MS VPN out through PIX 506e

Discussion in 'Cisco' started by Terry, Dec 7, 2004.

  1. Terry

    Terry Guest

    What I need to do is be able to VPN out with the PPTP client within WinXP to
    a remote site through our pix 506e, while at the same time allowing VPN
    inbound access into the pix. What all do I need to do to accomplish this?
    Thanks all for any help.
     
    Terry, Dec 7, 2004
    #1
    1. Advertisements

  2. :What I need to do is be able to VPN out with the PPTP client within WinXP to
    :a remote site through our pix 506e, while at the same time allowing VPN
    :inbound access into the pix. What all do I need to do to accomplish this?

    To do that, you need to have a distinct external IP address assigned
    to the WinXP machine at the time it needs to go out. That could be
    because you've assigned a static translation to it, or it could be that
    you have assigned a global with an IP range sufficiently large that
    you are sure there will be at least one available IP address in the range
    when the WinXP machine wants to PPTP. [e.g., you might share 2 global IPs
    between 5 machines if you were confident that your traffic flow was
    such that you would have at most one other of the 5 machines active
    at the time the PPTP tunnel was needed.]

    If you are trying to do this on a PIX that has only a single public IP
    [the outside IP of the PIX itself] then if I recall correctly,
    you are out of luck.
     
    Walter Roberson, Dec 7, 2004
    #2
    1. Advertisements

  3. Terry

    PES Guest

    This actually depends on the PixOS. To do this efficiently you really
    need 6.3.x (should use 6.3.4). Look at the article at
    http://www.cisco.com/warp/public/110/pix_pptp.html#ver62 The note about
    the new fixup pptp should get you going even if you have a single ip
    address.
     
    PES, Dec 8, 2004
    #3
  4. Terry

    Terry Guest

    Thanks all for the help, the fixup protocol pptp 1723 command worked!!
     
    Terry, Dec 8, 2004
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.