pptp thorugh two Cisco pix inline

Posted on 2006-04-25
Medium Priority
Last Modified: 2013-11-16
I want to set up two Cisco Pix 501 in line.  One Pix has  INT0 on the internet. INT1 is in the DMZ.  The next pix has INT0 in the DMZ and Int1 on the inside Network.  I have access from Private to DMZ and Private to Public.  I have access from the public to www/smtp in the DMZ.  What I would like to figure out is to get pptp access. I want to use the inside pix with radius back to a W2K3 server.  This is not production.  This is lab.  Never the less it has been bugging me for some time.  Watching syslog i can see that I am not getting packets to the DMZ int on the inside pix.  I am assuming that it is a translation issue.  Also I keep getting a no route from Destination to Source error from the outside pix.
Question by:thinnet
  • 2
LVL 16

Accepted Solution

The--Captain earned 1000 total points
ID: 16541407
Since this is a lab and not production, may I assume you have some time to explore potential ideas without annoyong anyone by inadvertently breaking things?

If so, I'd put the pptp server in the DMZ, get that working, and then put it on the inside network, and get it working there.

What I'm getting at is that if you can get it to work through one PIX, then you should be able to get it to work through two PIXs.  Putting the pptp server in the DMZ is an easy way to isolate your configuration issues to one PIX, initially.


Author Comment

ID: 16544697
I was trying to use the inside pix as the pptp server and radius to the W2K3 server for authentication
LVL 16

Expert Comment

ID: 16548191
>I was trying to use the inside pix as the pptp server and radius to the W2K3 server for authentication

That's fine, but you can certainly test that it's working behind a single pix before you put it behind two, yes?  Problems like this are much easier to solve when you eliminate as many variables as possible.


Featured Post

Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
As managed cloud service providers, we often get asked to intervene when cloud deployments go awry. Attracted by apparent ease-of-use, flexibility and low computing costs, companies quickly adopt leading public cloud platforms such as Amazon Web Ser…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question