Hi all. One of our customers has a PIX 506. its config is attatched.
They temporarily have had a guy come in, and he needs to be able to MS PPTP to his SBS server, but it seems our PIX is blocking it.
We're getting error # 800 and the connection is being blocked by the PIX i think. Our PIX version is 6.3(5) and ive entered the fixup prot 1723 command but it hasn't helped. Any ideas ?
Solved! Go to Solution.
Have not looked at your config, check this link if not joy get back, see GRE information as well provided in link.
I did find that document on my travels yesterday. It states :
'The fixup protocol pptp command inspects PPTP packets and dynamically creates the GRE connections and translations necessary to permit PPTP traffic'
I've entered the fixup protocol pptp command (before posting) and it still doesnt work :(
Davie, Since you client is on the outside and the server is on the inside, you need to make an ACL like the following document suggests, merely doing the fixup will not suffice:
What I have is:
Client laptop - switch - PIX - 1841 - INTERNET - Windows SBS server
The guy on the laptop is trying to connect out to a server at a clients site, so basically the client is inside and the server is outside.
But basically im assuming that i have to follow these documents and my fixup pptp command isnt enough for me?
Sorry I misunderstood the server to be on the inside. Yes that should be enough as you are running 6.3.x code. What errors are you seeing on the firewall (if any)?
well i've trauled through the logs and I can't pick out anything. The logs are filling up fast so i've done the best I can but it doesn't seem to be missing any rules.
I've added PPTP to my service group outgoing, and ive added that fixup protocol command but no joy. Odd.
Well that worked fantastic. Thanks alot my friend!
Is there a reason the fixup command didn't automatically allow GRE, or is this just how it has to be done?
No this is definitely not how its done, what is the use of the fixup then?
The only caveat I can think of is that only PPTP V1 is supported for fixup (and automatic GRE tunnel hole punching), higher versions are not supported