Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
671
Views
0
Helpful
3
Replies

Pix 515-e and PPTP VPN

sonitadmin
Level 1
Level 1

‎11-19-2010 05:32 AM

Client has Pix 515-e with multiple static NAT entries setup.  One static NAT does to one division of the company, a second to a different.  The first one will allow PPTP connections just fine to a 2003 RRAS server.  The second has an XP box with dial in setup but cannot get it to allow PPTP into it.

I have setup rules on the firewall to allow the PPTP traffic but it doesn't work.  I know traffic is going there though becuase I setup an RDP rule and that works just fine.

Any ideas on what I could be missing?

Thanks!

Labels:
0 Helpful
3 Replies 3

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎11-19-2010 08:02 AM

Hi,

To allow PPTP connections to the internal server you need the static NAT and the ACL permitting TCP 1723 and GRE to the NAT IP.

Do you have the ACL in place and if so, is it getting hitcounts? (sh access-list)

Federico.

0 Helpful

Cisco_guest12
Level 1
Level 1
In response to Federico Coto Fajardo

‎11-24-2010 01:48 AM

I do not have the ACL here.

0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to Cisco_guest12

‎11-24-2010 06:13 AM

Daniel,

What I'm saying is that if you have a PPTP server behind the PIX, in order to access that server from the outside you need an ACL (besides the static NAT).

Federico.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents