[c-nsp] PIX 515E PPTP VPN Routing?

Church, Charles cchurc05 at harris.com
Mon Sep 24 08:06:11 EDT 2007 

I think it's working the way it should.  THe MS client is very
non-intelligent, compared to the Cisco client.  I don't believe you can
define for an MS client the concept of split tunneling, at least not
from the PIX or router itself.  You can do it from the client, after the
VPN session is established.  If you do a 'route print' from the Windoze
box, you'll see an additional entry for the default network using the
VPN adaptor, with a better metric.  You can manually delete that entry,
and add in any that you need with another route statement (such as
saying all 172.16.0.0/12 routes should use the VPN interface).  You
don't have any odd configuration, such as your PIX giving out addresses
in the same range as what's local to the PC?  That could cause some
oddities as well.  But honestly, you're much better off using the Cisco
client, from a security and a feature standpoint.  I haven't worked with
PPTP in a couple years, but I think I rememeber all the faults pretty
well.

Chuck 
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Lyndon Tiu
Sent: Monday, September 24, 2007 7:18 AM
To: haykan at qalacom.com
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] PIX 515E PPTP VPN Routing?


I did this (it is checked by default) and I got 0.0.0.0 as the default
gateway.

But it does not matter either ways. I still could not do anything.
Cannot ping/ssh/telnet/http to any other computer on the local LAN. No
internet connection (to the outside world) either.

Any more suggestions?

On Mon, 24 Sep 2007 13:34:12  0800 haykan at qalacom.com wrote:
> on your windows client go to properties - networking - tcp/ip -
advanced
> 
> and check the box - Use default gateway on remote network
> 
> regards,
> 
> Lyndon Tiu wrote:
> > Hi guys,
> >
> > I have a PIX 515E.
> >
> > I setup the PIX as a PPTP VPN server accepting PPTP connections from
the 
> > outside. I have a Windows XP client on the outside connecting to the

> > internal network using the PIX as the PPTP server.
> >
> > I followed instructions setting up the VPN and the Windows client is

> > able to connect to the PIX and obtain an ip from the ip pool.
> >
> > Problem is, the Windows client is unable to do anything after this.
It 
> > cannot ping any other machines on the network.
> >
> > I believe this is a routing issue. Can someone on this list confirm
if 
> > routing is something I have to do separate from the VPN
configuration?
> >
> > Ipconfig says that a default gateway is not assigned to the Windows 
> > client by the PIX through the PPTP VPN. Route /print shows no routes

> > added by the PPTP. I do not see any PPTP VPN configuration that
allows 
> > me to setup routes.
> >
> >
> >   
> 


--
Lyndon Tiu
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list