1
回答
思科ASA如何放行PPTP-VPN
华为云4核8G,高性能云服务器,免费试用   

CLI命令:

http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/18806-pix-pptp.html#maintask1

请教如果使用ASDM应该如何操作


<无标签>
举报
jiangjinsai
发帖于2年前 1回/113阅
共有1个答案 最后回答: 2年前

Commands to Add for Versions 7.x and 8.0 using inspection

Complete these steps to add commands for versions 7.x and 8.0 using the inspect command:

  1. Add PPTP inspection to the default policy-map using the default class-map.

    pixfirewall(config)#policy-map global_policy
    pixfirewall(config-pmap)#class inspection_default
    pixfirewall(config-pmap-c)#inspect pptp
  2. You do not need to define a static mapping because the PIX now inspects PPTP traffic. You can use PAT.

    pixfirewall(config)#nat (inside) 1 0.0.0.0 0.0.0.0 0 0 pixfirewall(config)#global (outside) 1 interface

    OR

Commands to Add for Versions 7.x and 8.0 using ACL

Complete these steps to add commands for versions 7.x and 8.0 using ACL.

  1. Define the static mapping for the inside PC. The address seen on the outside is 192.168.201.5.

    pixfirewall(config)#static (inside,outside) 192.168.201.5  10.48.66.106
                          netmask 255.255.255.255 0 0
  2. Configure and apply the ACL to permit the GRE return traffic from the PPTP server to the PPTP client.

    pixfirewall(config)#access-list acl-out permit gre host 192.168.201.25 
                          host 192.168.201.5  pixfirewall(config)#access-list acl-out permit tcp host 192.168.201.25 
                          host 192.168.201.5 eq 1723
  3. Apply the ACL.

    pixfirewall(config)#access-group acl-out in interface outside

{reference}http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/18806-pix-pptp.html#new

如果使用ASDM如何操作?

顶部