• Advertisement

PPTP VPN and PPPOE CLIENT ON PIX 501

IPsec, L2TP, Split tunneling, PPTP and all other VPN related posts.

PPTP VPN and PPPOE CLIENT ON PIX 501

Postby Guest » Sun Jul 18, 2010 11:23 am

Hi,

 

Can I create a PPTP VPN and a client connection on a PIX 501 with a PPPOE client connection to my ISP. The PPPOE ip is dynamic and the VPN will have a static IP. They gave me a username and password for the VPN and PPPOE. The also gave me a ip for the VPN server.

 

What needs to happen is that the PPPOE must connect for the VPN to work.

 

I can only get the PPPOE up, but dont know how to do this with a PPTP VPN together.

 

Here is my config:

PIX Version 6.33
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password xxxxxxxx encrypted
passwd xxxxxxx encrypted
hostname neveroff
domain-name neveroff.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list incoming permit icmp any any echo-reply
access-list incoming permit icmp any any source-quench
access-list incoming permit icmp any any unreachable
access-list incoming permit icmp any any time-exceeded
pager lines 24
icmp permit any echo outside
icmp permit any unreachable outside
icmp permit any time-exceeded outside
icmp permit any source-quench outside
icmp permit any echo-reply outside
icmp permit any information-reply outside
icmp permit any mask-reply outside
icmp permit any timestamp-reply outside
mtu outside 1500
mtu inside 1500
ip address outside pppoe setroute
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 192.168.1.0 255.255.255.0 0 0
static (inside,outside) tcp interface smtp 192.168.1.201 smtp netmask 255.255.255.255 0 0
access-group incoming in interface outside
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 5
console timeout 0
vpdn group pppoex request dialout pppoe
vpdn group pppoex localname xxxxxxxxx
vpdn group pppoex ppp authentication chap
vpdn username xxxxxxxx password xxxxxxxx
dhcpd address 192.168.1.10-192.168.1.41 inside
dhcpd dns 192.168.1.1 168.210.2.2
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
dhcpd enable inside
username neveroff password TEnlGTQMwqamBzMn encrypted privilege 2
terminal width 80
Cryptochecksum:c5bfafa70f21ed55cc1b3df377e110bf
: end

Thank you

Etienne

Guest
 

Advertisement

Re:PPTP VPN and PPPOE CLIENT ON PIX 501

Postby Guest » Sun Jul 18, 2010 11:40 am

PIX firewall can not act as a PPTP client, only PC/laptop can act as a PPTP client.

I don quite understand what you mean by VPN will have static IP? Are you trying to connect to your ISP via PPTP? or you would like to connect to your PIX remotely via PPTP? PIX firewall can be configured as PPTP server, but not as PPTP client.

Guest
 

Re:PPTP VPN and PPPOE CLIENT ON PIX 501

Postby Guest » Sun Jul 18, 2010 12:11 pm

Hi,

 

Cool, this answerd my question. Now I know that a PIX can only be a PPTP server.

 

See for me to use the static IP, that I will get from the PPTP connection to the ISP I have to create it on my Server. I will allow port 1723 to passthrought the PIX then to the server.

 

Thank you for the info.

 

Etienne

Guest
 

Re:PPTP VPN and PPPOE CLIENT ON PIX 501

Postby Guest » Sun Jul 18, 2010 12:22 pm

OK, that makes sense. But I don know how the ISP will assign static ip address for your PPTP server, how would the routing work? How would they route the static IP address, and how would you connect that to the ISP?

 

In any case, if you are going to passthrough PPTP traffic via the PIX, you would need to configure the following:

1) Static port address redirection for TCP/1723

2) "fixup protocol pptp 1723" to allow the PIX to automatically create GRE tunnel after the PPTP control connection.

3) ACL on the outside interface to allow TCP/1723 through.

 

Please check out the command reference for "fixup protocol pptp 1723":

http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/df.html#wp1067379

 

Hope that helps.

Guest
 

Re:PPTP VPN and PPPOE CLIENT ON PIX 501

Postby Guest » Sun Jul 18, 2010 1:22 pm

Thank you.

 

I am going to cancel with the ISP and move to someone els. They have sold the wrong solution, will not catch me out again.

 

Thank you for the help.

 

Etienne

Guest
 



  • Advertisement


Similar topics


Return to Virtual Private Networks

Who is online

Users browsing this forum: No registered users and 2 guests