Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1293
Views
0
Helpful
4
Replies

SR520 PPTP Pass Through

michaelsobik
Level 1
Level 1

‎12-02-2010 10:40 AM

I have an SR-520-FE-K9 installed with the the latest IOS sr520-advipservicesk9-mz.124-24.T4.bin and default config.  Firewall is set to low.  I have one Windows XP PC connected to the LAN and am trying to VPN from it to a SBS 2003 VPN server on the WAN.  I am unable to connect to the VPN server with the firewall enabled.  Using the XP VPN Client I see "verifying username and password" then it times out with 721.  With the firewall settings deleted, I can connect to the remove VPN server with no problem. 

All configuration is being done through CCA 2.2(6) and I would really like to avoid doing anything in IOS since this thing is supposed to be supported exclusively through CCA.  Why are the firewall settings so limited in CCA?  Low, Medium, High.  Really, that's it? 

According to the SR520 data sheet PPTP should be supported, but I cannot find anywhere in CCA to turn this on or off.  This should be really simple.  Any ideas?  Thank you.

Secure connectivity:

• 10 SSL VPN tunnels
• 20 IPsec VPN tunnels
• Hardware-accelerated 3DES and AES
• Dynamic multipoint VPN (DMVPN)
• IPsec pass-through
• Point-to-Point Tunneling Protocol (PPTP) pass-through
• Stateful packet inspection firewall
• Intrusion prevention system
• Advanced application inspection and control
• Cisco IOS Content Filtering
• Network Address Translation (NAT) transparency
• 802.1
• Secure HTTP (HTTPS), FTP, and Telnet authentication proxies
• No service password recovery
• Access control lists (ACLs)

Labels:
0 Helpful
4 Replies 4

michaelsobik
Level 1
Level 1

‎12-02-2010 03:34 PM

Running config.

76316-running-config.txt.zip
0 Helpful

michaelsobik
Level 1
Level 1
In response to michaelsobik

‎12-13-2010 09:37 AM

Resolved via TAC #: 616220325

Resolution required IOS firewall changes which I'm not all that thrilled about since 100% of the configuration of this box has been done using CCA up to this point

config
ip access-list extended gre_in
permit gre any any
exit
ip access-list extended pptp_in
permit tcp any any eq 1723
exit
class-map type inspect gre_in
match access-group name gre_in
policy-map type inspect sdm-inspect-voip-in
class gre_in
pass
exit
class-map type inspect pptp_in
match access-group name pptp_in
policy-map type inspect sdm-inspect-voip-in
class pptp_in
inspect
(should see:No specific protocol configured in class pptp_in for inspection. All protocols will be inspected)
exit
I find it hard to believe VPN passthrough is not supported out of the box, especially since the data sheet for this router indicates that it is.  The TAC engineer told me he is not able to forward bug fixes or product improvement recommendations.  I would like to hear back from someone in development to discuss future inclusion, support in CCA, or at least to confirm that this feature is really not supported with the base config.  Thank you.

0 Helpful

mvaldes5901
Level 1
Level 1
In response to michaelsobik

‎05-17-2011 10:19 AM

I have the same issue and I have applied the soulution and it still does not work. Any ideas?

0 Helpful

mvaldes5901
Level 1
Level 1
In response to mvaldes5901

‎05-17-2011 10:48 AM

Here is my running config.

86469-Router config with PPTP pass through.txt.zip
0 Helpful
Customers Also Viewed These Support Documents