PIX 506E PDM 3.0(1) PIX 6.3(3) NAT/PAT (Part 2)

Discussion started by Michiel, Aug 22, 2006.

  Michiel

    Michiel Guest


    I have finally the Cisco up and running, though i have one problem. I have
    an VPN server behind the PIX. I was able to add a translation rule for TCP
    port 1723, but not for GRE... Anyone an idea how to do so...?


    Situation :
    I have as a modem the Zyxel Prestige 660HW wich is used as modem, but it
    will NAT the public ip.

    WAN : Internet (public ip natted, DMZ is
    LAN : mask

    WAN : mask
    LAN : mask
    Michiel, Aug 22, 2006
  Chad Mahoney

    Chad Mahoney Guest

    You will have to make a one to one NAT translation between the VPN
    server and the external IP

    static(inside,outside) <external IP> <External netmask> <Internal IP>
    <Internal Netmask>

    Then create the ACL

    access list 10 permit GRE any <internal IP> <internal Mask>

    Apply the ACL to interface

    Chad Mahoney, Aug 22, 2006
  Michiel

    Michiel Guest

    Hello Chad,

    I have done the following, i not added the thing you said, i looked at the
    Cisco link you gave me. And i have added the following rule "fixup protocol
    pptp 1723-1723" that made it working, though i already had added those rules
    to accept incomming traffic.

    Thanks for the link!

    Michiel, Aug 22, 2006
