|
|
 FAQ
 Search
 Memberlist
 Usergroups
 Register
 Profile
 Private messages
 Log in
|
|
| Author |
Message |
rhalljr
Guest
|
 Posted: Mon Feb 11, 2008 9:03 pm Post subject: Issue with Cisco Pix 501, and MS VPN connecting to Cisco 300 |
 |
|
We are setting up a temporary satellite office about 15 minutes away,
and we are running into a minor problem with the client connectivity
from that office.
Ill explain the hardware real quick. In our main office, we have a PIX
506e Firewall, with the 3005 Concentrator behind it for VPN. We are
using the MS client via PPTP to connect for VPN.
In the satellite office, we simply have a Pix 501, with 6-8 client
desktops behind it. We will need all of them to be able to connect to
the Cisco VPN using the MS Windows VPN connection.
Is there something i need to do to make this happen? Right now it
appears that one 1 of them at a time can connect.
Thanks in advance.... I am not a cisco certified guy yet, but i plan on
working towards it someday soon.
Rodney |
|
| Back to top |
|
 |
|
|
Yandy Ramirez
Guest
|
| Posted: Mon Feb 11, 2008 9:26 pm Post subject: Re: Issue with Cisco Pix 501, and MS VPN connecting to Cisco |
|
|
Yes for windows PPTP clients you need to inspect PPTP at the PIX level.
We ran into an issue like that.
Versions <= 6.3
Fixup protocol pptp 1723
Also allow GRE on your access lists.
Version >= 7.0
pixfirewall(config)#policy-map global_policy
pixfirewall(config-pmap)#class inspection_default
pixfirewall(config-pmap-c)#inspect pptp
Hope that helps.
You may also need to allow GRE through.
On 2/11/08 10:03 AM, in article 47b063be$0$8649$4c368faf@roadrunner.com,
"rhalljr" <spam2005account@yahoo.com> wrote:
| Quote: | We are setting up a temporary satellite office about 15 minutes away,
and we are running into a minor problem with the client connectivity
from that office.
Ill explain the hardware real quick. In our main office, we have a PIX
506e Firewall, with the 3005 Concentrator behind it for VPN. We are
using the MS client via PPTP to connect for VPN.
In the satellite office, we simply have a Pix 501, with 6-8 client
desktops behind it. We will need all of them to be able to connect to
the Cisco VPN using the MS Windows VPN connection.
Is there something i need to do to make this happen? Right now it
appears that one 1 of them at a time can connect.
Thanks in advance.... I am not a cisco certified guy yet, but i plan on
working towards it someday soon.
Rodney |
|
|
| Back to top |
|
|
rhalljr
Guest
|
| Posted: Mon Feb 11, 2008 9:48 pm Post subject: Re: Issue with Cisco Pix 501, and MS VPN connecting to Cisco |
|
|
Yandy Ramirez wrote:
| Quote: | Yes for windows PPTP clients you need to inspect PPTP at the PIX level.
We ran into an issue like that.
Versions <= 6.3
Fixup protocol pptp 1723
Also allow GRE on your access lists.
Version >= 7.0
pixfirewall(config)#policy-map global_policy
pixfirewall(config-pmap)#class inspection_default
pixfirewall(config-pmap-c)#inspect pptp
Hope that helps.
You may also need to allow GRE through.
On 2/11/08 10:03 AM, in article 47b063be$0$8649$4c368faf@roadrunner.com,
"rhalljr" <spam2005account@yahoo.com> wrote:
We are setting up a temporary satellite office about 15 minutes away,
and we are running into a minor problem with the client connectivity
from that office.
Ill explain the hardware real quick. In our main office, we have a PIX
506e Firewall, with the 3005 Concentrator behind it for VPN. We are
using the MS client via PPTP to connect for VPN.
In the satellite office, we simply have a Pix 501, with 6-8 client
desktops behind it. We will need all of them to be able to connect to
the Cisco VPN using the MS Windows VPN connection.
Is there something i need to do to make this happen? Right now it
appears that one 1 of them at a time can connect.
Thanks in advance.... I am not a cisco certified guy yet, but i plan on
working towards it someday soon.
Rodney
thanks, will be going down there and trying it today!! |
I will let you know |
|
| Back to top |
|
|
rodney
Guest
|
| Posted: Wed Feb 13, 2008 12:54 am Post subject: Re: Issue with Cisco Pix 501, and MS VPN connecting to Cisco |
|
|
Sorry, i should have informed you that we are at version 6.3(5) for the
pix 501.
I already these entries in place.
Is there something else i should be looking for?
Yandy Ramirez wrote:
| Quote: | Yes for windows PPTP clients you need to inspect PPTP at the PIX level.
We ran into an issue like that.
Versions <= 6.3
Fixup protocol pptp 1723
Also allow GRE on your access lists.
Version >= 7.0
pixfirewall(config)#policy-map global_policy
pixfirewall(config-pmap)#class inspection_default
pixfirewall(config-pmap-c)#inspect pptp
Hope that helps.
You may also need to allow GRE through.
On 2/11/08 10:03 AM, in article 47b063be$0$8649$4c368faf@roadrunner.com,
"rhalljr" <spam2005account@yahoo.com> wrote:
We are setting up a temporary satellite office about 15 minutes away,
and we are running into a minor problem with the client connectivity
from that office.
Ill explain the hardware real quick. In our main office, we have a PIX
506e Firewall, with the 3005 Concentrator behind it for VPN. We are
using the MS client via PPTP to connect for VPN.
In the satellite office, we simply have a Pix 501, with 6-8 client
desktops behind it. We will need all of them to be able to connect to
the Cisco VPN using the MS Windows VPN connection.
Is there something i need to do to make this happen? Right now it
appears that one 1 of them at a time can connect.
Thanks in advance.... I am not a cisco certified guy yet, but i plan on
working towards it someday soon.
Rodney
|
|
|
| Back to top |
|
|
|
|
