GRE & PPTP behavior

m-mneimneh · ‎05-05-2007

Hi All,

i have at my site a Win2k that i'm using as RRAS & VPN; it has 1 interface on a DMZ, and another on the internal LAN.

as an additional step, i configured an inbound ACL on my gateway's WAN interface {see attached file}.

when i try to initiate a VPN connection with an office, opening GRE & PPTP {tcp port 1723} between the two peers does not make it work; i need to open ip as well.

any insight please?

wong34539 · ‎05-10-2007

This problem may occur if connection is failing between the peers. Make sure that you have given correct and matching encryption methods and pre shared keys. Following links may help you

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455ad9.html

http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/ipsecstd.html

joshua.walton · ‎05-12-2007

Try something for me please.

Move the GRE to line 1 and see what happens. I think I did this in the past and it worked. We wont know until you try it. ;o)

1 permit gre host remote_VPN host 213.42.78.28

m-mneimneh · ‎05-18-2007

i reordered the ACL entries; i now see multiple types of behavior:

10 permit gre host R1 host 213.42.78.28 (115593 matches)

11 permit tcp host R1 host 213.42.78.28 eq 1723 (84 matches)

12 permit ip host R1 host 213.42.78.28 (1034 matches)

20 permit gre host R2 host 213.42.78.28 (10245 matches)

21 permit tcp host R2 host 213.42.78.28 eq 1723

22 permit ip host R2 host 213.42.78.28 (1156 matches)

30 permit gre host R3 host 213.42.78.28 (17865 matches)

31 permit tcp host R3 host 213.42.78.28 eq 1723 (1152 matches)

32 permit ip host R3 host 213.42.78.28

each peer seems to have its own requirements. what do you think?