Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
436
Views
0
Helpful
5
Replies

PIX 501 ver 6.3(1) only answers every other ping.

jasonhumes
Level 1
Level 1

‎06-12-2003 09:46 AM - edited ‎02-20-2020 10:48 PM

Hello

I've got a PIX 501 running ver 6.3(1) and for some reason when I try to ping the outside interface it only responds to ever other ping. And the main problem is that when I try to connect to the pix via PPTP VPN from W2K Pro machine, it gets to the authenticating user/pass screen but it seems to hang from and never authenticates and then eventually failes. Yet, when I go to where the pix is physically located, and plug into the outside interface directly, I get an instant response and full connection. Any ideas. thanks very much.

0 Helpful
5 Replies 5

wmartini
Level 1
Level 1

‎06-12-2003 12:22 PM

This command block ping in outside inteface: icmp deny any outside

PIX versions 6.3 and later support PPTP pass through or PPTP over PAT using the PPTP fixup feature. This feature lets PPTP traffic traverse the PIX when configured for PAT. The PIX will perform stateful PPTP packet inspection in the process. To configure PPTP fixup on the PIX, refer to the section on PPTP configuration in Configuring Application Inspection (Fixup). The fixup protocol pptp 1723 command configures PPTP fixup.

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_q_and_a_item09186a00800946ef.shtml

0 Helpful

jasonhumes
Level 1
Level 1
In response to wmartini

‎06-12-2003 12:24 PM

OK, umm, I'm using PPTP to connect TO the PIX itself, so I dont think that PPTP passthough would be an issue here, only if I was PPTPing 'through' the PIX...correct me if I'm wrong though. THanks

0 Helpful

jasonhumes
Level 1
Level 1

‎06-12-2003 12:26 PM

Here is some more info on this scenario. The debug output from debug PPTP:

603104: PPTP Tunnel created, tunnel_id is 49, remote_peer_ip is 216.94.101.6, ppp_virtual_interface_id is 6, client_dynamic_ip is 192.168.66.5, username is wedadmin, MPPE_key_strength is 128 bits

403102: PPP virtual interface 6 rcvd pkt with invalid protocol: fd, reason: mppe required but not active, tunnel terminated.

pix is configured with:

vpdn group 1 ppp encryption mppe 128 required

and the W2K Pro machine is set to require max strength encryption.

Thanks

0 Helpful

agoodwin
Level 1
Level 1
In response to jasonhumes

‎06-18-2003 05:43 AM

Do you have 3DES enabled on the PIX?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card