04-27-2011 02:38 PM - edited 03-11-2019 01:26 PM
Hi, we are not abble to connect to a outside PPTP vpn server;
The scenario is this :
Connections are started from inside netwok to a VPN server on the outside zone.
I have add these configs and still not working.
policy-map global_policy
class inspection_default
inspect pptp
i also have a acess-list for it.
access-list inside_access_in extended permit tcp object inside-network any eq pptp
access-list inside_access_in extended permit gre object inside-network any
access-group inside_access_in in interface inside
I am missing something or this is all configs i have to get done ?
Thanks.
Solved! Go to Solution.
04-27-2011 03:01 PM
Hi,
The static is just for testing purposes, where you able to get the logs? If we see that the GRE packets are being dropped, then there is definetly something wrong with the inspection, if not, it means that there may be something wrong with the server/client config, have you tried to connect to that server from another location?
Cheers
Mike
04-27-2011 02:46 PM
Hi,
Can you collect the logs? Also, would you please send us the output of the show service-policy? If you have another free IP, can you please set an static one to one and try?
Cheers
Mike.
04-27-2011 02:58 PM
Mike this is something that i am not following, since we have PAT in place and all services run fine why do we need a static nat and the need to use other valid internet address ?
Global policy:
Service-policy: global_policy
Class-map: inspection_default
Inspect: dns preset_dns_map, packet 11183, drop 0, reset-drop 0
Inspect: ftp, packet 0, drop 0, reset-drop 0
Inspect: h323 h225 _default_h323_map, packet 0, drop 0, reset-drop 0
tcp-proxy: bytes in buffer 0, bytes dropped 0
Inspect: h323 ras _default_h323_map, packet 0, drop 0, reset-drop 0
Inspect: netbios, packet 5, drop 0, reset-drop 0
Inspect: rsh, packet 0, drop 0, reset-drop 0
Inspect: rtsp, packet 0, drop 0, reset-drop 0
tcp-proxy: bytes in buffer 0, bytes dropped 0
Inspect: skinny , packet 0, drop 0, reset-drop 0
tcp-proxy: bytes in buffer 0, bytes dropped 0
Inspect: esmtp _default_esmtp_map, packet 0, drop 0, reset-drop 0
Inspect: sqlnet, packet 0, drop 0, reset-drop 0
Inspect: sunrpc, packet 0, drop 0, reset-drop 0
tcp-proxy: bytes in buffer 0, bytes dropped 0
Inspect: tftp, packet 0, drop 0, reset-drop 0
Inspect: sip , packet 4, drop 0, reset-drop 0
tcp-proxy: bytes in buffer 0, bytes dropped 0
Inspect: xdmcp, packet 0, drop 0, reset-drop 0
Inspect: ip-options _default_ip_options_map, packet 0, drop 0, reset-drop 0
Inspect: icmp, packet 20698, drop 0, reset-drop 0
Inspect: pptp, packet 219, drop 0, reset-drop 0
Thank you.
04-27-2011 03:01 PM
Hi,
The static is just for testing purposes, where you able to get the logs? If we see that the GRE packets are being dropped, then there is definetly something wrong with the inspection, if not, it means that there may be something wrong with the server/client config, have you tried to connect to that server from another location?
Cheers
Mike
04-27-2011 03:19 PM
I think the config is all there, i think its somwthing wrong with the server now.
This is all configs we should setup right ?
04-27-2011 03:46 PM
Hello,
Thats pretty much it. Totally should work with PAT with the inspection turned on:
If you have any questions, please feel free to let me know. Thanks for marking the question as answered
Cheers
Mike.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide