allowing pptp through firewall

Unanswered Question
Dec 5th, 2007

Hi all can anyone tell me what ports I need to allow for someone inside my network to vpn outbound to another location using pptp windows vpn.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
kagodfrey Wed, 12/05/2007 - 08:20

Hi Carl

This document explains exactly how to enable PPTP VPNs to traverse a pix/asa:

Nutshell: If your firewall is not pptp aware (i.e. like pix with pre 6.2 software) you need to set up a 1 to 1 static NAT (PAT won't work) from your inside host to a public address and allow GRE (IP protocol 47) inbound as well as PPTP (TCP port 1723) outbound on your firewall.

If you have a pix etc with post 6.2 s/w, then "fixup protocol pptp" should work.



carl_townshend Thu, 12/06/2007 - 07:16

do I still need to do this even if I am the client, I need to connect outside my company to a pptp server hosted outside.

do i still need to use nat? if I dont have fixup?

what is fixup used for ?


This Discussion