Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Windows 2003 IPSec through ASA/FWSM

Does anyone have any experience setting up a ASA/FWSM to permit an IPSec tunnel b/w Windows 2003 server to pass through? The Microsoft team doing the implementation claims the server behind the FW cannot be NAT'd since their solution has issues with NAT-T. I've configured an identity static and tried NAT 0. It looks like the tunnels establish but data is not passing through.

3 REPLIES
New Member

Re: Windows 2003 IPSec through ASA/FWSM

From Microsoft's website, "PPTP traffic uses TCP port 1723 to create and maintain the connection and IP protocol 47 to send data. L2TP/IPSec traffic uses UDP ports 500 and 4500 to create and maintain the connection and IP protocol 50 to send data. Configure your firewall to allow these types of traffic to and from your VPN server."

Your firewall is probably not passing either the GRE or the ESP protocol depending on whether they are running PPTP or L2TP.

New Member

Re: Windows 2003 IPSec through ASA/FWSM

what version of pix os?

6.3 or higher, this should fix it >

fixup protocol pptp 1723

New Member

Re: Windows 2003 IPSec through ASA/FWSM

fwsm 3.2.4

223
Views
0
Helpful
3
Replies
CreatePlease to create content