PPTP outbound and IOS Zone Based Policy Firewalling
I have a client trying to use PPTP outbound from a host on their DMZ. Their zone based policy firewall config appears essentially correct and all other traffic is egressing the 3845 router (DMZ to Internet) without issue. I had them add "match protocol pptp" to their inspect for that zone-pair. But he's still got no joy. Are there known problems with PPTP and ZBPF? Long ago there were problems with PPTP and PAT but I thought those had been resolved way back. (Please don't ask "why PPTP??" - it wasn't MY idea!) :-)
class-map type inspect match-any dmz-inet-ports
description ***DMZ to inet Access Ports***
match protocol pptp
match protocol icmp
match protocol tcp
match protocol udp
The image: c3845-advipservicesk9-mz.124-11.XW8.bin
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...