Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Microsoft VPN client and GRE

Hello,

Trying to access Microsoft VPN (on the internet-outside zone) server from  Microsoft VPN client (inside zone)

On ASA - allowed all outbound traffic from inside to outside-internet and all traffic is blocked from internet-outside to internet.

VPN client seems to be not working in this case. When firewall was bypased Microsoft VPN client got connected to Remote Microsoft VPN server.

Do we need to enable GRE from outside to inside for this work? ( along with corresponding static NAT entry for the remote Microsoft VPN server)

Microsoft tech support document did mention about permitting GRE through firewall but it's not stating any direction.

Please share the experience.


Thanks in advance

Subodh

  • Firewalling
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Microsoft VPN client and GRE

Yes, once the inspection is enabled for PPTP, ASA will automatically open hole for GRE as per stated in the documentation advised earlier.

3 REPLIES
Cisco Employee

Microsoft VPN client and GRE

Please enable "inspect pptp" that would allow the GRE connection.

Here is the command for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/i2.html#wp1741718

New Member

Microsoft VPN client and GRE

Thanks for the link.

So when we enable the inspection for PPTP (similar to other protocols those are already configured for inspection) will the ASA permit the GRE traffic to cross from outside to inside?

As wireshark-packetcapture shows first GRE packet coming from the Microsoft VPN server to the client indicating that ------- "Server is initiating the GRE connection".

Please advice.

Thanks in advance.

Cheers!

S.

Cisco Employee

Microsoft VPN client and GRE

Yes, once the inspection is enabled for PPTP, ASA will automatically open hole for GRE as per stated in the documentation advised earlier.

983
Views
0
Helpful
3
Replies
This widget could not be displayed.