Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
366
Views
0
Helpful
1
Replies

PPTP via ASA

Tshi M
Level 5
Level 5

‎03-04-2008 09:49 AM - edited ‎03-11-2019 05:12 AM

I have two ASA that connect to the Internet. I don't do any static NATTING on my inside network. My users have been trying to establish a VPN session using Microsoft VPN but without much success.

First Firewall

ccess-list INSIDE line 244 extended permit tcp 10.33.0.0 255.255.0.0 host x.x.x.x eq pptp (hitcnt=19)

access-list INSIDE line 246 extended permit gre 10.33.0.0 255.255.0.0 host x.x.x.x (hitcnt=8)

access-list pptp_inspection line 5 extended permit ip 10.33.0.0 255.255.0.0 host x.x.x.x(hitcnt=6)

class-map pptp

description Policy to allow hosts to PPTP

match access-list pptp_inspection

policy-map pptp

class pptp

inspect pptp

policy-map global_policy

class http-map1

set connection advanced-options mss-map

policy-map global-policy

class global-class

inspect icmp error

inspect snmp

inspect icmp

inspect ftp

inspect dns

inspect pptp

class http-map1

set connection advanced-options mss-map

The second firewall has pretty much the same configution.

LAN<->1stFW<->SW<->2ndFW<->SW<->Internet

Labels:
0 Helpful
1 Reply 1

Tshi M
Level 5
Level 5

‎03-04-2008 01:06 PM

I fixed it. Because of our complex environment, the GRE traffic were being blocked at various points (DMZ switches and Internet router)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card