From: Andrew (arousch@xxxxxxxx)
Date: Mon Oct 30 2000 - 02:54:27 GMT-3
At 09:33 PM 10/29/00 -0800, Jay Hennigan wrote:
>On Sat, 28 Oct 2000, Jim Bond wrote:
>
> > Hello,
> >
> > I'm trying to set up PIX PPTP without NAT but no
> > success. Cisco gives a sample config using NAT
> > http://www.cisco.com/warp/public/110/pptppix.html but
> > I don't understand why they use 192.168.1.0.
> >
> > Here is my topology:
> > 172.16.1.0/24(outside)---PIX---(inside)172.16.2.0/24
> > I create a pool 172.16.1.100-172.16.1.200, but users
> > from outside can't reach internal network.
>
>According to this, it looks like you should have NAT. You have a different
>network outside than inside.
Don't all routers that are routing between networks? ;) The PIX is not
necessarily a NAT box. It performs statefull security for established
connections (translated or not.)
And if you're not doing NAT (using NAT 0) then you don't need statics per
say. If you are trying to allow non-established connections in from the
outside then you would need to use conduits to open those holes.
Heh - I think I have forgotten the original question
>Assuming you really mean no NAT, do you have a "static" statement mapping
>the addresses to themselves?
>
>It's a bit counterintuitive without NAT, but you should have something like
>
>static (inside,outside) 172.16.1.0 172.16.1.0 netmask 255.255.255.0
>
>See the PIX command reference regarding "static".
>
>--
>Jay Hennigan - Network Administration - jay@west.net
>NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/
>WestNet: Connecting you to the planet. 805 884-6323
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:31 GMT-3