04-06-2007 07:17 AM - edited 03-11-2019 02:57 AM
We are using a Pix 535 firewall and we're trying to establish a VPN connection from inside our network to another network. (not site-to-site VPN).
This is just a simple connection using the Windows VPN client. On the firewall logs we are getting:
Deny TCP (no connection) (172.16.x.x /2903) to (64.42.x.x/1723) flags PSH ACK on interface inside
Deny TCP src outside:(64.42.x.x/1723) dst inside: (216.110.x.x/54922) by access-group "aclout"
The weird thing is that sometimes it connects and sometimes it doesn't. (i.e. if you try to VPN a few times, it will start working).
It seems that when the reply comes back on a high number port sometimes it works and sometimes it doesn't.
The other side is using a Microsoft VPN server. I checked with a tech on the other side and they don't have any call back features enabled.
We can successfully VPN to other networks just fine.
I'm thinking that sometimes the other side resets the connection, so our firewall sees it as a brand new connection and it denies it.
Any ideas??
04-07-2007 06:25 PM
What OS is your PIX 535? Have you enabled fixup protocol pptp 1723 (6.x) or inspect pptp (7.x)?
04-08-2007 08:36 PM
can you post your config here,...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide