If that's "why PIX sucks", then take heart. It sucks no more, as of Version 6.0. Use port mapping.
----- Original Message ----- From: "David Tran" To: Sent: Wednesday, November 28, 2001 2:19 PM Subject: Re: NAT commands [7:27539] > That's why PIX sucks. Go with Linux or BSD > ----- Original Message ----- > From: "Rizzo, Damian" > To: > Sent: Wednesday, November 28, 2001 4:20 PM > Subject: RE: NAT commands [7:27539] > > > > I do not think this will work. I had the exact same problem as below, > though > > I was using a Cable connection. After talking with Cisco it was determined > > that the problem was attempting to forward GRE traffic. Since GRE is a > > Protocol and not a Port, it is extremeley difficult to route and/or > forward, > > and in the event you are using a PIX firewall, as I found out, it is just > > not possible. I actually had to purchase another IP address from my ISP so > I > > could Static map it and use ACL's to open the GRE protocol. Hope this > helps. > > > > > > -Rizzo > > > > > > > > -----Original Message----- > > From: NKP [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, November 28, 2001 8:50 AM > > To: [EMAIL PROTECTED] > > Subject: NAT commands [7:27539] > > > > > > Hi All > > I have the following scenario . > > I have a Cisco 2600 router which is connected to the ISDN and I have got > a > > fixed Ip address from my ISP which is assigned to the bri interface , it > is > > connecting fine .All the internal addresses are translated on ethernet > > on my ethernet I have a Windows 2K server . > > I want a remote user to connect to my Win2K server , how should I > > configure my router to send the request for authentication to this win2K > > server via VPN as it has a translated IP address . . My remote client is > on > > Win 98 . > > > > My present router configs are given below > > > > thanks in advance , > > > > Navin Parwal > > > > > > > > > > Router# > > Router# > > Router#sh run > > Building configuration... > > > > Current configuration: > > ! > > version 12.0 > > service timestamps debug uptime > > service timestamps log uptime > > no service password-encryption > > ! > > hostname Router > > ! > > ! > > memory-size iomem 10 > > ip subnet-zero > > ! > > ip dhcp pool local > > network 192.168.1.0 255.255.255.0 > > default-router 192.168.1.1 > > dns-server 12.10.194.34 > > ! > > isdn switch-type basic-net3 > > ! > > ! > > ! > > ! > > interface Ethernet0/0 > > ip address 192.168.1.1 255.255.255.0 > > no ip directed-broadcast > > ip nat inside > > no cdp enable > > no mop enabled > > ! > > interface Serial0/0 > > no ip address > > no ip directed-broadcast > > no ip mroute-cache > > shutdown > > no fair-queue > > clockrate 64000 > > ! > > interface BRI0/0 > > ip address 202.157.70.61 255.255.255.0 > > no ip directed-broadcast > > ip nat outside > > encapsulation ppp > > dialer string 226476 > > dialer-group 1 > > isdn switch-type basic-net3 > > no cdp enable > > ppp chap refuse > > ppp pap sent-username jbc password > > hold-queue 75 in > > ! > > ip nat inside source list 10 interface BRI0/0 overload > > ip classless > > ip route 0.0.0.0 0.0.0.0 BRI0/0 > > no ip http server > > ! > > access-list 10 permit any > > dialer-list 1 protocol ip permit > > ! > > ! > > line con 0 > > transport input none > > line aux 0 > > line vty 0 4 > > login > > ! > > no scheduler allocate > > end > > This electronic mail transmission contains confidential information > intended > > only for the person(s) named. Any use, distribution, copying, or > disclosure > > by any other person is strictly prohibited. If you received this > > transmission in error, please notify the sender by replying to e-mail and > > destroy message. Opinions, conclusions, and other information in this > > message that do not relate to the official business of MARAKON ASSOCIATES > > shall be understood to be neither given nor endorsed by the company. When > > addressed to MARAKON clients, any information contained in this e-mail is > > subject to the terms and conditions in the governing client contract. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27599&t=27539 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
