12-05-2007 05:41 AM - edited 03-09-2019 07:32 PM
Hi all can anyone tell me what ports I need to allow for someone inside my network to vpn outbound to another location using pptp windows vpn.
cheers
Carl
12-05-2007 08:20 AM
Hi Carl
This document explains exactly how to enable PPTP VPNs to traverse a pix/asa:
Nutshell: If your firewall is not pptp aware (i.e. like pix with pre 6.2 software) you need to set up a 1 to 1 static NAT (PAT won't work) from your inside host to a public address and allow GRE (IP protocol 47) inbound as well as PPTP (TCP port 1723) outbound on your firewall.
If you have a pix etc with post 6.2 s/w, then "fixup protocol pptp" should work.
HTH
Kev
12-06-2007 07:16 AM
do I still need to do this even if I am the client, I need to connect outside my company to a pptp server hosted outside.
do i still need to use nat? if I dont have fixup?
what is fixup used for ?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: