PIX515 - How to allow PPTP and route to private IP? 1

[john11112222]

We wish to allow folks to vpn to wan.wan.wan.165 and have the pix515 route the traffic to 10.1.1.14. How do we do that?
I took a shot (see code below with the arrows), but my shot did not work. Perhaps you can tell I have no idea where to start.

Can someone assist?

pix515# sh ru
: Saved
:
PIX Version 6.3(4)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password xxx encrypted
passwd xxx encrypted
hostname pix515
domain-name itt.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list acl_outside_intf permit tcp any host wan.wan.wan.165 eq www
access-list acl_outside_intf permit tcp any host wan.wan.wan.165 eq https
access-list acl_outside_intf permit tcp any host wan.wan.wan.165 eq pptp <====== Is this right????
access-list acl_outside_intf permit gre any host 10.1.1.14 <====== Is this right?????
pager lines 24
logging timestamp
logging buffered debugging
logging trap debugging
logging host inside 216.102.47.51
mtu outside 1500
mtu inside 1500
ip address outside wan.wan.wan.162 255.255.255.240
ip address inside 10.1.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location 10.0.0.0 255.0.0.0 inside
pdm location 0.0.0.0 0.0.0.0 outside
pdm history enable
arp timeout 14400
global (outside) 1 wan.wan.wan.163
nat (inside) 0 wan.wan.wan.160 255.255.255.240 0 0
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) wan.wan.wan.165 10.1.1.100 netmask 255.255.255.255 0 0
access-group acl_outside_intf in interface outside
route outside 0.0.0.0 0.0.0.0 wan.wan.wan.161 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
isakmp identity address
telnet x.81.245.0 255.255.255.0 outside
telnet x.159.227.0 255.255.255.0 outside
telnet x.102.47.0 255.255.255.0 inside
telnet 10.1.1.0 255.255.255.0 inside
telnet timeout 5
ssh x.81.245.0 255.255.255.0 outside
ssh x.159.227.0 255.255.255.0 outside
ssh 10.1.1.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:xxx
: end
pix515#

 

[john11112222]

Any word on this?

 

[etaketa]

Does the 515 have a PDM inteface? Pix Device Manager Graphical Interface, because i can tell you how to setup vpn that way.

 

[john11112222]

Ouch! I don't think so.
Just command line.

 

[etaketa]

It should have one. just type in

https://insideipaddressofpix

example)

https://192.168.1.1

or whatver yours is set to

make sure to put the (s) as it is a secure connection and will only work that way.

the default is to leave the username blank and the password blank until you change it.

let me know if that works for you, then i can help you more because i dont know command line interface.. even the pix PDM has a thing in it where you can type command lines if you want. please respond

 

[gardnepw]

You need to also add to the config
fixup protocol pptp 1723