, but I am unable to connect. According to all the docs I found, I had to just add:

fixup protocol pptp 1723

nat (inside) 1 0 0

global (outside) 1 interface

all i want to do is allow a vpn connection to and from the site.

I am running IOS 6.3

Am I missing something??



Re: vpn and the pix

VPN connection from the site? To whom? What protocol? What solution is the other company using - it may not work behind NAT?

New Member

Re: vpn and the pix

How are you trying to establish the VPN connection? Are you doing a LAN-to-LAN VPN? If so, you are definitely missing something.

If you are running some sort of VPN client software on the client machines, you may be having a problem with NAT-Traversal, or NAT-T. Your client must support IPSec over UDP. Microsoft's PPTP client, for example, doesn't support it by default, but an update is available from their website that supports this functionality.

Please provide a little more detail for a better answer.


New Member

Re: vpn and the pix

the pc was preconfigured by the vendor whom we are trying to connect. They did all the configuration. It's a w2k machine using the ms vpn client. I am not doing site to site. There is one pc that needs access to a vpn server at another company. I just want to allow vpn traffic to and from. I have tried to find the update for the pptp client, but can not seem to find it on microsoft's site

New Member

Re: vpn and the pix

Re: vpn and the pix

Hi dear

Which vpn does they use, PPTP,L2TPor IPSec.

Try using this command....

sysopt connection permit-ipsec

sysopt connection permit-pptp



New Member

Re: vpn and the pix


1. Give out access to the internal pc with NAT(not


2. Give the necessaries permissions to both in and

out connections:

- conduit ip host "nat ip address of pc" host "ip

address of the vpn concentrator",

- access-list 1 ip host "internal ip address of

pc" host "ip address of the vpn concentrator"

3. Then, with the command sh conn local "internal ip

address of pc" you can see the upd and tcp port

used and change both conduit and access-list.

The most of time they are: udp 500, 2746 and,

tcp 264, 256.

4. On the client, set up the ip address of the vpn