[TriLUG] Cisco PIX 515

Ryan Leathers Ryan.Leathers at globalknowledge.com
Wed Mar 2 09:04:02 EST 2005


yeeeesh! now hanging my head in shame in accordance with Jon's wishes :(


-----Original Message-----
From: Jon Carnes [mailto:jonc at nc.rr.com]
Sent: Tuesday, March 01, 2005 10:54 PM
To: Triangle Linux Users Group discussion list
Subject: Re: [TriLUG] Cisco PIX 515


In a word Steve, you are hosed. Do yourself a favor and spend $60 on a
Linksys firewall - put that in parallel with your Pix and never tell
your boss...

Seriously, do you have an old spare computer laying around that works
but is too old to be a workstation?  If yes, you are in luck. Install
OpenBSD on that sucker and then simply follow the examples (in the man
pages) for allowing PPTP to pass through. OpenBSD is a real firewall and
far superior to any PIX.

I love Cisco. I hate the PIX. It's a piece of garbage and I wish folks
would use them for something more appropriate like a door-stop or small
boat anchor. Even a low end PIX costs as much as a nice PC, and you have
to contend with <gasp> user licensing.... I would hang my head in shame
if I ever owned a PIX firewall.

And that is the straight dope from,

Jon Carnes


On Tue, 2005-03-01 at 17:00, Steve Hoffman wrote:
> I have a cisco PIX 515 firewall running OS 6.0.  I'm trying to get it
> to allow PPTP pass through, but am coming up empty.  I'm connecting to
> a Windows VPN which I can't change, although I was first trying to
> connect with pptpclient for linux so this is On Topic!  That kept
> failing so I tried to connect from a win box and got the same results.
>  I'm almost positive the PIX is to blame as there is no error on the
> VPN server (in fact, no indication a connection was even made)  but I
> am able to connect fine from inside the network using the same
> pptpclient config on a different machine, but that's pretty much
> useless to me as I want to connect from home.
> 
> Does anyone know how to configure that?  From all I've read on the
> net, I need a newer version of the OS, but haven't been able to find
> it anywhere.  I'm hoping someone just knows how to enable the
> passthrough as trying to purchase OS upgrades from Cisco has always
> been a nightmare.  I've opened up port 1723 on the pix and can telnet
> to it fine, not that I know what to type once I get to the prompt.
> 
> Any suggestions welcome and greatly appreciated!
> 
> 
> Thanks,
> Steve

-- 
TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ  : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc



More information about the TriLUG mailing list