[ previous ] [ next ] [ threads ]
 
 From:  bkahler at techline dot com
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Standalone PPTP/IPsec Server: Questions on setup
 Date:  Tue, 7 Feb 2006 10:11:26 -0800
I've been trying to setup a standalone PPTP/IPsec server off a stub segment at
work.  I want an external client to be able to access anything on the internal
network through PPTP (and eventually site-to-site IPsec tunnels as well).  I've
included a Visio drawing that should explain what I'm trying to do.

http://members.arstechnica.com/x/bobdole/M0n0wall_VPN_Mailing_List_Question.gif

Here's what I've got:
PIX 515E Boarder Firewall
3662 Internal Router
Internal Network (consisting of two subnets [secondary addressing]) directly
attached to Fa0/1
A route statement to the OPT1 interface of the m0n0wall (NAT turned off, Any/Any
Firewall Rules)

External clients can connect via PPTP to the OPT1 interface just fine.  The two
ACLs on the PIX are in place for Any/PPTP and Any/GRE to OPT1.
When the tunnel comes up the DNS server is always listed as the LAN interface
(instead of the two specified DNS servers)
No traffic wants to pass in/out of the tunnel.

I can access both the WAN and OPT1 interfaces from anywhere on the internal
network for management/ICMP just fine.  Routing is working fine.

What am I doing wrong or can this not be done?




-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/