PPTP and PAT on PIX 506E

[JGWohlford]

Is there any way to use PAT on a single public static IP and still allow incoming PPTP to an NT VPN server behind the PIX 506E? Client's scenario:

NT VPN Server 10.0.0.1 Private LAN 10.0.0.128-10.0.0.255
\ /
Cisco PIX 506E inside interface 10.0.0.254
|
Cisco PIX 506E outside interface xxx.xxx.xxx.53
|
Static IP xxx.xxx.xxx.53 (DSL Modem)
|
ISP Default Gateway xxx.xxx.xxx.1

I can get PAT to work or the PPTP to work but not both. I am using the following to implement PPTP:

static (inside,outside) xxx.xxx.xxx.53 10.0.0.1 netmask 255.255.255.255 0 0
access-list pptp-list permit tcp any host xxx.xxx.xxx.53 eq 1723
access-list pptp-list permit gre any host xxx.xxx.xxx.53
access-group pptp-list in interface outside

Thanks!

 

[yizhar]

HI.

No you can not do it, but an alternate option is to use the pix itself as a PPTP server.

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar

 

[JGWohlford]

Thanks! We discussed your suggestion, but have decided to order additional addresses to configure the firewall to restrict vpn traffic to one destination on my clients network.