That's why PIX sucks. Go with Linux or BSD ----- Original Message ----- From: "Rizzo, Damian" To: Sent: Wednesday, November 28, 2001 4:20 PM Subject: RE: NAT commands [7:27539]
> I do not think this will work. I had the exact same problem as below, though > I was using a Cable connection. After talking with Cisco it was determined > that the problem was attempting to forward GRE traffic. Since GRE is a > Protocol and not a Port, it is extremeley difficult to route and/or forward, > and in the event you are using a PIX firewall, as I found out, it is just > not possible. I actually had to purchase another IP address from my ISP so I > could Static map it and use ACL's to open the GRE protocol. Hope this helps. > > > -Rizzo > > > > -----Original Message----- > From: NKP [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, November 28, 2001 8:50 AM > To: [EMAIL PROTECTED] > Subject: NAT commands [7:27539] > > > Hi All > I have the following scenario . > I have a Cisco 2600 router which is connected to the ISDN and I have got a > fixed Ip address from my ISP which is assigned to the bri interface , it is > connecting fine .All the internal addresses are translated on ethernet > on my ethernet I have a Windows 2K server . > I want a remote user to connect to my Win2K server , how should I > configure my router to send the request for authentication to this win2K > server via VPN as it has a translated IP address . . My remote client is on > Win 98 . > > My present router configs are given below > > thanks in advance , > > Navin Parwal > > > > > Router# > Router# > Router#sh run > Building configuration... > > Current configuration: > ! > version 12.0 > service timestamps debug uptime > service timestamps log uptime > no service password-encryption > ! > hostname Router > ! > ! > memory-size iomem 10 > ip subnet-zero > ! > ip dhcp pool local > network 192.168.1.0 255.255.255.0 > default-router 192.168.1.1 > dns-server 12.10.194.34 > ! > isdn switch-type basic-net3 > ! > ! > ! > ! > interface Ethernet0/0 > ip address 192.168.1.1 255.255.255.0 > no ip directed-broadcast > ip nat inside > no cdp enable > no mop enabled > ! > interface Serial0/0 > no ip address > no ip directed-broadcast > no ip mroute-cache > shutdown > no fair-queue > clockrate 64000 > ! > interface BRI0/0 > ip address 202.157.70.61 255.255.255.0 > no ip directed-broadcast > ip nat outside > encapsulation ppp > dialer string 226476 > dialer-group 1 > isdn switch-type basic-net3 > no cdp enable > ppp chap refuse > ppp pap sent-username jbc password > hold-queue 75 in > ! > ip nat inside source list 10 interface BRI0/0 overload > ip classless > ip route 0.0.0.0 0.0.0.0 BRI0/0 > no ip http server > ! > access-list 10 permit any > dialer-list 1 protocol ip permit > ! > ! > line con 0 > transport input none > line aux 0 > line vty 0 4 > login > ! > no scheduler allocate > end > This electronic mail transmission contains confidential information intended > only for the person(s) named. Any use, distribution, copying, or disclosure > by any other person is strictly prohibited. If you received this > transmission in error, please notify the sender by replying to e-mail and > destroy message. Opinions, conclusions, and other information in this > message that do not relate to the official business of MARAKON ASSOCIATES > shall be understood to be neither given nor endorsed by the company. When > addressed to MARAKON clients, any information contained in this e-mail is > subject to the terms and conditions in the governing client contract. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27592&t=27539 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
