01-25-2008 09:10 PM - edited 02-21-2020 03:30 PM
I work for a company that is a small ISP. We have customers that we provide managed firewall to. I have one such customer that is using L2TP and PPtP behind my FWSM in a 6500. The VPN users authenticate inbound and I have no problem with the PPtP users but the L2TP user can't seem to login. Here is my ACL.
access-list 200 extended permit gre any host 10.100.212.138
access-list 200 extended permit tcp any host 10.100.212.138 eq pptp
access-list 200 extended permit udp any host 10.100.212.138 eq 1701
access-list 200 extended permit icmp any host 10.100.212.138
access-list 200 extended permit esp any host 10.100.212.138
access-list 200 extended permit tcp any host 10.100.212.138 eq 1701
access-list 200 extended permit udp any host 10.100.212.138 eq 3389
access-list 200 extended permit udp any host 10.100.212.138 eq isakmp
access-list 200 extended permit udp any host 10.100.212.138 eq 4500
Any suggestions?
01-25-2008 10:07 PM
I see that you have the necessary ports open for PPTP, L2TP and IPSEC.
Is 10.100.212.138 the server that your customer is terminating the L2TP Tunnels. What about the ACL applied on the inside interface, is it permitting L2TP. What happens if the customer bypasses FWSM with the client, does it work. Also, are all L2TP Connections failing or is it only one user.
What code are you running on the 6500 and FWSM.
Regards,
Arul
** Please rate all helpful posts **
01-27-2008 04:48 PM
Thanks for the reply. I do not have any ACLs on the outside. I am double NATing is that an issue?
Here are my software versions:
s72033-adventerprisek9_wan-mz.122-18.SXF4.bin
FWSM Firewall Version 2.3(2)
FWSM Device Manager Version 4.1(1)
01-27-2008 09:53 PM
Which traffic are you double NATing?
Are you doing L2TP or L2TP/IPSEC. If you are doing L2TP/IPSEC, then you may want to make sure that you have all the patch installed from Microsoft to support NAT and also enable NAT-T Support on the VPN Server.
Also, What happens if you bypass the FWSM, does the same client work.
Regards,
Arul
** Please rate all helpful posts **
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide