PIX 506E PDM 3.0(1) PIX 6.3(3) NAT/PAT (Part 2)

Discussion in 'Cisco' started by Michiel, Aug 22, 2006.

  1. Michiel

    Michiel Guest

    Hello,

    I have finally the Cisco up and running, though i have one problem. I have
    an VPN server behind the PIX. I was able to add a translation rule for TCP
    port 1723, but not for GRE... Anyone an idea how to do so...?

    Sincerely,
    Michiel


    Situation :
    I have as a modem the Zyxel Prestige 660HW wich is used as modem, but it
    will NAT the public ip.

    Zyxel
    WAN : Internet (public ip natted, DMZ is 192.168.168.2)
    LAN : 192.168.168.1 mask 255.255.255.252

    Cisco
    WAN : 192.168.168.2 mask 255.255.255.252
    LAN : 192.168.68.8 mask 255.255.255.0
     
    Michiel, Aug 22, 2006
    #1
    1. Advertising

  2. Michiel

    Chad Mahoney Guest

    Michiel wrote:
    > Hello,
    >
    > I have finally the Cisco up and running, though i have one problem. I have
    > an VPN server behind the PIX. I was able to add a translation rule for TCP
    > port 1723, but not for GRE... Anyone an idea how to do so...?
    >
    > Sincerely,
    > Michiel
    >
    >
    > Situation :
    > I have as a modem the Zyxel Prestige 660HW wich is used as modem, but it
    > will NAT the public ip.
    >
    > Zyxel
    > WAN : Internet (public ip natted, DMZ is 192.168.168.2)
    > LAN : 192.168.168.1 mask 255.255.255.252
    >
    > Cisco
    > WAN : 192.168.168.2 mask 255.255.255.252
    > LAN : 192.168.68.8 mask 255.255.255.0


    You will have to make a one to one NAT translation between the VPN
    server and the external IP

    static(inside,outside) <external IP> <External netmask> <Internal IP>
    <Internal Netmask>

    Then create the ACL

    access list 10 permit GRE any <internal IP> <internal Mask>

    Apply the ACL to interface

    http://www.cisco.com/warp/public/110/pix_pptp.html
     
    Chad Mahoney, Aug 22, 2006
    #2
    1. Advertising

  3. Michiel

    Michiel Guest

    Hello Chad,

    I have done the following, i not added the thing you said, i looked at the
    Cisco link you gave me. And i have added the following rule "fixup protocol
    pptp 1723-1723" that made it working, though i already had added those rules
    to accept incomming traffic.

    Thanks for the link!

    Sincerely,
    Michiel

    "Chad Mahoney" <> wrote in message
    news:...
    >
    > Michiel wrote:
    >> Hello,
    >>
    >> I have finally the Cisco up and running, though i have one problem. I
    >> have
    >> an VPN server behind the PIX. I was able to add a translation rule for
    >> TCP
    >> port 1723, but not for GRE... Anyone an idea how to do so...?
    >>
    >> Sincerely,
    >> Michiel
    >>
    >>
    >> Situation :
    >> I have as a modem the Zyxel Prestige 660HW wich is used as modem, but it
    >> will NAT the public ip.
    >>
    >> Zyxel
    >> WAN : Internet (public ip natted, DMZ is 192.168.168.2)
    >> LAN : 192.168.168.1 mask 255.255.255.252
    >>
    >> Cisco
    >> WAN : 192.168.168.2 mask 255.255.255.252
    >> LAN : 192.168.68.8 mask 255.255.255.0

    >
    > You will have to make a one to one NAT translation between the VPN
    > server and the external IP
    >
    > static(inside,outside) <external IP> <External netmask> <Internal IP>
    > <Internal Netmask>
    >
    > Then create the ACL
    >
    > access list 10 permit GRE any <internal IP> <internal Mask>
    >
    > Apply the ACL to interface
    >
    > http://www.cisco.com/warp/public/110/pix_pptp.html
    >
     
    Michiel, Aug 22, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Michiel
    Replies:
    4
    Views:
    4,666
    Michiel
    Aug 22, 2006
  2. Michiel
    Replies:
    19
    Views:
    1,170
    Michiel
    Aug 24, 2006
  3. Michiel
    Replies:
    0
    Views:
    2,307
    Michiel
    Aug 25, 2006
  4. dgr7
    Replies:
    0
    Views:
    500
  5. kasonne

    PAT and NAT Pix 506E

    kasonne, Dec 2, 2009, in forum: Cisco
    Replies:
    1
    Views:
    647
    kasonne
    Dec 9, 2009
Loading...

Share This Page