1
回答
思科ASA如何放行PPTP-VPN
【腾讯云】校园拼团福利,1核2G服务器10元/月!>>>   

CLI命令:

http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/18806-pix-pptp.html#maintask1

请教如果使用ASDM应该如何操作


<无标签>
举报
jiangjinsai
发帖于2年前 1回/109阅
共有1个答案 最后回答: 2年前

Commands to Add for Versions 7.x and 8.0 using inspection

Complete these steps to add commands for versions 7.x and 8.0 using the inspect command:

  1. Add PPTP inspection to the default policy-map using the default class-map.

    pixfirewall(config)#policy-map global_policy
    pixfirewall(config-pmap)#class inspection_default
    pixfirewall(config-pmap-c)#inspect pptp
  2. You do not need to define a static mapping because the PIX now inspects PPTP traffic. You can use PAT.

    pixfirewall(config)#nat (inside) 1 0.0.0.0 0.0.0.0 0 0 pixfirewall(config)#global (outside) 1 interface

    OR

Commands to Add for Versions 7.x and 8.0 using ACL

Complete these steps to add commands for versions 7.x and 8.0 using ACL.

  1. Define the static mapping for the inside PC. The address seen on the outside is 192.168.201.5.

    pixfirewall(config)#static (inside,outside) 192.168.201.5  10.48.66.106
                          netmask 255.255.255.255 0 0
  2. Configure and apply the ACL to permit the GRE return traffic from the PPTP server to the PPTP client.

    pixfirewall(config)#access-list acl-out permit gre host 192.168.201.25 
                          host 192.168.201.5  pixfirewall(config)#access-list acl-out permit tcp host 192.168.201.25 
                          host 192.168.201.5 eq 1723
  3. Apply the ACL.

    pixfirewall(config)#access-group acl-out in interface outside

{reference}http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/18806-pix-pptp.html#new

如果使用ASDM如何操作?

顶部