Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > PIX 506E PDM 3.0(1) PIX 6.3(3) NAT/PAT (Part 2)

Reply
Thread Tools

PIX 506E PDM 3.0(1) PIX 6.3(3) NAT/PAT (Part 2)

 
 
Michiel
Guest
Posts: n/a
 
      08-22-2006
Hello,

I have finally the Cisco up and running, though i have one problem. I have
an VPN server behind the PIX. I was able to add a translation rule for TCP
port 1723, but not for GRE... Anyone an idea how to do so...?

Sincerely,
Michiel


Situation :
I have as a modem the Zyxel Prestige 660HW wich is used as modem, but it
will NAT the public ip.

Zyxel
WAN : Internet (public ip natted, DMZ is 192.168.168.2)
LAN : 192.168.168.1 mask 255.255.255.252

Cisco
WAN : 192.168.168.2 mask 255.255.255.252
LAN : 192.168.68.8 mask 255.255.255.0


 
Reply With Quote
 
 
 
 
Chad Mahoney
Guest
Posts: n/a
 
      08-22-2006

Michiel wrote:
> Hello,
>
> I have finally the Cisco up and running, though i have one problem. I have
> an VPN server behind the PIX. I was able to add a translation rule for TCP
> port 1723, but not for GRE... Anyone an idea how to do so...?
>
> Sincerely,
> Michiel
>
>
> Situation :
> I have as a modem the Zyxel Prestige 660HW wich is used as modem, but it
> will NAT the public ip.
>
> Zyxel
> WAN : Internet (public ip natted, DMZ is 192.168.168.2)
> LAN : 192.168.168.1 mask 255.255.255.252
>
> Cisco
> WAN : 192.168.168.2 mask 255.255.255.252
> LAN : 192.168.68.8 mask 255.255.255.0


You will have to make a one to one NAT translation between the VPN
server and the external IP

static(inside,outside) <external IP> <External netmask> <Internal IP>
<Internal Netmask>

Then create the ACL

access list 10 permit GRE any <internal IP> <internal Mask>

Apply the ACL to interface

http://www.cisco.com/warp/public/110/pix_pptp.html

 
Reply With Quote
 
 
 
 
Michiel
Guest
Posts: n/a
 
      08-22-2006
Hello Chad,

I have done the following, i not added the thing you said, i looked at the
Cisco link you gave me. And i have added the following rule "fixup protocol
pptp 1723-1723" that made it working, though i already had added those rules
to accept incomming traffic.

Thanks for the link!

Sincerely,
Michiel

"Chad Mahoney" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
>
> Michiel wrote:
>> Hello,
>>
>> I have finally the Cisco up and running, though i have one problem. I
>> have
>> an VPN server behind the PIX. I was able to add a translation rule for
>> TCP
>> port 1723, but not for GRE... Anyone an idea how to do so...?
>>
>> Sincerely,
>> Michiel
>>
>>
>> Situation :
>> I have as a modem the Zyxel Prestige 660HW wich is used as modem, but it
>> will NAT the public ip.
>>
>> Zyxel
>> WAN : Internet (public ip natted, DMZ is 192.168.168.2)
>> LAN : 192.168.168.1 mask 255.255.255.252
>>
>> Cisco
>> WAN : 192.168.168.2 mask 255.255.255.252
>> LAN : 192.168.68.8 mask 255.255.255.0

>
> You will have to make a one to one NAT translation between the VPN
> server and the external IP
>
> static(inside,outside) <external IP> <External netmask> <Internal IP>
> <Internal Netmask>
>
> Then create the ACL
>
> access list 10 permit GRE any <internal IP> <internal Mask>
>
> Apply the ACL to interface
>
> http://www.cisco.com/warp/public/110/pix_pptp.html
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
PIX 506E PDM 3.0(1) PIX 6.3(3) NAT/PAT (Part 4) Michiel Cisco 0 08-25-2006 01:17 AM
PIX 506E PDM 3.0(1) PIX 6.3(3) NAT/PAT (Part 3) Michiel Cisco 19 08-24-2006 08:55 PM
PIX 506E PDM 3.0(1) PIX 6.3(3) NAT/PAT Michiel Cisco 4 08-22-2006 12:26 PM
Upgrading Firewall Version and PDM on PIX 506E (newbie user) jaisol Cisco 1 05-05-2005 02:33 AM
PIX 506e - Can't start PDM after change old version Ms ping Cisco 1 07-08-2003 04:04 PM



Advertisments