ASA 5505 and PPTP tunnel

Unanswered Question
Oct 14th, 2009

This could be related to a previous conversation of mine: http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Firewalling&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40.2cd34318

This has now come up:

Host A on my network (behind the ASA) can connect to this 3rd Party vendor, Host B, through Host B's PPTP VPN tunnel.

Once connected, they run a proprietary program and have no issues. The problem is that Host B needs to be able to print to Host A's printer. When he tries to bring up \\10.10.10.33\ (host a's vpn address), he gets an error. Yet they are able to ping back and forth fine.

Another thing: Host A can bring up Host B's shared items ( \\10.10.10.32\ ).

So is there anything else that needs to be enabled on the ASA? Last time, the solution was adding "inspect pptp" and all was good. Anything else I'm missing?

Thanks for any help

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
Panos Kampanakis Wed, 10/14/2009 - 13:58

PPTP inspection should be enough.

Depending on the ASA code version there was a defect on the ASA that would cause tunnel PPTP issues. That is CSCsy87867 fixed in 7.2.4.32 and 8.0.4.30.

Captures on the inside and outside of the ASA could show you packets dropped when you try to bring up the shared items.

PK

scott.bridges Wed, 10/28/2009 - 17:42

Hmm,

I have this:

ciscoasa# sh ver

Cisco Adaptive Security Appliance Software Version 7.2(4)

Device Manager Version 5.2(4)

I can't tell if this is .32 or not. Is there a way to know for sure?

hdashnau Sat, 11/07/2009 - 06:50

You are not running .32 If you were it would say 7.2(4) 32 in that "show ver" output.

-heather

Actions

This Discussion