VPN Client Remote Access from Private Network

li.simon · ‎04-21-2003

Dear Sir,

Below is my VPN configuration on PIX515 and works for VPN client to dial in from a public network.

I am having problem to connect this PIX515 VPN from a client at inside interface of PIX525.

I got error message at client computer: "Error 721: The remote computer did not respond".

I need to dial in this PIX515 VPN from a vpn client at inside interface of PIX525. My PIX525 Firewall is working and in production. Can someone help ? Thanks. -Simon

ip local pool localip 192.168.101.1-192.168.101.254

vpdn group 1 accept dialin pptp

vpdn group 1 ppp authentication chap

vpdn group 1 ppp authentication mschap

vpdn group 1 ppp encryption mppe auto

vpdn group 1 client configuration address local localip

vpdn group 1 client authentication local

vpdn group 1 client configuration dns 192.168.100.30

vpdn group 1 client configuration wins 192.168.100.30

vpdn username pix password cisco

vpdn enable outside

Access-list 102 permit ip 192.168.100.0 255.255.255.0 192.168.101.0 255.255.255.0

NAT (inside) 0 access-list 102

sysopt connection permit-pptp

sysopt connection permit-l2tp

afakhan · ‎04-21-2003

Hi,

make sure that your pix-525 (pptp pass thru) , is configured with PPTP fixup, and doesn't block tcp1723 and GRE protocol.

thx

Afaq

li.simon · ‎04-21-2003

Thanks for your prompt reply. My pix525 is not configured with PPTP fixup and I am not sure if my pix525 block tcp1723 and GRE protocol or not. Can you show me how to configure PPTP fixup and how to check if my pix525 block tcp1723 and GRE protocol or not. Thanks again. -Simon

gfullage · ‎04-21-2003

On the 525 you need to be running v6.3 software, and configure the following:

> fixup protocol pptp 1723

This should dynamically create the GRE and PPTP connections necessary for you.

li.simon · ‎04-22-2003

my pix525 is running v6.2(1). Can you show me the command that will work on v6.2(1)? Thanks. -Simon