At 09:33 PM 10/29/00 -0800, Jay Hennigan wrote:
>On Sat, 28 Oct 2000, Jim Bond wrote:
>
> > Hello,
> >
> > I'm trying to set up PIX PPTP without NAT but no
> > success. Cisco gives a sample config using NAT
> > http://www.cisco.com/warp/public/110/pptppix.html but
> > I don't understand why they use 192.168.1.0.
> >
> > Here is my topology:
> > 172.16.1.0/24(outside)---PIX---(inside)172.16.2.0/24
> > I create a pool 172.16.1.100-172.16.1.200, but users
> > from outside can't reach internal network.
>
>According to this, it looks like you should have NAT. You have a different
>network outside than inside.
Don't all routers that are routing between networks? ;) The PIX is not
necessarily a NAT box. It performs statefull security for established
connections (translated or not.)
And if you're not doing NAT (using NAT 0) then you don't need statics per
say. If you are trying to allow non-established connections in from the
outside then you would need to use conduits to open those holes.
Heh - I think I have forgotten the original question
>Assuming you really mean no NAT, do you have a "static" statement mapping
>the addresses to themselves?
>
>It's a bit counterintuitive without NAT, but you should have something like
>
>static (inside,outside) 172.16.1.0 172.16.1.0 netmask 255.255.255.0
>
>See the PIX command reference regarding "static".
>
>--
>Jay Hennigan - Network Administration - [EMAIL PROTECTED]
>NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/
>WestNet: Connecting you to the planet. 805 884-6323
>
>_______________________________________________________
>To unsubscribe from the CCIELAB list, send a message to
>[EMAIL PROTECTED] with the body containing:
>unsubscribe ccielab
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
