Hi
I have just installed a PIX 515E (software version 6.2). It has 2 interfaces, eth0 (external) and eth1 (internal), which is nated. The config works fine but i'm having problems with some clients who need to connect out to a VPN on a ras server. The clients are running win2k and connecting using a basic PPTP VPN.
How do i setup the PIX to allow these clients to connect OUT to the RAS server? at present the client gets error 721 while trying to authenticate.
Here is a copy of my config:
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
access-list 102 permit icmp any any
access-list 102 permit tcp any host 213.x.x.174 eq smtp
access-list 102 permit tcp any host 213.x.x.174 eq www
access-list 102 permit tcp any host 213.x.x.174 eq 3389
access-list 102 permit tcp any host 213.x.x.174 eq 1723
access-list 102 permit gre any host 213.x.x.174
interface ethernet0 auto
interface ethernet1 auto
mtu outside 1500
mtu inside 1500
ip address outside 213.x.x.173 255.x.x.x
ip address inside 10.3.0.1 255.255.0.0
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 213.x.x.174 10.3.1.1 netmask 255.255.255.255 0 0
access-group 102 in interface outside
route outside 0.0.0.0 0.0.0.0 213.x.x.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 10.3.1.1 255.255.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
ssh timeout 5
terminal width 80
Thanks all
I have just installed a PIX 515E (software version 6.2). It has 2 interfaces, eth0 (external) and eth1 (internal), which is nated. The config works fine but i'm having problems with some clients who need to connect out to a VPN on a ras server. The clients are running win2k and connecting using a basic PPTP VPN.
How do i setup the PIX to allow these clients to connect OUT to the RAS server? at present the client gets error 721 while trying to authenticate.
Here is a copy of my config:
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
access-list 102 permit icmp any any
access-list 102 permit tcp any host 213.x.x.174 eq smtp
access-list 102 permit tcp any host 213.x.x.174 eq www
access-list 102 permit tcp any host 213.x.x.174 eq 3389
access-list 102 permit tcp any host 213.x.x.174 eq 1723
access-list 102 permit gre any host 213.x.x.174
interface ethernet0 auto
interface ethernet1 auto
mtu outside 1500
mtu inside 1500
ip address outside 213.x.x.173 255.x.x.x
ip address inside 10.3.0.1 255.255.0.0
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 213.x.x.174 10.3.1.1 netmask 255.255.255.255 0 0
access-group 102 in interface outside
route outside 0.0.0.0 0.0.0.0 213.x.x.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 10.3.1.1 255.255.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
ssh timeout 5
terminal width 80
Thanks all