We get the following log entries:
305011: Built dynamic TCP translation from inside:10.0.0.72 to outside: 10.0.1.253/7382 302013: Built outbound TCP connection 8904 for outside:123.456.789.238/1723 (123.456.789.238/1723) to inside:10.0.0.72/2995 (10.0.1.253/7382) 305011Built dynamic GRE translation from inside:10.0.0.72/1723 to outside:10.0.1.253/11 305011: Built dynamic GRE translation from inside:10.0.0.72/49152 to outside:10.0.1.253/12 302017: Built inbound GRE connection 8905 from outside:123.456.789.238 (123.456.789.238) to inside:10.0.0.72/49152 (10.0.1.253/12) 302017: Built inbound GRE connection 8905 from inside:10.0.0.72(10.0.1.253) to outside:123.456.789.238/1723 (123.456.789.238/1723) 302014: Teardown TCP connection 8904 fro outside:123.456.789.238/1723 to inside:10.0.0.72/2995 duration 0:00:30 bytes 536 TCP FINS 302018: Teardown GRE connection 8905 from outside:123.456.789.238 to inside:10.0.0.72/49152 duration 0:00:30 bytes 450 302018: Teardown GRE connection 8906 from inside:10.0.0.72 to outside:123.456.789.238/62392 duration 0:00:30 bytes 0 305012: Teardown dynamic GRE translation from inside:10.0.0.72/1723 to outside:10.0.1.253/11 duration 0:00:31In the above:
10.0.0.72 is my PC in the office 10.0.1.253 is the PIX outside interface 123.456.789.238 is the remote VPN serverI get the 'verifying username/password' message and then it times out with a 721 or 619 error.
The log looks as though my rules are allowing 1723 & GRE traffic through OK - can you help me with why these connections are failing?
We connect to a number of VPN servers outside to support our client's networks, and they all behave the same way. We can access them fine if we don't go through the PIX.
Cheers
Rob