[fw-wiz] PPTP/L2TP Checkpoint/Pix



Hey all,

Any help with the following scenario is appreciated.

I have the following:

VLAN2 (172.16.100.0/24)
DMZ (172.20.1.2) via Checkpoint
Pix (x.x.x.x) Client's fw
SRVR (10.10.5.20) Behind client's Pix

I created a tunnel (PPTP) to connect from my DMZ to their SRVR however which worked however, I need about 5 machines in VLAN2 to connect to DMZ and pass through the DMZ straight to the SRVR.

I'm not able to create any tunnels from VLAN2, solely from DMZ. So I'm thinking a PPTP/L2TP proxy server, anyone with an existing implementation and or documentation on something like this without mentioning ISA server?

http://www.infiltrated.net/tunneling.jpg (diagrammed)

Thanks in advance for any pointers, links, comments, do's/don't('s)

--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
echo @infiltrated|sed 's/^/sil/g;s/$/.net/g'
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743

"How a man plays the game shows something of his
character - how he loses shows all" - Mr. Luckey
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: A Tale of Two PIXes
    ... From the inside interface, the PIX attaches to out 6509 ... and there is no DMZ. ... >working through the 4MB connection. ...
    (comp.dcom.sys.cisco)
  • [fw-wiz] Double firewall setup (long)
    ... One PIX 515E w/ 3 interfaces: inside, outside, DMZ. ... access-list OUTB permit tcp 10.181.8.0 255.255.248.0 any eq www ... interface ethernet0 auto ...
    (Firewall-Wizards)
  • RE: [fw-wiz] PIX 520 - control traffic between DMZ and inside devices
    ... The Nat 0 rule should be used for the internal server. ... This will allow trafic to traverse the PIX from ... Assuming you have the Server Statically mapped to an external Address: ... PIX 520, Three interfaces - inside, Outside and DMZ. ...
    (Firewall-Wizards)
  • RE: [fw-wiz] PIX 520 - control traffic between DMZ and inside devices
    ... If you are going from a lower security level to a higher ... This will allow trafic to traverse the PIX from ... PIX 520, Three interfaces - inside, Outside and DMZ. ... I cannot ping any inside devices from the PIX "DMZ" interface ...
    (Firewall-Wizards)
  • Re: Problems configuring my PIX525
    ... I am almost sure that Cisco ... > offers some kind of training for the PIX. ... DMZ should be 192.168.x.x, again you have the wrong subnet mask - change ... and static is only used for incoming connection. ...
    (comp.security.firewalls)