[TriLUG] Cisco PIX 515
Ryan.Leathers at globalknowledge.com
Wed Mar 2 09:04:02 EST 2005
yeeeesh! now hanging my head in shame in accordance with Jon's wishes :(
From: Jon Carnes [mailto:jonc at nc.rr.com]
Sent: Tuesday, March 01, 2005 10:54 PM
To: Triangle Linux Users Group discussion list
Subject: Re: [TriLUG] Cisco PIX 515
In a word Steve, you are hosed. Do yourself a favor and spend $60 on a
Linksys firewall - put that in parallel with your Pix and never tell
Seriously, do you have an old spare computer laying around that works
but is too old to be a workstation? If yes, you are in luck. Install
OpenBSD on that sucker and then simply follow the examples (in the man
pages) for allowing PPTP to pass through. OpenBSD is a real firewall and
far superior to any PIX.
I love Cisco. I hate the PIX. It's a piece of garbage and I wish folks
would use them for something more appropriate like a door-stop or small
boat anchor. Even a low end PIX costs as much as a nice PC, and you have
to contend with <gasp> user licensing.... I would hang my head in shame
if I ever owned a PIX firewall.
And that is the straight dope from,
On Tue, 2005-03-01 at 17:00, Steve Hoffman wrote:
> I have a cisco PIX 515 firewall running OS 6.0. I'm trying to get it
> to allow PPTP pass through, but am coming up empty. I'm connecting to
> a Windows VPN which I can't change, although I was first trying to
> connect with pptpclient for linux so this is On Topic! That kept
> failing so I tried to connect from a win box and got the same results.
> I'm almost positive the PIX is to blame as there is no error on the
> VPN server (in fact, no indication a connection was even made) but I
> am able to connect fine from inside the network using the same
> pptpclient config on a different machine, but that's pretty much
> useless to me as I want to connect from home.
> Does anyone know how to configure that? From all I've read on the
> net, I need a newer version of the OS, but haven't been able to find
> it anywhere. I'm hoping someone just knows how to enable the
> passthrough as trying to purchase OS upgrades from Cisco has always
> been a nightmare. I've opened up port 1723 on the pix and can telnet
> to it fine, not that I know what to type once I get to the prompt.
> Any suggestions welcome and greatly appreciated!
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
More information about the TriLUG