Solved

cisco pix 501 firewall configuration allow services

Posted on 2012-04-03
5
511 Views
Last Modified: 2012-04-08
The question is, how do I allow pptp service and gre protocol on a Cisco Pix 501 Firewall?  The pix is Version 6.3 (5) and I have access to it via the Pix Device Manager Version 3.0(4).  The scenario is a TWC modem/router with a static IP with the Pix connected to it.  A switch connects to the PIX and all devices are connected to the switch.  Everything is running fine.  What needs to be done and what I need help with, is that the client wants to put an ordinary Netgear wireless router connected to the switch.  The reason for this is so they can have an isolated LAN to hook up one computer that will run a software VPN that will be used for a single purpose - to receive reports from an outside source.

Everything appears to be working, the Netgear router is on the Internet and the computer attached to it has Internet access.  The Netgear and it's attached computer are using a separate IP range from the rest of the office computers.  The problem is that the software VPN running on this one computer as the client side, can't connect to the outside source.

The other vendor that's setting this up is asking for PPTP and GRE to be enabled on the PIX, and that's what I need help with.

I see in the PIX setup where to add Rules, but I'm confused about how to setup Source, Destination, inside and outside.   The isolated computer connected to the Netgear is IP 10.3.10.3.

Thanks for any help.
0
Comment
Question by:riebese
  • 3
  • 2
5 Comments
 
LVL 4

Accepted Solution

by:
Red_Tech earned 500 total points
ID: 37803863
0
 

Author Comment

by:riebese
ID: 37804123
Red_Tech: I think your link gives me a lot of the information that I need, but my configuration is a little different.  In the graphic on your link, I have another router, a Netgear router attached to the Pix, with one computer attached to the Netgear.  The Netgear is getting it's IP assigned by the TWC router, and has DHCP setup to hand out IPs in the range of 10.3.10.2-24.  The computer attached to the Netgear is IP 10.3.10.3.  The other office computers are on IP range 192.168.50.2-200.

So what would the commands be (or the settings in the PIX Device Manager GUI) for this configuration?  Or is there a better way to do it?  Thanks.
0
 

Author Comment

by:riebese
ID: 37804132
The error given in the link that Red_Tech provided is the error that we're getting:

Description:
A connection between the VPN server and the VPN client 87.0.0.1 has been established,
but the VPN connection cannot be completed. The most common cause for this is that a
firewall or router between the VPN server and the VPN client is not configured to allow
Generic Routing Encapsulation (GRE) packets (protocol 47). Verify that the firewalls
and routers between your VPN server and the Internet allow GRE packets. Make sure the
firewalls and routers on the user's network are also configured to allow GRE packets.
If the problem persists, have the user contact the Internet service provider (ISP) to
determine whether the ISP might be blocking GRE packets.
0
 
LVL 4

Expert Comment

by:Red_Tech
ID: 37814465
What kind of Netgear is it? Does the Netgear have an ACL of some kind? if so can you allow all traffic through the Netgear to the 10.3.10.3? Also, does your TWC router or the ISP block any of this type of traffice?
0
 

Author Closing Comment

by:riebese
ID: 37822219
I followed the commands as outlined in the link that Red-Tech provided, changing the IP address to the IP address at my client's site.  I think the command that did the trick was this one:
fixup protocol pptp 1723
The other commands gave errors, I probably had some syntax wrong.  Anyway, surprisiingly it's working now.
Thank you Red_Tech!
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now