[fw-wiz] No connection once the translation rules are applied

• Previous message: Chris Ditri: "[fw-wiz] Weird FW bridge stuff (Linux)"
• Next in thread: Joshua Vince: "RE: [fw-wiz] No connection once the translation rules are applied"
• Maybe reply: Joshua Vince: "RE: [fw-wiz] No connection once the translation rules are applied"
• Maybe reply: Melson, Paul: "RE: [fw-wiz] No connection once the translation rules are applied"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "firewall-wizards@honor.icsalabs.com" <firewall-wizards@honor.icsalabs.com>
Date: Thu, 11 Dec 2003 05:09:38 -0800

I have a 501 v. 6.3(1). I am attempting to establish a PPTP VPN server
(192.168.1.10) behind the firewall. I lose Internet connectivity once I apply
the translation rules. I do not have an electronic copy available, but here is
a quick synopsis of the pertinent entires.

fixup protocol pptp 1723
access-list outside_access_in permit gre any host 192.168.1.10
access-list outside_access_in permit tcp eq pptp host 192.168.1.10 eq pptp
access-list outside_access_in permit icmp any any echo-reply
ip address outside xxx.xxx.xxx.xxx 255.255.255.0
ip address inside 192.168.1.1 255.255.255.0
nat (inside) 1 0.0.0.0 0.0.0.0 0
static (inside,outside) 192.168.1.10 192.168.1.10 netmask 255.255.255.255 0 0
access-group outside_access_in in interface outside

What am I missing here?

Geoff

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Chris Ditri: "[fw-wiz] Weird FW bridge stuff (Linux)"
• Next in thread: Joshua Vince: "RE: [fw-wiz] No connection once the translation rules are applied"
• Maybe reply: Joshua Vince: "RE: [fw-wiz] No connection once the translation rules are applied"
• Maybe reply: Melson, Paul: "RE: [fw-wiz] No connection once the translation rules are applied"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Pix 506e, PPTP problem ... The 10.0.0.10 is the first address in my pptp pool I setup on the pix. ... >:> Have you used a sysopt connection command to bypass ACL checking? ... > the name after the word 'access-group' is the name of the existing ACL ... > network-object 10.0.0.10 255.255.255.254 ... (comp.dcom.sys.cisco) RE: [fw-wiz] No connection once the translation rules are applied ... Any time you change NAT rules on a PIX, ... it looks like you're missing a source 'any' in the permit tcp rule ... I am attempting to establish a PPTP VPN server ... access-group outside_access_in in interface outside ... (Firewall-Wizards) RE: [fw-wiz] No connection once the translation rules are applied ... access-list outside_access_in permit tcp eq pptp host 192.168.1.10 eq pptp ... access-group outside_access_in in interface outside ... (Firewall-Wizards) Re: Firewall trouble ... 90 permit icmp any host xxx.xxx.xxx.89 echo-reply ... ip inspect name firewall pop3 ... ip access-group ACL.permit.outbound ... (comp.dcom.sys.cisco) Getting a VPN to work through a Cisco firewall ... this problem here lies in the firewall blocking VPN traffic. ... access-list 101 permit udp host 207.244.144.10 eq domain host ... (comp.dcom.sys.cisco)