Use Microsoft VPN Client OUTBOUND through PIX 501

Discussion in 'Cisco' started by James B. Wood, May 12, 2006.

  1. Group,

    I'm trying to solve a problem for a friend.

    She has a PIX 501 and needs to connect to a Windows VPN out on the 'net (so
    we're using the Microsft VPN Client). We can start the process - the VPN
    requests authenication - but it times out after entering the username /
    password. I can access the VPN in question from another site or if I
    disable the PIX. What do I need to do to allow the connection to proceed?
    Examples would be useful.

    Many Thanks,

    jbw
     
    James B. Wood, May 12, 2006
    #1
    1. Advertising

  2. James B. Wood

    Brian V Guest

    "James B. Wood" <> wrote in message
    news:pE79g.2117$...
    > Group,
    >
    > I'm trying to solve a problem for a friend.
    >
    > She has a PIX 501 and needs to connect to a Windows VPN out on the 'net
    > (so we're using the Microsft VPN Client). We can start the process - the
    > VPN requests authenication - but it times out after entering the username
    > / password. I can access the VPN in question from another site or if I
    > disable the PIX. What do I need to do to allow the connection to proceed?
    > Examples would be useful.
    >
    > Many Thanks,
    >
    > jbw


    fixup protocol pptp 1723
     
    Brian V, May 13, 2006
    #2
    1. Advertising

  3. James B. Wood

    Gary Guest

    Brian V wrote:

    >fixup protocol pptp 1723


    If he's having problems with PPTP, then he'll probably want to turn off
    the fixup for that protocol. James: is your friend using PPTP or L2TP for
    his Microsoft VPN client?

    -Gary
     
    Gary, May 15, 2006
    #3
  4. PPTP.

    Currently there is no fixup for PPTP.

    jbw

    "Gary" <> wrote in message
    news:...
    >
    > Brian V wrote:
    >
    >>fixup protocol pptp 1723

    >
    > If he's having problems with PPTP, then he'll probably want to turn off
    > the fixup for that protocol. James: is your friend using PPTP or L2TP for
    > his Microsoft VPN client?
    >
    > -Gary
     
    James B. Wood, May 15, 2006
    #4
  5. James B. Wood

    Gary Guest

    What rev of PIX OS are you using? Also, are you running the PPTP server on
    the PIX 501? I'm wondering if it's intercepting the return traffic
    for some reason... You might want to turn on debugging to get some
    more detail of what's happening. I don't know if 'debug vpdn packets' will
    give you passthrough VPN debugging or not. You could install ethereal and
    see how it looks when you connect successfully w/o the PIX in the way then
    compare it to the failure...

    -Gary
     
    Gary, May 16, 2006
    #5
  6. James B. Wood

    plastikman

    Joined:
    May 30, 2006
    Messages:
    1
    L2TP outbound

    Hi there,
    I’was looking for a solution about PPTP and I found your topic,
    Thanks for this, it was helpful.
    I’m now trying a solution to allow outbound traffic for L2TP, but no success.. any idea?
    Thanks in advance,
    (PIX-501-BUN-K9 IOS 6.3)


    P.S. James B. Wood : did you try to enter the fixup commande through CLI ?
     
    plastikman, May 30, 2006
    #6
  7. James B. Wood

    PlainusDonuticus

    Joined:
    Jun 8, 2006
    Messages:
    1
    Try this

    static (inside,outside) <your public IP> <internal IP of computer tyring to connect> netmask 255.255.255.255 0 0
    access-list acl-out permit gre host <IP address of VPN server> host <your public IP>
    access-group acl-out in interface outside

    This will work but it knocks out all the other computers on the network for me. So I basically solved one problem and hit another.

    I got this information from cisco's website:
    http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094a5a.shtml
     
    PlainusDonuticus, Jun 8, 2006
    #7
  8. James B. Wood

    keshav

    Joined:
    Jun 6, 2006
    Messages:
    15
    In previous releases of pix , it was mandatory to use static nat for the clients to connect to pptp server.

    However in 6.3 it has been resolved by using fixup protocol pptp port_no. So if you are using 6.3 or above , you can access pptp whether the client is PATted or Static natted or Dynamic natted.
     
    keshav, Jun 25, 2006
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Heywood

    VPN client through PIX 501?

    Heywood, Nov 3, 2004, in forum: Cisco
    Replies:
    4
    Views:
    6,458
  2. gencode

    Outbound VPN through a Pix 501

    gencode, May 2, 2005, in forum: Cisco
    Replies:
    1
    Views:
    651
    Walter Roberson
    May 2, 2005
  3. xman
    Replies:
    4
    Views:
    4,708
    Walter Roberson
    May 16, 2005
  4. Nick
    Replies:
    2
    Views:
    2,425
  5. Replies:
    2
    Views:
    768
    Walter Roberson
    Mar 3, 2007
Loading...

Share This Page