1. Home
  2. Cisco Systems
  3. outbound VPN access through PIX with fixup pptp

outbound VPN access through PIX with fixup pptp

I am having problems connecting to a client's site using windows VPN through a cisco PIX 506e.

After some searching I found that I should have configured the following which I have: fixup protocol pptp 1723 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 global (outside) 1 interface

from:

formatting link
If I use a pix 501 with basic settings (below "simple") I have no problems connecting:

how ever If I use the live inherited 506e (below "detailed" same version 6.3(5)) windows XP fails with a 800 error almost immediately. outside vpn can be pinged though. Can someone point out what I have on the 506e that is in the wrong place or shouldn't be there or if my vpn rules to other offices are causing the issue.

---- simple 501 ----- ciscopix# wr t Building configuration... : Saved : PIX Version 6.3(5) interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password X encrypted passwd X encrypted hostname ciscopix fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol pptp 1723

Reply to
darkcape
Loading thread data ...

I was able to get this resolved using the following commands: access-list outside_access_in permit tcp any any eq pptp static (inside,outside) tcp interface 47 (client vpn site) 47 netmask

255.255.255.255 0 0

that allowed the connection to work. however terminal services we failing but I believe that to be a completely different issue

Reply to
darkcape

Sounds suspicious to me. PPTP doesn't use TCP port 47: PPTP uses IP *protocol* 47 (GRE). GRE is on the same level as TCP and UDP in the IP hierarchy, not a TCP port. And the PIX doesn't offer any 'static' command to static GRE.

>
Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.