Comments on: PPTP (Point-to-Point Tunneling Protocol) through PIX Firewall

By:

Thu, 11 Jan 2007 13:58:12 +0000

There is a nice solution for Connecting a Cisco PIX to Windows Vista.
Configure L2TP without certificates to seamlessly migrate from PPTP to L2TP.
http://support.dmu.edu/VistaandCiscoPIXpptp/index.html

By: Anonymous

Anonymous — Mon, 28 Mar 2005 07:53:40 +0000

Anonymous wrote:

This is right on, works like a champ. This only works in PIX version 6.3.3 and up. The fixup now takes care of translating the GRE tunnel to a natted internal ip.

By: ko

ko — Tue, 07 Dec 2004 14:35:15 +0000

you need to check your recipe! you should never open port 137,138,139 to any machine from the internet.

PPTP uses TCP 1723 and GRE (protocol 47)

ports 137-139 are opening HUGE HOLES in your network security. Especially if it is to a Microsoft server, esentialy you have told people to open their windows shares to the World. NEVER OPEN these ports.

I don’t coment on much but this is bad networking practices at their worst.

By: Anonymous

Anonymous — Tue, 23 Nov 2004 14:21:07 +0000

Try adding “fixup protocol pptp 1723″ instead of all of the changes above.

By: Anonymous

Anonymous — Wed, 25 Aug 2004 01:15:38 +0000

I’ve got a same problem… If I delete the static rule, all other computers have an Internet access otherwise not :? :cry:

By: Fluffy

Fluffy — Wed, 12 May 2004 08:15:16 +0000

ok I’m a newbie when it comes to setting up this pix. When I add that static statement and the other access-list commands I can get into the network via vpn just fine, but all the computers on the inside network lose internet access. I took out the access-list and still had the same problem so I’m pretty sure it’s caused by that static entry. Can anyone tell me what I’m doing wrong?