PIX 506E PDM 3.0(1) PIX 6.3(3) NAT/PAT (Part 2)

Discussion in 'Cisco' started by Michiel, Aug 22, 2006.

  1. Michiel

    Michiel Guest

    Hello,

    I have finally the Cisco up and running, though i have one problem. I have
    an VPN server behind the PIX. I was able to add a translation rule for TCP
    port 1723, but not for GRE... Anyone an idea how to do so...?

    Sincerely,
    Michiel


    Situation :
    I have as a modem the Zyxel Prestige 660HW wich is used as modem, but it
    will NAT the public ip.

    Zyxel
    WAN : Internet (public ip natted, DMZ is 192.168.168.2)
    LAN : 192.168.168.1 mask 255.255.255.252

    Cisco
    WAN : 192.168.168.2 mask 255.255.255.252
    LAN : 192.168.68.8 mask 255.255.255.0
     
    Michiel, Aug 22, 2006
    #1
    1. Advertisements

  2. Michiel

    Chad Mahoney Guest

    You will have to make a one to one NAT translation between the VPN
    server and the external IP

    static(inside,outside) <external IP> <External netmask> <Internal IP>
    <Internal Netmask>

    Then create the ACL

    access list 10 permit GRE any <internal IP> <internal Mask>

    Apply the ACL to interface

    http://www.cisco.com/warp/public/110/pix_pptp.html
     
    Chad Mahoney, Aug 22, 2006
    #2
    1. Advertisements

  3. Michiel

    Michiel Guest

    Hello Chad,

    I have done the following, i not added the thing you said, i looked at the
    Cisco link you gave me. And i have added the following rule "fixup protocol
    pptp 1723-1723" that made it working, though i already had added those rules
    to accept incomming traffic.

    Thanks for the link!

    Sincerely,
    Michiel
     
    Michiel, Aug 22, 2006
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.