I've got a bit of an odd scenario here, and I hope that someone may have come across is before.
I have a customer that is in the process of migratring from a netgear infrastructure to a cisco infrastructure, which is going to include an ASA5510 as the perimiter firewall. I have got the ASA up and running, and everything is working fine - except that I need to forward pptp (port 1723) to a server on the LAN. There are numerous other services (smtp, pop3, various web services) that I have successfully forwarded using port address translation to the outside interface, but for some reason pptp just won't work in this way.
When I look in the debug/syslog, it seems as though the TCP sessions establish and get torn down normally - so it's almost like nothing is wrong, but from the client perspective they just see the message 'verifying username & password' and eventually the session fails.
Here's some config extracts of what I have done - for example, port 100 is forward and works ok:
static (inside,outside) tcp interface 100 al-pri 100 netmask 255.255.255.255
object-group service Intranet tcp
port-object eq 100
access-list outside_access_in remark WAN->LAN Intranet to AL-PRI
access-list outside_access_in extended permit tcp any host al-pri object-group Intranet
and for the pptp forwarding, which isn't working:
static (inside,outside) tcp interface pptp al-pri pptp netmask 255.255.255.255
static (inside,outside) tcp interface 47 al-pri 47 netmask 255.255.255.255
object-group service VPN_Ports tcp
description PPTP VPN Ports
port-object eq 47
port-object eq pptp
access-list outside_access_in remark WAN->LAN VPN to AL-PRI
access-list outside_access_in extended permit tcp any host al-pri object-group VPN_Ports log debugging
Any help or advice would be really appreciated.