Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

PPTP traffic cannot pass through pix 525 7.0(7)

first:

i read cisco document:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094a5a.shtml#new

pptp client is in inside,

pptp server is in outside.

when i donot use firewall, the pptp connection can establish successfully.

but use pix 525 7.0(7)

i config:

inspect pptp.

pptp connection cannot setup.

show connection in pix:

pptp tcp 1723 is ok.

gre connection only one "E" flag, E means 'outside back connection'.

i try second method:

delete 'inspect pptp',

permit tcp 1723 and gre traffic from outside to inside, and i have config static nat,

but the pptp connection cannot work too.

so i think there is a pptp bug exist in pix 7.0(7).

can you help me about the question?

thanks a lot.

5 REPLIES
Silver

Re: PPTP traffic cannot pass through pix 525 7.0(7)

You can only have one PPTP/L2TP connection through the PIX Security Appliance when you use PAT. This is because the necessary GRE connection is established over port 0 and the PIX Security Appliance only maps port 0 to one host.

refer the following url for pptp configration and troubleshooting on PIX

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080143a5d.shtml#tshoot

New Member

Re: PPTP traffic cannot pass through pix 525 7.0(7)

i donot need config pptp client or server on pix,

i just want pptp traffic pass through pix firewall.

New Member

Re: PPTP traffic cannot pass through pix 525 7.0(7)

I had the same issue. When I put in the inspect pptp command, I got the same results as you did. FWIW - I entered the old "fixup protocol pptp 1723" (which is just supposed to add the "inspect pptp", right?). Now all of a sudden it's working. Only difference is I'm running 8.03 code.

New Member

Re: PPTP traffic cannot pass through pix 525 7.0(7)

Here is an excerpt from cisco doc

http://www.cisco.com/en/US/docs/security/pix/pix70/release/notes/pix707rn.html#wp252214

Features not Supported in Version 7.0

The following features are not supported in Version 7.0(7):

•PPPoE

•L2TP over IPSec

•PPTP

HTH.....

New Member

PPTP traffic cannot pass through pix 525 7.0(7)

I have the same environment of "xl_liu", follows information:

  • Firewall
    • Cisco PIX 525 - PIX/IOS v7.2(4)
  • Topology
    • CLIENT (INSIDE) |----------| PIX |----------| Server PPTP (OUTSIDE)
  • Configuration
    • Rules
      • access-list inside_access_in permit gre host host

      • access-list inside_access_in permit tcp host host eq 1723

      • access-group inside_access_in in interface INSIDE

    • Inspection
      • policy-map global_policy

                         class inspection_default

                           inspect pptp

The unique solution in case above is PIX/OS upgrade?

Thanks for colaboration!

681
Views
0
Helpful
5
Replies
CreatePlease to create content