[VPN] VPN on Cisco PIX

Dana J. Dawson djdawso at qwest.com
Wed Apr 30 13:09:39 EDT 2003


Actually, you can, but you have to remove the "sysopt connection permit-pptp" 
command that is usually used.  In this case, you have to permit all the incoming 
traffic to the PIX with an access-list (or conduit, I suppose), including the 
PPTP traffic (GRE and TCP/1723).  Since you're using an access-list to allow 
that traffic, you can also restrict the source, which is what you want.

HTH

Dana

-- 

Dana J. Dawson                     djdawso at qwest.com
Senior Staff Engineer              CCIE #1937
Qwest Communications               (612) 664-3364
600 Stinson Blvd., Suite 1S        (612) 664-4779 (FAX)
Minneapolis  MN  55413-2620

"Hard is where the money is."

shannong wrote:
> No.  VPDN cannot be restricted by IP on the Pix.  Instead, you'll need
> to use an ACL on the router in front.  You can do real VPNs using IPSec
> and specify the IPs that can have access by defining their pre-shared
> keys for IKE.  All others will fail.
> 
> -Shannon
> 
> -----Original Message-----
> From: vpn-admin at lists.shmoo.com [mailto:vpn-admin at lists.shmoo.com] On
> Behalf Of silvia ghezzi
> Sent: Tuesday, April 29, 2003 2:27 AM
> To: vpn at lists.shmoo.com
> Subject: [VPN] VPN on Cisco PIX
> 
> Hello,
> 
> I have enabled a PPTP VPN to my CISCO PIX, but I
> cannot find the way to filer the public source IP
> address to establish VPN with PIX, so at the moment
> everybody can create a VPN with us and we don't want
> this.
> 
> Is there a way to prevent this?
> 
> Many thanks
> Regards
> 
> Silvia




More information about the VPN mailing list