|
Home > Archive > VPN > December 2005 > PIX 501 VPN RAS
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| POP3.demon.co.uk 2005-12-14, 7:46 am |
| I have recently started to (attempted to) use a PIX 501 firewall on our
network, the consequence being the MS VPN connection does not seem to be
working properly.
Being complete novices when it comes to PIX I need some advice on how to
configure the PIX to pass the VPN traffic to a RAS server.
The network set-up is:
INTERNET <------>Netgear DG814 <------> PIX ------(Intranet)
By intranet, I mean there are three servers connected to the PIX firewall.
(Internet Server, Mail Server and the RAS Server).
Basically, (I think!) I need to know how to route all PPTP traffic to the
RAS server.
If I have it totally wrong, please feel free to ridicule... Also if you are
so kind as to reply, please pitch the answers as if you are explaining to
the local village idiot, so I can understand
Thanks in advance
Tony
PIX version is : 6.3(5)
| |
|
| POP3.demon.co.uk wrote:
> I have recently started to (attempted to) use a PIX 501 firewall on our
> network, the consequence being the MS VPN connection does not seem to be
> working properly.
>
> Being complete novices when it comes to PIX I need some advice on how to
> configure the PIX to pass the VPN traffic to a RAS server.
>
> The network set-up is:
>
> INTERNET <------>Netgear DG814 <------> PIX ------(Intranet)
>
> By intranet, I mean there are three servers connected to the PIX firewall.
> (Internet Server, Mail Server and the RAS Server).
>
> Basically, (I think!) I need to know how to route all PPTP traffic to the
> RAS server.
You need noto route but to do a static NAT from a public IP address to internal servers. I don't know how many IP
addresses you have. If this so you can do a 1:1 static NAT, otherwise you can "forward" only specific ports.
I don't have any link in this moment, but just search for "static NAt cisco PIX".
>
> If I have it totally wrong, please feel free to ridicule... Also if you are
> so kind as to reply, please pitch the answers as if you are explaining to
> the local village idiot, so I can understand
See you here back again
|
|
|
|
|