Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Pix w/PPTP pass through 1

Status
Not open for further replies.
DKMOORE

DKMOORE

Technical User
Apr 19, 2002
26
US
We have a pix515 that I am trying to setup to allow a couple of users on the inside to establish VPN connections to a MS RAS server on the outside using PPTP.

I have NAT & PAT setup on the PIX -
Currently all inside host are getting NAT/PAT to outside address pool - see following config data

global (outside) 1 xxx.158.224.108-xxx.158.224.109
global (outside) 1 xxx.158.224.110
nat (inside) 1 172.16.10.0 255.255.255.0 0 0

My question is - if I setup a static translation for these clients, do they then get translated again due to the global translation?

Do I have to exclude them from the other nat statement?
If so how?

Any Ideas or info would be greatly appreciated!

Don
 
Sort by date Sort by votes
No, a static translation always overrides a global.

Beware though you might get an issue with PPTP...really not a nice protocol :)
You might need to upgrade to 6.3 for PPTP to work through NAT of any kind.

If you have any kind of filters outbound you should open IP Protocol 47 (GRE) and TCP 1723 outbound.

Jan
 
Upvote 0 Downvote
Upgrade to PIXOS 6.3.x and you can use PPTP through your NAT...you won't need static translations.
 
Upvote 0 Downvote
I would like to know the answer to this question as well, as it is something I am doing too.

How to I enable PPTP through NAT?
 
Upvote 0 Downvote
Never mind I found it. (text below pulled from CCO)


Commands to Add for Version 6.3
The following procedure explains which commands to add for version 6.3.

Enable the fixup protocol pptp 1723 using the following command.

pixfirewall(config)#fixup protocol pptp 1723

You do not need to define a static mapping if the PPTP fixup protocol is enabled; you can use PAT.

pixfirewall(config)#nat (inside) 1 0.0.0.0 0.0.0.0 0 0

pixfirewall(config)#global (outside) 1 interface

 
Upvote 0 Downvote
This is true, but isn't it only one session you can do through PAT ? i think i saw something about that in the rel notes.

 
Upvote 0 Downvote
No. It's one session per host to the same destination. If you start another PPTP session to another server from the same host, it connects just fine.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
700
Sameer258
Sameer258
ChrisFairley
  • Locked
  • Question
Downloads failing through ASA 5520
Replies
1
Views
141
iggsterman
iggsterman
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
151
brownmab53
brownmab53
Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
168
Russtoleum
Russtoleum
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
110
xwray
xwray

Part and Inventory Search

Sponsor

Back
Top