Configuring Microsoft VPN via Cisco PIX (ver. 5.1(4))
Posted on 2003-11-10
I need to set up a single user (for now) for VPN access. We set up a Windows 2000 server and configured the client and the PIX and tested it and it worked fine. Unfortunately, this caused the Exchange server to stop receiving outside e-mails, so I quickly backed off the added config. Here is what I added that caused the problem:
access-list acl-out permit gre any host 216.xx.xx.xx
access-list acl-out permit tcp any host 216.xx.xx.xx
static (inside,outside) 216.xx.xx.xx 192.168.xx.xx netmask 255.255.255.255 0
access-group acl-out in interface outside
This worked fine, but caused the problem mentioned above. I used the "permit any" statement as opposed to an IP address because we don't have that information for the client as yet. Will simply changing the access-list acl-out statements to permit with a specific IP fix this, or is there something else? And, why would this cause the Exchange server to stop receiving outside e-mail? Thanks.