Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Bronze

PPTP via ASA

I have two ASA that connect to the Internet. I don't do any static NATTING on my inside network. My users have been trying to establish a VPN session using Microsoft VPN but without much success.

First Firewall

ccess-list INSIDE line 244 extended permit tcp 10.33.0.0 255.255.0.0 host x.x.x.x eq pptp (hitcnt=19)

access-list INSIDE line 246 extended permit gre 10.33.0.0 255.255.0.0 host x.x.x.x (hitcnt=8)

access-list pptp_inspection line 5 extended permit ip 10.33.0.0 255.255.0.0 host x.x.x.x(hitcnt=6)

class-map pptp

description Policy to allow hosts to PPTP

match access-list pptp_inspection

policy-map pptp

class pptp

inspect pptp

policy-map global_policy

class http-map1

set connection advanced-options mss-map

policy-map global-policy

class global-class

inspect icmp error

inspect snmp

inspect icmp

inspect ftp

inspect dns

inspect pptp

class http-map1

set connection advanced-options mss-map

The second firewall has pretty much the same configution.

LAN<->1stFW<->SW<->2ndFW<->SW<->Internet

1 REPLY
Bronze

Re: PPTP via ASA

I fixed it. Because of our complex environment, the GRE traffic were being blocked at various points (DMZ switches and Internet router)

201
Views
0
Helpful
1
Replies