After installing a Cisco Pix 501 on an ADSL connection I had great problems getting NAT to work so I could allow incoming connections to certain servers inside the network.
I was using PDM to configure the firewall and this appears to be the problem. Eventually after some research I managed to configure NAT using the command line interface.
static (inside,outside) tcp interface 25 192.168.10.2 25 netmask 255.255.255.255 0 0
access-list outside_in permit tcp any interface outside eq 25
access-group outside_in in interface outside
PDM does not appear to add the last line (or at least I can't find a way of doing it) and you end up with SYN errors in the firewall log.
Once its configured you can use PDM to add more rules as you wish and the access group outside_in is preserved. You need to configure the translation rule first and then the access rule. Easiest was is to copy and past the rules created above using PDM.
If you wish to restrict the outside access to certain servers simply replace 'any' with the ip address and subnet mask.
Wednesday 16 July 2008
Monday 14 July 2008
Configure PPTP VPN through Cisco Pix 501 Firewall
I recently added a Pix 501 to my ADSL connection and all my outbound PPTP VPN connections from my Windows XP PC stopped working.
I eventually worked out how to re-enable them.
On the Pix 501 just enable PPTP fixup on port 1723.
All works!
I eventually worked out how to re-enable them.
On the Pix 501 just enable PPTP fixup on port 1723.
All works!
Subscribe to:
Posts (Atom)