I'm trying to configure a PPTP tunnel for remote users to access inside network resources, before enabling the firewall (ZBPF) all worked perfectly, tunnel comes up and worked perfectly.
Once I've tried to define zone-pair/policy-maps the VPN connection never came up again. Here is my firewall configuration:
class-map type inspect match-all PPTP-Pass-Through-Traffic match access-group name PPTP-PASS-THROUGH class-map type inspect match-any All-Traffic match protocol tcp match protocol udp match protocol icmp class-map type inspect match-all Router-Access-Traffic match access-group name Router-Access class-map type inspect match-all PPTP-Terminated-Traffic match access-group name PPTP-TERMINATED ! ! policy-map type inspect PPTP-In-Policy class type inspect All-Traffic inspect class class-default drop log policy-map type inspect Out-In-Policy class type inspect PPTP-Pass-Through-Traffic pass class class-default drop policy-map type inspect In-Out-Policy class type inspect All-Traffic inspect class class-default drop log policy-map type inspect Out-Self-Policy class type inspect Router-Access-Traffic pass class type inspect PPTP-Terminated-Traffic inspect class class-default drop log ! zone security outside zone security inside zone security pptp zone-pair security outside-self source outside destination self service-policy type inspect Out-Self-Policy zone-pair security pptp-in source pptp destination inside service-policy type inspect PPTP-In-Policy zone-pair security inside-outside source inside destination outside service-policy type inspect In-Out-Policy !
ip access-list extended PPTP-PASS-THROUGH permit gre any any ip access-list extended PPTP-TERMINATED permit gre any any permit tcp any any eq 1723 ip access-list extended Router-Access permit tcp any any eq telnet permit tcp any any eq 22 permit tcp any any eq 443 !
pptp zone is associated with the Virtual-Template used for the pptp connections.
Here is the error log message:
Jul 13 17:46:47: %FW-6-DROP_PKT: Dropping Unknown-l4 session X.X.X.X:0 Y.Y.Y.Y.14:0 on zone-pair outside-self class class-default due to DROP action found in policy-map with ip ident 0
where XXXX is the remote IP (for the user who's trying to connect)
and YYYY is the router IP address.
Version 12.4(24)T3, RELEASE SOFTWARE (fc2)
The remote client (windows software) give the following error after a while (freeze on authenticating user and password):
Error 734: The PPP link control protocol was terminated
This video provides the steps to configure the Cisco Threat Response (CTR) and ESA Integration.
This is live on the portal:https://video.cisco.com/video/6159336218001
And on YouTube:https://www.youtube.com/watch?v=UCKIdx5rdFg
I need to migrate from C170 to C190 and have already match to the same Firmware Version. I have a question. Is there any method that can export and import the configuration file instead of form cluster ?
This AMA will serve as the Q&A for the Cisco Live Digital breakout DGTL-BRKSEC-1011 - "A Challenger Appears: Defending Mailboxes in the Cloud" which covers a brand new product which will be announced during the event: Cloud Mailbox Defense.
I've fixed this before but now I'm running into a different type of an issue. My firewall isn't booting to the image so I have to keep reloading the image onto the ASA. Any help would be appreciated. Also my Config-Register is set to 0x1. As of right now,...
Join us live on Tuesday, May 19th at 10 am PT (and on demand after) as we officially bust the myths around SMBs and cybersecurity. Join our experts for a live Cisco Chat - we'll share some fascinating survey results, and outline key factors for a suc...