|
||||||||
I've been trying to setup a standalone PPTP/IPsec server off a stub segment at work. I want an external client to be able to access anything on the internal network through PPTP (and eventually site-to-site IPsec tunnels as well). I've included a Visio drawing that should explain what I'm trying to do. http://members.arstechnica.com/x/bobdole/M0n0wall_VPN_Mailing_List_Question.gif Here's what I've got: PIX 515E Boarder Firewall 3662 Internal Router Internal Network (consisting of two subnets [secondary addressing]) directly attached to Fa0/1 A route statement to the OPT1 interface of the m0n0wall (NAT turned off, Any/Any Firewall Rules) External clients can connect via PPTP to the OPT1 interface just fine. The two ACLs on the PIX are in place for Any/PPTP and Any/GRE to OPT1. When the tunnel comes up the DNS server is always listed as the LAN interface (instead of the two specified DNS servers) No traffic wants to pass in/out of the tunnel. I can access both the WAN and OPT1 interfaces from anywhere on the internal network for management/ICMP just fine. Routing is working fine. What am I doing wrong or can this not be done? ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ |