Recent content by jjoh850

Your static map seems to be correct, and if TCP 1723 and GRE are all PPTP requires than that seems correct as well. I'm not a PPTP expert, so I can't verifiy your ACL is right. Do you see anything being blocked by your ACL in your logs when the client is trying to connect ("show log" if...

Add the following command to your PIX: fixup protocol pptp 1723 Joe

I don't understand what you're asking. Hosts on the DMZ should be able to access anything on the outside interface (i.e. Internet) if they initiate the traffic. This is because the security level of the DMZ is greater than the outside. If you're talking about having a public IP on the outside...

Alan, Windows uses ICMP echo (ping) for trace route and Unix uses UDP (which creates stateful entries in the PIX). Try allowing ICMP echo reply on your Internet ACL. Joe

Try adding the following: access-list bob_splitTunnelAcl permit ip 192.168.2.0 255.255.255.0 any ! adds a route on the VPN client to the DMZ subnet Your NAT 0 ACL doesn't need to be changed because it matches any traffic going to your VPN client address pool. Let us know how it works. Joe

Hey Sam, It isn't possible. With 6.3 you either have to enable split tunneling or have your users deal with not being able to connect to the Internet while VPNed to the PIX. Joe

Hello Sam, What version of PIX software are you running? What you're describing is a new 7.0 feature. Prior to 7.0 you either have to set up split tunneling to let your users access the Internet or let them know while accessing the VPN they'll only have access to inside resources. If you are...

Veral, If you are using split tunneling, did you add a route to your DMZ in your split tunnel ACL? If your inside subnet is being NAT/PATed, did you add a line to your NAT 0 ACL permitting the VPN pool to DMZ? If you don't know how to do/check these please post your config. Joe