Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

vpn behind a pix


I currently have a pix at location A. It is setup to allow gre and 1723 through on a specific port. I can connect to my vpn server successfully from location B and login and everything is fine. The problem occurs when I am at location C. Location C is behind a pix itself. It gets to the server and timeouts when trying to verfify username and password. Can someone please let me know if there is a setting I need to configure on the pix at location C to allow this?


New Member

Re: vpn behind a pix

I think that you'll need an IP address for teh VPN server that can be reached from outside the PIX, GRE cannot be run through NAT. Believe me, I tried.

Also look at routing on both sides of the PIX.

New Member

Re: vpn behind a pix

Actually, you can allow PPTP traffic through a PIX. Here is the link.

Cisco Employee

Re: vpn behind a pix

The above link is good, but means that you have to have a valid global Internet address for every internal PC behind PIX-C.

v6.3 of PIX code, due out late this month will have support for PPTP with PAT, so if you can upgrade this PIX-C to v6.3 when it becomes available you won't need a static for each internal PC.

New Member

Re: vpn behind a pix

Thanks everyone for youre responses. I figured out that I could give a static to each IP but I was hoping to offer VPN access to my DHCP clients which seems to be impossible. I even tried opening the GRE and 1723 for the global address of the outgoing requests to no avail. I wish there was a way to allow it for all the DHCP clients but I guess i'll hjave to wait for the new version release.

thanks for all the help,


CreatePlease login to create content