i am sorry for my late reply,

Muhammad.Eissa · ‎02-01-2016

Hello,

i have issue in my network , as part of the work we need to connect to outside PPTP server but its always fail , works only if we connect directly to the gateway router.

back behind the ASA the client cant connect , what is driving me crazy is when i do packet tracer with ASDM its show everything working fine ,

the below configuration is all i need to connect from client to outside server . also i have tried connect wireless and wired , but nothing

class-map inspection_default
 match default-inspection-traffic

policy-map global_policy
 class inspection_default
  inspect pptp

service-policy global_policy global

Philip D'Ath · ‎02-01-2016

That should work. Is it definitely using PPTP and not L2TP over IPSec (aka, is the client VPN configuration left on automatic and you have assumed it is PPTP)?

Using the ASDM log when trying to connect do you see anything being blocked or any warnings?

Muhammad.Eissa · ‎02-01-2016

this is the debug from the asa for two connection try , its always fail after the unknown -message show up

Philip D'Ath · ‎02-01-2016

What version of software are you using on your ASA?

I meant just the normal ASDM logging, not debugging (although the above is interesting to see). Are any packets getting dropped?

The above makes it looks like the workstation is doing the disconnect.

Muhammad.Eissa · ‎02-01-2016

we are working with Version 9.4(2) 5545 with firepower module what is driving me crazy that when i do packet tracer on the ASDM it show success for all steps and its working fine if i connect from anywhere and direct to the router , but not the ASA

Philip D'Ath · ‎02-01-2016

I'm not really a fan of the 9.4(x) train, as I have had other issues with it.

I don't think it is likely to fix it, but I would be tempted to go to 9.5(2)200. That train has been working well for me.

Muhammad.Eissa · ‎02-01-2016

i will keep looking and let you know the final result , thank you for the advice

Murat TASKIN · ‎02-03-2016

I have a same problems.How did you solve it ?

Muhammad.Eissa · ‎02-03-2016

i didn't solve it yet , i also found a line to go with

: SFR requested to drop GRE packet from outside , this was message from the syslog server that the ASA send log to it , so now i know where is the issue

but it was totally hidden as no alarm on IPS or blocked by any rules

i will tell you in details when i get it to work

Bnnetwork · ‎02-19-2016

Hi

I solved it simple creating a rule as you can see attached.

Hope to have helped you.

Muhammad.Eissa · ‎02-19-2016

thank you for this advice , but i have tried this before and didn't solve the case :D

i think i have another issue.

Muhammad.Eissa · ‎02-09-2016

i am sorry for my late reply, i found the solve.

i am using SSL Inspection , we has to remove the SSL Policy from the access policy after that its working, for now the TAC didn`t respond why that issue happen as its up-normal.

Bnnetwork · ‎02-19-2016

Hi

I have the same problem.

Can you be more specific when you says .. :

"...we has to remove the SSL Policy from the access policy after that its working".

Remove SSL Policy .. ?? Where ??

I have tried to do a Global Inspection specific that make the GRE pass.

After another inspection that redirect to SFR.

Same problem.....

Thanks for help...

Muhammad.Eissa · ‎02-19-2016

Bnnetwork:

Please tell me what version of FireSIGHt do u have, and i will try to explain based on it.

Bnnetwork · ‎02-19-2016

Hi

Thanks for the answer

I have 6.0.0-1005

Thanks again

PPTP Traffic Not Passing