GRE, hide nat on PIX

Hi, Good Day,

Behind a PIX 501, I have a LAN hide nated to the external Interface of the PIX. This works ok for tcp/ip traffic like http, ftp etc.

Behind, I have a host 10.10.10.10 that needs to get to an external Internet located provided using PPTP.

It does not work. Sniffing, I see tcp ports being used. The client gets to the point he has the login/password windows box to fill. Once done, sniffing, I see ip-proto-47 (aka, GRE).

What to add to the PIX for the client being hide-nated to use a PPTP server (not managed by us at all)???

I do not have anyhting like spare IP to static nat the client to an internet IP.

PIX version : 6.3.4

Thanks,

Jean-Michel

Reply to
Jean-Michel Dewaal
Loading thread data ...

In article , Jean-Michel Dewaal wrote: :Behind a PIX 501, I have a LAN hide nated to the external Interface of :the PIX. This works ok for tcp/ip traffic like http, ftp etc.

:Behind, I have a host 10.10.10.10 that needs to get to an external :Internet located provided using PPTP.

:What to add to the PIX for the client being hide-nated to use a PPTP :server (not managed by us at all)???

fixup protocol pptp 1723

formatting link
The PPTP fixup must be enabled for PPTP traffic to be translated by PAT. Additionally, PAT is only performed for a modified version of GRE (RFC2637) and only if it is negotiated over the PPTP TCP control channel. PAT is not performed for the unmodified version of GRE (RFC 1701 and RFC 1702).

Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.