Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2413
Views
0
Helpful
1
Replies

L2TP/PPTP VPN over an IPSEC site-to-site

m.slotboom
Level 1
Level 1

‎11-24-2010 01:16 PM - edited ‎02-21-2020 04:59 PM

Hello,

In our organisation we have a IPSEC site-to-site VPN between our corporate Cisco ASA5510 and a Cisco ASA 5505 on a remote location.

The VPN works fine, traffic is send between the networks.

But on the remote location we have a windows server that creates a L2TP/PPTP VPN (port 16000) to another server on the corporate site.

The L2TP/PPTP VPN is not coming up. I can see that the traffic on port 16000 reaches the corporate site (in the logging on the ASA5510).

I already inspect PPTP on the both asa's. The routings are correct, traffice flows to both subnets.

Can it have something to do with MTU size?

Please advice...

Labels:
0 Helpful
1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

‎11-24-2010 04:26 PM

Not quite sure what you mean by port 16000.

The default protocol and port for PPTP is TCP/1723 and GRE, while L2TP is UDP/1701 and GRE, and inspecting PPTP on both ASA will not work if you change it to the non default port. Can you please advise which part (control or data of PPTP is changed to port 16000)? Assuming it's the control, then you would need to configure port 16000 specific to be inspected by PPTP.

0 Helpful
Customers Also Viewed These Support Documents