04-29-2004 06:04 PM - edited 02-21-2020 01:08 PM
I am currently using windows remote access server to manage vpn connections, and want to continue to do so for the time being. My config for vpn is as follows:
access-list outside permit tcp any any eq pptp
static (inside, outside) tcp 24.97.9.11 pptp 192.168.5.10 pptp
it gets through and begins to authenticate, but then stops and times out. Can someone tell me what else needs to be done to allow vpn using microsoft RAS?
04-29-2004 07:24 PM
PPTP uses two protocols, TCP/1723 and GRE. GRE is not a TCP/UDP based protocol, it sits right on top of IP, so you can't jsut create a port static like you have, it has to be a one-to-one static, so you'll need a second valid IP address for this to work. If 24.97.9.11 is not used for anything else then you can use it, your config will look like:
access-list outside permit tcp any host 24.97.9.11 eq pptp
access-list outside permit gre any host 24.97.9.11
static (inside, outside) 24.97.9.11 192.168.5.10
04-30-2004 07:10 AM
If at all possible I don't want to do it using a 1-1 static.
I tried the following:
fixup protocol pptp 1723
access-list ethernet0 permit tcp any any eq pptp
access-list ethernet0 permit gre any any
static (inside, outside) tcp 24.97.9.11 pptp 192.168.5.10 pptp
This setup gets me connected. Though sometimes it takes 2 or 3 tries to connect, but it works and is fully functional as far as I can tell.
Has anyone tried this? Has it worked well for you, or did you have to change it to a 1-1 for some reason?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide