Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
838
Views
3
Helpful
4
Replies

PPTP VPN question

brianj
Level 1
Level 1

‎12-31-2004 02:44 PM

I have a 4 site VPN setup using a Hub and Spoke topology allowing PPTP connections to site A (Hub site) configured and working well. I am able to get to each site from site A and am able to get into site A using a pptp connection.

The sites are addressed as follows:

Site A: 10.0.1.0/24

Site B: 10.0.2.0/24

Site C: 10.0.3.0/24

Site D: 10.0.4.0/24

pptp users: 10.0.6.0/24

My question is this. Is it possible for the pptp connections, when connected to site A, to get to the spoke sites (B,C, and D)?

Thanks,

Brian

Labels:
0 Helpful
4 Replies 4

aftermath
Level 1
Level 1

‎12-31-2004 04:14 PM

Hi Brian,

You'll have to enable GRE in the outside access list, or enable Sysopt for PPTP.

fixup protocol pptp 1723

access-list acs-outside permit tcp host PartnerPublicIP host PPTP-Public eq pptp

access-list acs-outside permit gre host PartnerPublicIP host PPTP-Public

access-group acs-outside in interface outside

static (inside,outside) PPTP-Public PPTP-User-Server-IP netmask 255.255.255.255 0 0

There is also the: "sysopt connection permit-pptp" this will ignore ACL statements for incomming and outcomming connections and permit gre and pptp.

0 Helpful

brianj
Level 1
Level 1
In response to aftermath

‎12-31-2004 04:41 PM

Thanks for the response.

I have enabled sysopt for PPTP and it still doesn't work.

Just so that I am clear. In the ACL's for the PPTP-Public addresses, the PPTP connections are coming from home users. Would you just put "any" there?

Will I need to create an ACE for each PartnerPublicIP?

Also, on the static statement the PPTP-User-Server-IP, is this the IP of the Hub pix that has the vpdn accounts?

Lastly, will I need to add the information into each of the sites or only the hub site?

Thanks so much!

Brian

0 Helpful

Vikas Saxena
Cisco Employee
Cisco Employee
In response to brianj

‎01-03-2005 10:27 AM

If the hub is a pix then it will not be possible because PIX will not bounce the traffic. (Redirection to site B from Site A).

If it is anyother cisco device like a concentrator or a router then you need to allow the PPTP pool in the interesting traffic list of each site back and forth.

Hope this will help

brianj
Level 1
Level 1
In response to Vikas Saxena

‎01-03-2005 01:35 PM

Thanks for the information. The devices are all Pix. Your insight confirms what I previously learned from someone else.

Thanks again,

Brian

0 Helpful
Customers Also Viewed These Support Documents