Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

pptp and ipsec to pix

Dear all,

we use pptp-clients for our mobile-users to get access into LAN. vpn-gateway is pix520 version 6.3.3

Now I have to configured a site-to-site vpn over ipsec to allow access to a special server.

There is my problem: I´ve configured access-lists shown below

access-list nonat permit ip

access-list nonat permit ip host host

Well, if I configured now for ipsec

crypto map abc 10 match address nonat

crypto map abc interface outside

the pptp-clients can´t access anymore.

What´s going wrong?




Re: pptp and ipsec to pix

your access list is not correct

access-list nonat permit ip

it should be

access-list nonat permit ip

Can you post your config to check !!!

Community Member

Re: pptp and ipsec to pix

thanks for your answer,indeed there is a mistake in the access-list above, but not in the configuration of the PIX. Sry, my mistake!

In addition in the attachment is the special part of the original confuguration:


Community Member

Re: pptp and ipsec to pix

someone told me that I have to create another acl-id like

access-list 100 permit ip host

crypto map toXYZ 20 match address 100

but I think I can´t do this because I have to use nat 0?

I tried the suggestion but it doesn´t work. Now I haven´t a problem with the pptp-clients but the site-to-site connection can´t create. I think perhaps I use for the whole LAN

nat (inside) 1 0 0

What can I do?

Many thanks

CreatePlease to create content