Issue with Cisco Pix 501, and MS VPN connecting to Cisco 3005 VPN? Multiple connections
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
|||||||||||||
|
Posted by rhalljr on February 11, 2008, 10:03 am
Please log in for more thread options and we are running into a minor problem with the client connectivity from that office. Ill explain the hardware real quick. In our main office, we have a PIX 506e Firewall, with the 3005 Concentrator behind it for VPN. We are using the MS client via PPTP to connect for VPN. In the satellite office, we simply have a Pix 501, with 6-8 client desktops behind it. We will need all of them to be able to connect to the Cisco VPN using the MS Windows VPN connection. Is there something i need to do to make this happen? Right now it appears that one 1 of them at a time can connect. Thanks in advance.... I am not a cisco certified guy yet, but i plan on working towards it someday soon. Rodney | |||||||||||||
|
Posted by Yandy Ramirez on February 11, 2008, 10:26 am
Please log in for more thread options We ran into an issue like that. Versions <= 6.3 Fixup protocol pptp 1723 Also allow GRE on your access lists. Version >= 7.0
pixfirewall(config)#policy-map global_policy pixfirewall(config-pmap)#class inspection_default pixfirewall(config-pmap-c)#inspect pptp Hope that helps. You may also need to allow GRE through. On 2/11/08 10:03 AM, in article 47b063be$0$8649$4c368faf@roadrunner.com, > We are setting up a temporary satellite office about 15 minutes away,
> and we are running into a minor problem with the client connectivity > from that office. > > Ill explain the hardware real quick. In our main office, we have a PIX > 506e Firewall, with the 3005 Concentrator behind it for VPN. We are > using the MS client via PPTP to connect for VPN. > > In the satellite office, we simply have a Pix 501, with 6-8 client > desktops behind it. We will need all of them to be able to connect to > the Cisco VPN using the MS Windows VPN connection. > > Is there something i need to do to make this happen? Right now it > appears that one 1 of them at a time can connect. > > Thanks in advance.... I am not a cisco certified guy yet, but i plan on > working towards it someday soon. > > Rodney | |||||||||||||
|
Posted by rhalljr on February 11, 2008, 10:48 am
Please log in for more thread options Yandy Ramirez wrote:
> Yes for windows PPTP clients you need to inspect PPTP at the PIX level.
> We ran into an issue like that. > > Versions <= 6.3 > > Fixup protocol pptp 1723 > > Also allow GRE on your access lists. > > Version >= 7.0 > > pixfirewall(config)#policy-map global_policy > > pixfirewall(config-pmap)#class inspection_default > > pixfirewall(config-pmap-c)#inspect pptp > > > Hope that helps. > > You may also need to allow GRE through. > > > On 2/11/08 10:03 AM, in article 47b063be$0$8649$4c368faf@roadrunner.com, > >> We are setting up a temporary satellite office about 15 minutes away,
>> and we are running into a minor problem with the client connectivity >> from that office. >> >> Ill explain the hardware real quick. In our main office, we have a PIX >> 506e Firewall, with the 3005 Concentrator behind it for VPN. We are >> using the MS client via PPTP to connect for VPN. >> >> In the satellite office, we simply have a Pix 501, with 6-8 client >> desktops behind it. We will need all of them to be able to connect to >> the Cisco VPN using the MS Windows VPN connection. >> >> Is there something i need to do to make this happen? Right now it >> appears that one 1 of them at a time can connect. >> >> Thanks in advance.... I am not a cisco certified guy yet, but i plan on >> working towards it someday soon. >> >> Rodney >
thanks, will be going down there and trying it today!!
I will let you know | |||||||||||||
|
Posted by rodney on February 12, 2008, 1:54 pm
Please log in for more thread options Sorry, i should have informed you that we are at version 6.3(5) for the
pix 501. I already these entries in place. Is there something else i should be looking for? Yandy Ramirez wrote: > Yes for windows PPTP clients you need to inspect PPTP at the PIX level.
> We ran into an issue like that. > > Versions <= 6.3 > > Fixup protocol pptp 1723 > > Also allow GRE on your access lists. > > Version >= 7.0 > > pixfirewall(config)#policy-map global_policy > > pixfirewall(config-pmap)#class inspection_default > > pixfirewall(config-pmap-c)#inspect pptp > > > Hope that helps. > > You may also need to allow GRE through. > > > On 2/11/08 10:03 AM, in article 47b063be$0$8649$4c368faf@roadrunner.com, > >> We are setting up a temporary satellite office about 15 minutes away,
>> and we are running into a minor problem with the client connectivity >> from that office. >> >> Ill explain the hardware real quick. In our main office, we have a PIX >> 506e Firewall, with the 3005 Concentrator behind it for VPN. We are >> using the MS client via PPTP to connect for VPN. >> >> In the satellite office, we simply have a Pix 501, with 6-8 client >> desktops behind it. We will need all of them to be able to connect to >> the Cisco VPN using the MS Windows VPN connection. >> >> Is there something i need to do to make this happen? Right now it >> appears that one 1 of them at a time can connect. >> >> Thanks in advance.... I am not a cisco certified guy yet, but i plan on >> working towards it someday soon. >> >> Rodney >
| |||||||||||||
