Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
VPN from Inside through PIX
- Thread starter banala1
- Start date
you need a static statment for the VPN client computer in the pix
the vpn cannot traverse a PAT configuration
there for you need a special NAT configuration for that host (the ststic statment)
so like
static (inside,outside) PUBLIC_IP PVT_IP netmask 255.255.255.255 0 0
Depending on the VPN software you may need some ACL's to allow the return traffic
hope that helps
the vpn cannot traverse a PAT configuration
there for you need a special NAT configuration for that host (the ststic statment)
so like
static (inside,outside) PUBLIC_IP PVT_IP netmask 255.255.255.255 0 0
Depending on the VPN software you may need some ACL's to allow the return traffic
hope that helps
HI.
In addition to previous answer, you will need either:
A "static" rule for the workstations that initiates VPN, and a rule for inbound GRE or ESP traffic (depending on the type of VPN).
OR:
Upgrade your pix to latest version 6.3x which has limitted (single session as far as I know) support for both ESP or PPTP over PAT:
Cisco PIX Firewall Release Notes Version 6.3
Yizhar Hurwitz
In addition to previous answer, you will need either:
A "static" rule for the workstations that initiates VPN, and a rule for inbound GRE or ESP traffic (depending on the type of VPN).
OR:
Upgrade your pix to latest version 6.3x which has limitted (single session as far as I know) support for both ESP or PPTP over PAT:
Cisco PIX Firewall Release Notes Version 6.3
Yizhar Hurwitz
- Status
Similar threads
- Locked
- Question
- Locked
- Question