From: Cassidy D. Smith (csmith@plannetconsulting.com)
Date: Thu Apr 24 2003 - 20:59:01 GMT-3
I think he is needing an "internal" access-list.
PPTP tunnels terminate within the PIX so you need to "allow" them to talk to
your inside hosts.
First create an access-list to allow the traffic between the hosts or ip
subnets
Example: access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.1.0
255.255.255.0 (you could use the specific hosts if that is all you want
to allow)
Second assign the access-list to the "internal" nat group 0
Example: nat (inside) 0 access-list 101
HTH,
Cassidy D. Smith
CCIE#11473
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Rthugo1@aol.com
Sent: Thursday, April 24, 2003 2:25 PM
To: Peng Zheng; ccielab@groupstudy.com
Subject: Re: PIX 501 PPTP
You are probably talking about a site-to-site VPN tunnel. If so, it will
require a PIX or other Firewal / NATing device on the remote host side.
try this:
http://www.cisco.com/warp/public/110/38.html
Good Luck,
Rob H
CVoice, CCNP, CCDP
-----------Original message Below--------------------
Hi,
The connection:
Host1---(inside)PIX 501 (outside)----Host2
I already configured PPTp support on PIX and I can
connect to PIX from Host2.
Ip on host1: 192.168.1.2
Ip on host2 (through PPTP): 192.168.1.10
How can I connect to host1 from host2. What's
access-list?
Thanks.
Best Wishes,
This archive was generated by hypermail 2.1.4 : Thu May 01 2003 - 13:36:05 GMT-3