PPTP outbound and IOS Zone Based Policy Firewalling

Unanswered Question
Jul 25th, 2008

I have a client trying to use PPTP outbound from a host on their DMZ. Their zone based policy firewall config appears essentially correct and all other traffic is egressing the 3845 router (DMZ to Internet) without issue. I had them add "match protocol pptp" to their inspect for that zone-pair. But he's still got no joy. Are there known problems with PPTP and ZBPF? Long ago there were problems with PPTP and PAT but I thought those had been resolved way back. (Please don't ask "why PPTP??" - it wasn't MY idea!) :-)

class-map type inspect match-any dmz-inet-ports

description ***DMZ to inet Access Ports***

match protocol pptp

match protocol icmp

match protocol tcp

match protocol udp

The image: c3845-advipservicesk9-mz.124-11.XW8.bin

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion