×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

PPTP VPN is not establishing...

Unanswered Question
Jan 19th, 2007
User Badges:
  • Gold, 750 points or more

Tnl 27 PPTP: Tunnel created; peer initiated

Tnl 27 PPTP: SCCRQ-ok -> state change wt-sccrq to estabd

Tnl/Cl 27/27 PPTP: l2x store session: tunnel id 27, session id 27, hash_ix=27

Tnl/Cl 27/27 PPTP: vacc-ok -> state change wt-vacc to estabdPPTP mgmt daemon wak

eup, major = 1


Tnl 27 PPTP: timeout -> state change estabd to estabdPPTP mgmt daemon wakeup, ma

jor = 1


Tnl 27 PPTP: timeout -> state change estabd to estabd

Tnl 27 PPTP: timeout -> echo state change Idle to wt-echorp

Tnl 27 PPTP: EchoRP -> state change estabd to estabd

Tnl 27 PPTP: EchoRP -> echo state change wt-echorp to IdlePPTP mgmt daemon wakeu

p, major = 1


Tnl 27 PPTP: timeout -> state change estabd to estabd

Tnl 27 PPTP: timeout -> echo state change Idle to wt-echorp

Tnl 27 PPTP: EchoRP -> state change estabd to estabd

Tnl 27 PPTP: EchoRP -> echo state change wt-echorp to Idle

Tnl/Cl 27/27 PPTP: ClearReq -> state change estabd to terminal

Tnl/Cl 27/27 PPTP: Destroying session

Tnl 27 PPTP: no-sess -> state change estabd to wt-stprp

Tnl 27 PPTP: StopCCRQ -> state change wt-stprp to wt-stprp

Tnl 27 PPTP: Destroy tunnel


can any one help me to rectify this issue?

i am using PIX 515 version 6.3 for PPTP VPN and i have microsoft client... i tried it but its giving above error so please help me for the same...


regards

Devang

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Daniel Voicu Sat, 01/20/2007 - 02:47
User Badges:
  • Silver, 250 points or more

Hi Devang,


The problem is that when you initiate a PPTP from inside, it goes as a TCP packet, but then the server will initiate a GRE tunnel from outside. This traffic will be dropped by the firewall.

http://www.microsoft.com/technet/community/columns/cableguy/cg0103.mspx


You have two alternatives:


1. add PPTP to inspection: fixup protocol pptp 1723 (the default port)

2. add an ACL statement on the outside interface permitting GRE from the server to the LAN (Public, that is, NATed IPs).


Please rate if this helped.


Regards,

Daniel

Actions

This Discussion