From: Foltz (globalfx@xxxxxxxxxxxxxx)
Date: Mon Oct 30 2000 - 10:28:35 GMT-3
In order for networks on lower security interfaces (i.e. outside interface)
to access devices on higher security interfaces (i.e. inside interface) you
need static mappings and conduits. By default inside interface can access
outside interfaces, but outside interfaces cannot access inside interfaces,
unless you defines conduits to permit.
Richard Foltz, CCNP-Voice, CCNP, CCDP, MCSE+I, Network+, A+
Halifax (12/4-5/2000)
----- Original Message -----
From: "Jay Hennigan" <jay@west.net>
To: "Jim Bond" <trycisco@yahoo.com>
Cc: <cisco@groupstudy.com>; <ccielab@groupstudy.com>
Sent: Sunday, October 29, 2000 11:33 PM
Subject: Re: PIX PPTP, no NAT
> On Sat, 28 Oct 2000, Jim Bond wrote:
>
> > Hello,
> >
> > I'm trying to set up PIX PPTP without NAT but no
> > success. Cisco gives a sample config using NAT
> > http://www.cisco.com/warp/public/110/pptppix.html but
> > I don't understand why they use 192.168.1.0.
> >
> > Here is my topology:
> > 172.16.1.0/24(outside)---PIX---(inside)172.16.2.0/24
> > I create a pool 172.16.1.100-172.16.1.200, but users
> > from outside can't reach internal network.
>
> According to this, it looks like you should have NAT. You have a
different
> network outside than inside.
>
> Assuming you really mean no NAT, do you have a "static" statement mapping
> the addresses to themselves?
>
> It's a bit counterintuitive without NAT, but you should have something
like
>
> static (inside,outside) 172.16.1.0 172.16.1.0 netmask 255.255.255.0
>
> See the PIX command reference regarding "static".
>
> --
> Jay Hennigan - Network Administration - jay@west.net
> NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/
> WestNet: Connecting you to the planet. 805 884-6323
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:32 GMT-3