05-30-2012 06:45 AM - edited 03-11-2019 04:13 PM
Hello,
Trying to access Microsoft VPN (on the internet-outside zone) server from Microsoft VPN client (inside zone)
On ASA - allowed all outbound traffic from inside to outside-internet and all traffic is blocked from internet-outside to internet.
VPN client seems to be not working in this case. When firewall was bypased Microsoft VPN client got connected to Remote Microsoft VPN server.
Do we need to enable GRE from outside to inside for this work? ( along with corresponding static NAT entry for the remote Microsoft VPN server)
Microsoft tech support document did mention about permitting GRE through firewall but it's not stating any direction.
Please share the experience.
Thanks in advance
Subodh
Solved! Go to Solution.
05-31-2012 09:13 AM
Yes, once the inspection is enabled for PPTP, ASA will automatically open hole for GRE as per stated in the documentation advised earlier.
05-30-2012 06:54 AM
Please enable "inspect pptp" that would allow the GRE connection.
Here is the command for your reference:
http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/i2.html#wp1741718
05-31-2012 08:02 AM
Thanks for the link.
So when we enable the inspection for PPTP (similar to other protocols those are already configured for inspection) will the ASA permit the GRE traffic to cross from outside to inside?
As wireshark-packetcapture shows first GRE packet coming from the Microsoft VPN server to the client indicating that ------- "Server is initiating the GRE connection".
Please advice.
Thanks in advance.
Cheers!
S.
05-31-2012 09:13 AM
Yes, once the inspection is enabled for PPTP, ASA will automatically open hole for GRE as per stated in the documentation advised earlier.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide