Schlummi
n00b
Joined: 02 Sep 2002
Posts: 31
|
 Posted: Thu Aug 04, 2005 7:46 pm Post subject: VPN: pptp to a Cisco PIX, routingproblem |
 |
|
Hello all
I'm trying to build a VPN tunnel with pptpclient to our cisco PIX. But I have a few problems so I hope anybody could help me. 
So far, the tunnel seems to be ok:
| Code: |
flori fschlums # /usr/sbin/pon gga debug dump logfd 2 nodetach
pppd options in effect:
debug # (from command line)
nodetach # (from command line)
logfd 2 # (from command line)
dump # (from command line)
noauth # (from /etc/ppp/options.pptp)
name xxx # (from /etc/ppp/peers/gga)
remotename PPTP # (from /etc/ppp/peers/gga)
# (from /etc/ppp/options.pptp)
pty pptp 213.160.40.66 --nolaunchpppd # (from /etc/ppp/peers/gga)
mru 1000 # (from /etc/ppp/options.pptp)
mtu 1000 # (from /etc/ppp/options.pptp)
lcp-echo-failure 10 # (from /etc/ppp/options.pptp)
lcp-echo-interval 10 # (from /etc/ppp/options.pptp)
ipparam gga # (from /etc/ppp/peers/gga)
nobsdcomp # (from /etc/ppp/options.pptp)
nodeflate # (from /etc/ppp/options.pptp)
require-mppe # (from /etc/ppp/options.pptp)
require-mppe-128 # (from /etc/ppp/peers/gga)
using channel 2
Using interface ppp0
Connect: ppp0 <--> /dev/pts/3
sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0xfb1dfd76> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x1 <auth chap MS> <magic 0x2fb9fa3e>]
sent [LCP ConfAck id=0x1 <auth chap MS> <magic 0x2fb9fa3e>]
rcvd [LCP ConfRej id=0x1 <mru 1000> <asyncmap 0x0> <pcomp> <accomp>]
sent [LCP ConfReq id=0x2 <magic 0xfb1dfd76>]
rcvd [LCP ConfAck id=0x2 <magic 0xfb1dfd76>]
sent [LCP EchoReq id=0x0 magic=0xfb1dfd76]
rcvd [CHAP Challenge id=0x1 <29a221cb226df156>, name = ""]
sent [CHAP Response id=0x1 <0000000000000000000000000000000000000000000000007d9185d08bcec88cf85afa65114027b4a9c5062064411a4801>, name = "xxx"]
rcvd [LCP EchoRep id=0x0 magic=0x2fb9fa3e]
rcvd [CHAP Success id=0x1 ""]
CHAP authentication succeeded
Disabling 40-bit MPPE; MS-CHAP LM not supported
sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
sent [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
MPPE 128-bit stateless compression enabled
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0>]
rcvd [IPCP ConfReq id=0x1 <addr 213.160.40.66>]
sent [IPCP ConfAck id=0x1 <addr 213.160.40.66>]
rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x2 <addr 0.0.0.0>]
rcvd [IPCP ConfNak id=0x2 <addr 192.168.20.14>]
sent [IPCP ConfReq id=0x3 <addr 192.168.20.14>]
rcvd [IPCP ConfAck id=0x3 <addr 192.168.20.14>]
local IP address 192.168.20.14
remote IP address 213.160.40.66
Script /etc/ppp/ip-up started (pid 10779)
Script /etc/ppp/ip-up finished (pid 10779), status = 0x1
|
Ok, the remote IP I get is our real public pix ip. So I have to change it to one of our internal ip's:
| Code: |
ifconfig ppp0 pointopoint 213.160.40.1
|
With that line the tunnel becomes stable.
http://pptpclient.sourceforge.net/routing.phtml#same-ip
Now I need some help. This is my network:
| Code: |
<pptpclient, 192.168.1.23, Default GW 192.168.1.3>
|
|
<192.168.1.3, NAT router with public IP>
|
|
<INTERNET>
|
|
<Cisco PIX, Public IP 213.160.40.66>
<DMZ-Gateway: 213.160.40.1, Internal-Gateway: 192.168.15.254>
VPN IP-Pool is 192.168.20.x
|
Can anybody help me with the routingtable?
Regards Florian |
|
Networking & Security
