https://community.cisco.com/t5/network-security/pptp-thru-pix-6-3-4/m-p/447659#M532710 <HTML><HEAD></HEAD><BODY><P>David,</P><P></P><P>Here's the documentation on how to allow PPTP traffic thru the PIX:</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094a5a.shtml" target="_blank">http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094a5a.shtml</A></P><P></P><P></P><P>Hope this helps,</P><P></P><P>Jay</P></BODY></HTML> Thu, 29 Sep 2005 04:39:03 GMT jmia 2005-09-29T04:39:03Z https://community.cisco.com/t5/network-security/pptp-thru-pix-6-3-4/m-p/447655#M532704 <P>I am trying to allow an internal user</P><P>to access an external PPTP server thru</P><P>our PIX 6.3(4). I added the needed fixup</P><P>protocol "fixup protocol pptp 1723". I am allowing the needed protocols thru and back in (currently testing with allow ip for specific hosts"). I even tried using a 1-to-1 NAT for the internal host to no avail.</P><P>Currently, the user attempts login, registers on network, and after about a minute the following msg comes back:</P><P>"Error 734: The PPP Link control protocol was terminated"</P><P></P> Fri, 21 Feb 2020 08:25:46 GMT https://community.cisco.com/t5/network-security/pptp-thru-pix-6-3-4/m-p/447655#M532704 davidculp 2020-02-21T08:25:46Z https://community.cisco.com/t5/network-security/pptp-thru-pix-6-3-4/m-p/447656#M532705 <HTML><HEAD></HEAD><BODY><P>You need as allready mentioned the <FIXUP protocol="" pptp="" 1723=""> and an access-list entry, that let pass PPTP outbound, if you have configured an access-list on the inside interface.</FIXUP></P><P></P><P>Try to enable globaly PPTP by using:</P><P>sysopt connection permit-ipsec</P><P># Allow PPTP traffic to bypass conduit or access-list command statement checking.</P><P></P><P>Reset the translation table after that:</P><P>clear xlate</P><P></P><P>sincerely</P><P>Patrick</P><P></P></BODY></HTML> Wed, 28 Sep 2005 13:57:10 GMT https://community.cisco.com/t5/network-security/pptp-thru-pix-6-3-4/m-p/447656#M532705 Patrick Iseli 2005-09-28T13:57:10Z https://community.cisco.com/t5/network-security/pptp-thru-pix-6-3-4/m-p/447657#M532706 <HTML><HEAD></HEAD><BODY><P>Thanks for the quick reply. I still have a couple of questions.</P><P>1) Should I use the command sysopt connection permit-pptp instead ?</P><P>2) Would this be the only way to get it to work ? Bypassing the normal conduits/ACLS globally seems </P><P>to be a 'last resort' method. Would not my current </P><P>ACLS allowing all ip (in and out) to the hosts suffice ?</P><P>Thanks,</P><P>David</P><P></P></BODY></HTML> Wed, 28 Sep 2005 17:40:35 GMT https://community.cisco.com/t5/network-security/pptp-thru-pix-6-3-4/m-p/447657#M532706 davidculp 2005-09-28T17:40:35Z https://community.cisco.com/t5/network-security/pptp-thru-pix-6-3-4/m-p/447658#M532708 <HTML><HEAD></HEAD><BODY><P>David,</P><P></P><P>1.) Of course I meaned &lt; sysopt connection permit-pptp &gt;, sorry about that. I draged and droped the wrong line.</P><P></P><P>2.) No you should just be sure that the protocol GRE and PPTP = TCP 1723 is able to connect to the outside world.</P><P></P><P>The &lt; sysopt connection permit-pptp &gt; could be used to check if it is just an access-list problem.</P><P></P><P>sincerely</P><P>Patrick</P><P></P></BODY></HTML> Wed, 28 Sep 2005 18:50:52 GMT https://community.cisco.com/t5/network-security/pptp-thru-pix-6-3-4/m-p/447658#M532708 Patrick Iseli 2005-09-28T18:50:52Z https://community.cisco.com/t5/network-security/pptp-thru-pix-6-3-4/m-p/447659#M532710 <HTML><HEAD></HEAD><BODY><P>David,</P><P></P><P>Here's the documentation on how to allow PPTP traffic thru the PIX:</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094a5a.shtml" target="_blank">http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094a5a.shtml</A></P><P></P><P></P><P>Hope this helps,</P><P></P><P>Jay</P></BODY></HTML> Thu, 29 Sep 2005 04:39:03 GMT https://community.cisco.com/t5/network-security/pptp-thru-pix-6-3-4/m-p/447659#M532710 jmia 2005-09-29T04:39:03Z