(Uber Newbie) VPN with Cisco PIX

Posted on 2003-03-26
Medium Priority
Last Modified: 2010-03-19
Greetings Group:  

I appologize for the tremendously easy question here ... but I know
nothing about real firewalls and routers.  I know a little bit about
home Netgear ones (which, aparantly, doesn't help at all).

I'm trying to set up a VPN to our network so I can access our intranet
at home.  I was able to do it with a dial-up connection very easily
(thanks to Win2K Wizards), but I need some real speed to be

The firewall that we have is a cisco PIX firewall and I've read the
manual, but for the life of me i can't seem to figure it out.  I was
going to start playing around with commands, but I really dont want to
mess it up.

What should I do to allow all traffic from my IP at home to access the
intranet at work?  Or atleast allow my IP at home to get past the
firewall?  Is there a easy command I can imput into the Cisco PIX terminal?  

Thanks, Alex Papadimoulis
Question by:sckdesign
  • 2
  • 2

Expert Comment

ID: 8214266
Set up a vpn connection to a RRAS server at your work, and allow port TCP/1723 through the PIX. That is, if you are authorized.

LVL 79

Accepted Solution

lrmoore earned 2000 total points
ID: 8215662
You need to create a one-to-one static nat map to your inside server, then permit TCP 1723 and GRE inbound.
Example - your server real ip is, you have a global IP of that you can use

static(inside,outside) netmask
# in addition to your existing acls:
access-list 105 permit tcp any host eq 1723
access-list 105 permit gre any host


Of course, you can always setup the PIX to terminate the VPN tunnel, then you wouldn't need a server, but that's another story.


Author Comment

ID: 8217877
Thanks, that was very helpful.  If I set it up this way, would all internet traffic (www.yahoo.com, etc) be routed through this VPN connection?

What do you mean by "you can always setup the PIX to terminate the VPN tunnel, then you wouldn't need a server"  Would this be a router-to-router connection?

LVL 79

Expert Comment

ID: 8218024
All traffic will only be routed through the VPN if you check the box "use default gateway on remote network"

You can terminate client's VPNs on the PIX instead of the server. There are trade-offs in doing it, though.


Author Comment

ID: 8218043
Thanks! I appreciate the quick answer.

Featured Post

Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question