DISQUS

Tech-Recipes: PPTP (Point-to-Point Tunneling Protocol) through PIX Firewall | Cisco firewall | Tech-Recipes

  • Fluffy · 5 years ago
    ok I'm a newbie when it comes to setting up this pix. When I add that static statement and the other access-list commands I can get into the network via vpn just fine, but all the computers on the inside network lose internet access. I took out the access-list and still had the same problem so I'm pretty sure it's caused by that static entry. Can anyone tell me what I'm doing wrong?
  • Anonymous · 5 years ago
    I've got a same problem... If I delete the static rule, all other computers have an Internet access otherwise not :? :cry:
  • Anonymous · 5 years ago
    Try adding "fixup protocol pptp 1723" instead of all of the changes above.
  • ko · 5 years ago
    you need to check your recipe! you should never open port 137,138,139 to any machine from the internet.

    PPTP uses TCP 1723 and GRE (protocol 47)

    ports 137-139 are opening HUGE HOLES in your network security. Especially if it is to a Microsoft server, esentialy you have told people to open their windows shares to the World. NEVER OPEN these ports.

    I don't coment on much but this is bad networking practices at their worst.
  • Anonymous · 4 years ago
    <ul id="quote"><h6>Anonymous wrote:</h6>Try adding "fixup protocol pptp 1723" instead of all of the changes above.</ul>

    This is right on, works like a champ. This only works in PIX version 6.3.3 and up.

    The fixup now takes care of translating the GRE tunnel to a natted internal ip.
  • Anonymous · 2 years ago
    There is a nice solution for Connecting a Cisco PIX to Windows Vista.
    Configure L2TP without certificates to seamlessly migrate from PPTP to L2TP.
    http://support.dmu.edu/VistaandCiscoPIXpptp/ind...