[TriLUG] Cisco PIX 515
Jon Carnes
jonc at nc.rr.com
Tue Mar 1 22:53:51 EST 2005
In a word Steve, you are hosed. Do yourself a favor and spend $60 on a
Linksys firewall - put that in parallel with your Pix and never tell
your boss...
Seriously, do you have an old spare computer laying around that works
but is too old to be a workstation? If yes, you are in luck. Install
OpenBSD on that sucker and then simply follow the examples (in the man
pages) for allowing PPTP to pass through. OpenBSD is a real firewall and
far superior to any PIX.
I love Cisco. I hate the PIX. It's a piece of garbage and I wish folks
would use them for something more appropriate like a door-stop or small
boat anchor. Even a low end PIX costs as much as a nice PC, and you have
to contend with <gasp> user licensing.... I would hang my head in shame
if I ever owned a PIX firewall.
And that is the straight dope from,
Jon Carnes
On Tue, 2005-03-01 at 17:00, Steve Hoffman wrote:
> I have a cisco PIX 515 firewall running OS 6.0. I'm trying to get it
> to allow PPTP pass through, but am coming up empty. I'm connecting to
> a Windows VPN which I can't change, although I was first trying to
> connect with pptpclient for linux so this is On Topic! That kept
> failing so I tried to connect from a win box and got the same results.
> I'm almost positive the PIX is to blame as there is no error on the
> VPN server (in fact, no indication a connection was even made) but I
> am able to connect fine from inside the network using the same
> pptpclient config on a different machine, but that's pretty much
> useless to me as I want to connect from home.
>
> Does anyone know how to configure that? From all I've read on the
> net, I need a newer version of the OS, but haven't been able to find
> it anywhere. I'm hoping someone just knows how to enable the
> passthrough as trying to purchase OS upgrades from Cisco has always
> been a nightmare. I've opened up port 1723 on the pix and can telnet
> to it fine, not that I know what to type once I get to the prompt.
>
> Any suggestions welcome and greatly appreciated!
>
>
> Thanks,
> Steve
More information about the TriLUG
mailing list