Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
762
Views
0
Helpful
2
Replies

allowing pptp through firewall

carl_townshend
Spotlight
Spotlight

‎12-05-2007 05:41 AM - edited ‎03-09-2019 07:32 PM

Hi all can anyone tell me what ports I need to allow for someone inside my network to vpn outbound to another location using pptp windows vpn.

cheers

Carl

Labels:
0 Helpful
2 Replies 2

kagodfrey
Level 3
Level 3

‎12-05-2007 08:20 AM

Hi Carl

This document explains exactly how to enable PPTP VPNs to traverse a pix/asa:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094a5a.shtml

Nutshell: If your firewall is not pptp aware (i.e. like pix with pre 6.2 software) you need to set up a 1 to 1 static NAT (PAT won't work) from your inside host to a public address and allow GRE (IP protocol 47) inbound as well as PPTP (TCP port 1723) outbound on your firewall.

If you have a pix etc with post 6.2 s/w, then "fixup protocol pptp" should work.

HTH

Kev

0 Helpful

carl_townshend
Spotlight
Spotlight
In response to kagodfrey

‎12-06-2007 07:16 AM

do I still need to do this even if I am the client, I need to connect outside my company to a pptp server hosted outside.

do i still need to use nat? if I dont have fixup?

what is fixup used for ?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents