HomeCisco networkingCisco firewallPPTP (Point-to-Point Tunneling Protocol) through PIX Firewall

PPTP (Point-to-Point Tunneling Protocol) through PIX Firewall

How to pass PPTP traffic through a PIX Firewall

This recipe is outdated.

This recipe is outdated. See this one: https://www.tech-recipes.com/rx/2222/pptp_on_cisco_asa_or_pix_6_3_or_later_code.

Cisco PIX Firewalls require two elements to pass traffic from outside (higher security) to inside (lower security): a static translation and a conduit.

For this example, assume a server has IP address and there is an available outside address of

First, create the static translation. This configuration line establishes a relationship between (public Internet IP address) and (inside, private IP address).

static (inside,outside) netmask 0 0

Next, create appropriate conduits to allow specific traffic to pass from the outside to the Inside interface. PPTP uses TCP/1723, TCP/139, UDP/Netbios-NS, UDP/Netbios-DGM, and IP/47 GRE.

This is not needed. This recipie is outdated, and based on an old document.

conduit permit tcp eq 1723 any
conduit permit tcp host eq 139 any
conduit permit udp host eq 137 any
conduit permit udp host eq 138 any
conduit permit gre host any

access-list 101 permit tcp any host 1723
access-list 101 permit tcp any host 139
access-list 101 permit udp any host 137
access-list 101 permit udp any host 138
access-list 101 permit gre any host
access-group 101 in interface outside

A couple of notes:

    In the conduits and access-lists, the any keyword allows matching traffic from any IP address to pass through the firewall. This should be replaced with the source IP address of the PPTP tunnel, if at all possible.

    In the access-lists, verify any existing access-lists or other traffic needed before entering the last line!

Some of this information came from the Cisco PPTP FAQ.



Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular

Recent Comments

error: Content is protected !!