Re: PIX, PPTP and Internet access for PPTP users...

From: Michael J. Pelletier (mjpelletier_at_mjpelletier.com)
Date: 03/16/05 

Date: Tue, 15 Mar 2005 20:51:49 -0800

If I were to use a router would I have the same problem?

Michael

William L. Sun wrote:

> It is true that "PIX will not allow you to route out the same interface
> the encrypted packet came in on". The only thing you can do is to let the
> VPN client to use Proxy server.
>
> "Michael J. Pelletier" <mjpelletier@mjpelletier.com> wrote in message
> news:9NNZd.237004$0u.71183@fed1read04...
>> Hello,
>>
>> I have a PIX 525e that is my company's firewall and VPN (for remote site
>> connectivity). Today, I configured it to do PPTP for some of our
>> employees hoping to get away from the MS PPTP server. I noticed today
>> while testing the configuration that I could not get to the Internet when
>> using PPTP. Now, I know I can configure it to do "split tunneling"
>> however, I do not wish to do split tunneling (long story, not my choice).
>>
>> I read a post from some news group that the PIX will not allow you to
> route
>> out the same interface the encrypted packet came in on. In other words
>> the "outside" interface is the PPTP tunnel end point and I can not route
>> (the client using PPTP) the packet out into the Internet (also the
>> outside interface). I can only use it to connect to internal PCs.
>>
>> Is this true?
>> Is there any work around?
>> If I used a router for PPTP could I get around this?
>>
>> P.S. I know PPTP sucks (that also is not my choice)
>>
>> Michael

Relevant Pages

  • Re: Basic Veneering, very small straight line contrast accents
    ... Andy wrote: ... Here's some specifics on Michael Fortune's tools and method. ... router fence with a precision plunge router base unit. ... The inlay is 0.008" wider than the bit ...
    (rec.woodworking)
  • Re: Hilfe bei Routing Problem
    ... Werde wie empfohlen nMap ausprobieren. ... > Hallo Michael, ... > Der Router wird wohl NAT machen. ... >> Hallo Joachim, ...
    (microsoft.public.de.german.win2000.networking)
  • Re: XP DCHP Not Talking
    ... > Thanks for the response and help, Michael. ... > the network receiving IP addresses from the router. ... >> NIC, or bad cabling. ... Are there other PCs on the network that receive ...
    (microsoft.public.windowsxp.network_web)
  • Re: Patch Day November 2005
    ... Michael Bohr schreibselte am 12.November 2005 ... > Kaufpreis eine Softwarefirewall zu erstehen. ... weil Router dafür nun wirklich kaum zu bekommen sind? ... Next by Date: ...
    (microsoft.public.de.security.heimanwender)