Hi all,
Afraid I don't have much information to help solve the problem. I do know
that I've seen sites using PPTP through the PIX, both with and without NAT
configured. In fact, the PIX documentation; Command Reference, 'Conduit
command' has an example specific to PPTP.
Apologies, I'm not sure what the other issues may be with the PPTP
setup. But it does, and can work through the PIX.
Thanks,
Lisa Napier
Product Security Incident Response Team
Cisco Systems
At 09:23 AM 10/15/1999 -0400, Jean Morissette wrote:
>I am posting here because I believe my problem is at the PIX and something
>about NAT!
>
>I was called by a client to troubleshoot this problem:
>
>remote user (DUN/PPTP VPN)----Internet---Cisco router----PIX
>firewall----PPTPserver(NT 4.0 sp4) with VPN.(in a secure network)
>
>If I setup netbios on the VPN client (and PPTP/RAS server), users can
>connect and authenticate and do whatever they can/allowed.
>
>If I use TCP/IP, users can connect but can not authenticate. If I look at
>the client's TCP/IP setting (NT w/s) with ipconfig the NDISWANx (or
>whatever) gives me an IP address with the default gateway equals to its own
>IP address (ras client should get all the config from the RAS server (RAS is
>setup to allow the RAS clients to get config. info from the DHCP server). So
>bottom line is I can not ping inside the secure network. But I can ping the
>public IP address of the PPTP server (So that would be the address before
>the PIX does NAT, right??). So what is going on at the cisco routers or
>PIX. I did not look at the router and PIX config, YET. The client is
>supposed to have experts who manage those things, he called me because in
>the past I always fixed his problems. He confirmed with me that GRE packets
>and tcp port 1723 are allowed/opened.
>
>Any ideas?
>
>Jean
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
