topic PPTP via ASA in Network Security https://community.cisco.com/t5/network-security/pptp-via-asa/m-p/985114#M941495 <P>I have two ASA that connect to the Internet. I don't do any static NATTING on my inside network. My users have been trying to establish a VPN session using Microsoft VPN but without much success. </P><P></P><P>First Firewall</P><P>ccess-list INSIDE line 244 extended permit tcp 10.33.0.0 255.255.0.0 host x.x.x.x eq pptp (hitcnt=19)</P><P>access-list INSIDE line 246 extended permit gre 10.33.0.0 255.255.0.0 host x.x.x.x (hitcnt=8)</P><P>access-list pptp_inspection line 5 extended permit ip 10.33.0.0 255.255.0.0 host x.x.x.x(hitcnt=6)</P><P>class-map pptp</P><P> description Policy to allow hosts to PPTP </P><P> match access-list pptp_inspection</P><P></P><P>policy-map pptp</P><P> class pptp</P><P> inspect pptp </P><P>policy-map global_policy</P><P> class http-map1</P><P> set connection advanced-options mss-map</P><P>policy-map global-policy</P><P> class global-class</P><P> inspect icmp error </P><P> inspect snmp </P><P> inspect icmp </P><P> inspect ftp </P><P> inspect dns </P><P> inspect pptp </P><P> class http-map1</P><P> set connection advanced-options mss-map</P><P></P><P>The second firewall has pretty much the same configution. </P><P></P><P>LAN&lt;-&gt;1stFW&lt;-&gt;SW&lt;-&gt;2ndFW&lt;-&gt;SW&lt;-&gt;Internet</P> Mon, 11 Mar 2019 12:12:09 GMT Tshi M 2019-03-11T12:12:09Z PPTP via ASA https://community.cisco.com/t5/network-security/pptp-via-asa/m-p/985114#M941495 <P>I have two ASA that connect to the Internet. I don't do any static NATTING on my inside network. My users have been trying to establish a VPN session using Microsoft VPN but without much success. </P><P></P><P>First Firewall</P><P>ccess-list INSIDE line 244 extended permit tcp 10.33.0.0 255.255.0.0 host x.x.x.x eq pptp (hitcnt=19)</P><P>access-list INSIDE line 246 extended permit gre 10.33.0.0 255.255.0.0 host x.x.x.x (hitcnt=8)</P><P>access-list pptp_inspection line 5 extended permit ip 10.33.0.0 255.255.0.0 host x.x.x.x(hitcnt=6)</P><P>class-map pptp</P><P> description Policy to allow hosts to PPTP </P><P> match access-list pptp_inspection</P><P></P><P>policy-map pptp</P><P> class pptp</P><P> inspect pptp </P><P>policy-map global_policy</P><P> class http-map1</P><P> set connection advanced-options mss-map</P><P>policy-map global-policy</P><P> class global-class</P><P> inspect icmp error </P><P> inspect snmp </P><P> inspect icmp </P><P> inspect ftp </P><P> inspect dns </P><P> inspect pptp </P><P> class http-map1</P><P> set connection advanced-options mss-map</P><P></P><P>The second firewall has pretty much the same configution. </P><P></P><P>LAN&lt;-&gt;1stFW&lt;-&gt;SW&lt;-&gt;2ndFW&lt;-&gt;SW&lt;-&gt;Internet</P> Mon, 11 Mar 2019 12:12:09 GMT https://community.cisco.com/t5/network-security/pptp-via-asa/m-p/985114#M941495 Tshi M 2019-03-11T12:12:09Z Re: PPTP via ASA https://community.cisco.com/t5/network-security/pptp-via-asa/m-p/985115#M941496 <HTML><HEAD></HEAD><BODY><P>I fixed it. Because of our complex environment, the GRE traffic were being blocked at various points (DMZ switches and Internet router)</P></BODY></HTML> Tue, 04 Mar 2008 21:06:23 GMT https://community.cisco.com/t5/network-security/pptp-via-asa/m-p/985115#M941496 Tshi M 2008-03-04T21:06:23Z