Hi forum,
we have a setup where a Cisco 4500 connects us to our upstream provider. Some servers, Portmasters and the outside interface of a PIX 506 5.2(6) are sitting on the ethernet connected to the Cisco.
On the inside of the 506 is our office LAN. I have PPTP clients connecting from the outside (using the Portmasters or coming from somewhere else on the 'net). This works fine so far, they can reach the office LAN.
Unfortunately, the PPTP clients (W2K Prof SP2) are unable to connect to everything besides the office LAN due to the default route the PIX sets. The PIX denies outgoing traffic because the traffic would be going out of the same interface it comes in: the outside interface. This is considered a security breach, according to the documentation. The PIX logs a "Packet denied (no xlate) something" message to the syslog.
Is there any way of letting the PPTP clients connect to the office LAN and the rest of the 'net at the same time?
Any clues appreciated...
Thanks,
Martin
we have a setup where a Cisco 4500 connects us to our upstream provider. Some servers, Portmasters and the outside interface of a PIX 506 5.2(6) are sitting on the ethernet connected to the Cisco.
On the inside of the 506 is our office LAN. I have PPTP clients connecting from the outside (using the Portmasters or coming from somewhere else on the 'net). This works fine so far, they can reach the office LAN.
Unfortunately, the PPTP clients (W2K Prof SP2) are unable to connect to everything besides the office LAN due to the default route the PIX sets. The PIX denies outgoing traffic because the traffic would be going out of the same interface it comes in: the outside interface. This is considered a security breach, according to the documentation. The PIX logs a "Packet denied (no xlate) something" message to the syslog.
Is there any way of letting the PPTP clients connect to the office LAN and the rest of the 'net at the same time?
Any clues appreciated...
Thanks,
Martin