PIX 501 VPN to PIX 515

Unanswered Question
Oct 19th, 2005
User Badges:

I have a 515 at my main site and a 501 at a remote site. I cannot connect to main site using MS VPN (PPTP)from remote. Can someone give me some guidane in changing the 501 config. Otherare able to connect remotely to the 515 using same client and the 501 is a new install. Thanks in advance for the help.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
pkapoor Wed, 10/19/2005 - 09:06
User Badges:

I assume that the PPTP clients that cannot connect are residing behind the PIX-501. If yes, then open the following ports and protocols on the ACL of the PIX-501. This ACL will be applied to the outside interface of the 501.

access-list outside_acl permit udp any any eq 1723

access-list outside_acl permit gre any any

That should do it.

rpridgen Wed, 10/19/2005 - 12:09
User Badges:

Will port 47 need to be allowed also? If so what commands will I need to use? Thanks for your help on this.

pkapoor Wed, 10/19/2005 - 12:22
User Badges:

It is NOT port 47. It is protocol 47. The access-list is:

access-list outside_acl permit 47 any any


access-list outside_acl permit gre any any


This Discussion