1. Home
  2. Cisco Systems
  3. Cisco PIX behind NAT

Cisco PIX behind NAT

Hi,

I have a Cisco PIX and a Aztech DSL router. Cisco PIX outside interface is currently receiving IP information through DHCP. I need PPTP clients(XP) to connect to the PIX VPN Server.

I tried to port forward 1723. The client can connects to the PIX VPN Server, but time out after verifying username and password. Tried connecting PPTP clients from inside interface, no problem though.

What do I need to NAT except for port 1723? Do I need to create any static routes?

I tried to use PPPoE on outside interface instead of DHCP, but got error "Cannot enable pppoe on the same interface as vpdn"

I am using web console to configure this PIX 501.

Please help.

Reply to
ping
Loading thread data ...

GRE is required, too. Your router must forward those packets.

Remove your router, drop vpdn and use the Cisco VPN client for direct IPSec.

Reply to
Lutz Donnerhacke

PPTP will fail when using NAT and hang at the point that you mention unless the Aztech router has an option to specifically support PPTP NAT Traversal.

I assume that your DSL is PPPoA and that is why you have the router in place?

Regards,

Martin

Reply to
Martin Kayes

Did you add udp or tcp port 1723 ? Additionally you must also forward PROTOCOL number 47, which is GRE Also look for any PPTP Pass-through option on your router

vh Martin Bilgrav

Reply to
Martin Bilgrav

Will try Cisco VPN Client. I do not think the Aztech DSL modem router support GRE/PPTP passthrough. The configuration of the modem router is very limited. I don't see anything regarding protocol number 47 as well. Nop, the connection is on PPPoE using Aztech modem. I tried to set Aztech as bridge and use PIX to run PPPoE but it failed, as I mention in the first thread. It seems PIX does not accept PPTP/L2TP endpoint to be at PPPoE connection.

Reply to
ping

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.