PIX 515 public IP question

cahelmster · Jan 4, 2006

I have an internal VPN device that needs to access the Internet using a new, available public IP than is already configured in my PIX 515 as a global address. What commands do I need to enter to allow this?

----------------
Thanks!
cahelmster [lookaround]

fdurham · Jan 4, 2006

Cahelmster-

Lets say that the IP address is in the same netblock as your existing PIX firewall.

lets say you have been assigned the netblock of 215.55.200.0/28 That means you have 14 available IP addresses. Lets assume the following...

Internet Router IP: 215.55.200.1
PIX Firewall : 215.55.200.2
VPN Device : 215.55.200.3
VPN Device Inside IP: 192.168.1.1

With that established here is the config to allow users to connect to your VPN device via the Public IP.

fixup protocol pptp 1723

access-list 100 permit tcp any host 215.55.200.3 eq 1723
access-list 100 permit gre any host 215.55.200.3

static (inside,outisde) 215.55.200.3 192.168.1.1 netmask 255.255.255.255

That should allow PPTP traffic in.

Frank

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

PIX 515 public IP question

cahelmster

MIS

fdurham

MIS

Similar threads

Part and Inventory Search

Sponsor