(Uber Newbie) VPN with Cisco PIX

Posted on 2003-03-26
Medium Priority
Last Modified: 2010-03-19
Greetings Group:  

I appologize for the tremendously easy question here ... but I know
nothing about real firewalls and routers.  I know a little bit about
home Netgear ones (which, aparantly, doesn't help at all).

I'm trying to set up a VPN to our network so I can access our intranet
at home.  I was able to do it with a dial-up connection very easily
(thanks to Win2K Wizards), but I need some real speed to be

The firewall that we have is a cisco PIX firewall and I've read the
manual, but for the life of me i can't seem to figure it out.  I was
going to start playing around with commands, but I really dont want to
mess it up.

What should I do to allow all traffic from my IP at home to access the
intranet at work?  Or atleast allow my IP at home to get past the
firewall?  Is there a easy command I can imput into the Cisco PIX terminal?  

Thanks, Alex Papadimoulis
Question by:sckdesign
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2

Expert Comment

ID: 8214266
Set up a vpn connection to a RRAS server at your work, and allow port TCP/1723 through the PIX. That is, if you are authorized.

LVL 79

Accepted Solution

lrmoore earned 2000 total points
ID: 8215662
You need to create a one-to-one static nat map to your inside server, then permit TCP 1723 and GRE inbound.
Example - your server real ip is, you have a global IP of that you can use

static(inside,outside) netmask
# in addition to your existing acls:
access-list 105 permit tcp any host eq 1723
access-list 105 permit gre any host


Of course, you can always setup the PIX to terminate the VPN tunnel, then you wouldn't need a server, but that's another story.


Author Comment

ID: 8217877
Thanks, that was very helpful.  If I set it up this way, would all internet traffic (www.yahoo.com, etc) be routed through this VPN connection?

What do you mean by "you can always setup the PIX to terminate the VPN tunnel, then you wouldn't need a server"  Would this be a router-to-router connection?

LVL 79

Expert Comment

ID: 8218024
All traffic will only be routed through the VPN if you check the box "use default gateway on remote network"

You can terminate client's VPNs on the PIX instead of the server. There are trade-offs in doing it, though.


Author Comment

ID: 8218043
Thanks! I appreciate the quick answer.

Featured Post

Enroll in August's Course of the Month

August's CompTIA IT Fundamentals course includes 19 hours of basic computer principle modules and prepares you for the certification exam. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses
Course of the Month13 days, 10 hours left to enroll

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question