Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

GRE & PPTP behavior

Hi All,

i have at my site a Win2k that i'm using as RRAS & VPN; it has 1 interface on a DMZ, and another on the internal LAN.

as an additional step, i configured an inbound ACL on my gateway's WAN interface {see attached file}.

when i try to initiate a VPN connection with an office, opening GRE & PPTP {tcp port 1723} between the two peers does not make it work; i need to open ip as well.

any insight please?

3 REPLIES
Silver

Re: GRE & PPTP behavior

This problem may occur if connection is failing between the peers. Make sure that you have given correct and matching encryption methods and pre shared keys. Following links may help you

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455ad9.html

http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/ipsecstd.html

New Member

Re: GRE & PPTP behavior

Try something for me please.

Move the GRE to line 1 and see what happens. I think I did this in the past and it worked. We wont know until you try it. ;o)

1 permit gre host remote_VPN host 213.42.78.28

New Member

Re: GRE & PPTP behavior

i reordered the ACL entries; i now see multiple types of behavior:

10 permit gre host R1 host 213.42.78.28 (115593 matches)

11 permit tcp host R1 host 213.42.78.28 eq 1723 (84 matches)

12 permit ip host R1 host 213.42.78.28 (1034 matches)

20 permit gre host R2 host 213.42.78.28 (10245 matches)

21 permit tcp host R2 host 213.42.78.28 eq 1723

22 permit ip host R2 host 213.42.78.28 (1156 matches)

30 permit gre host R3 host 213.42.78.28 (17865 matches)

31 permit tcp host R3 host 213.42.78.28 eq 1723 (1152 matches)

32 permit ip host R3 host 213.42.78.28

each peer seems to have its own requirements. what do you think?

102
Views
0
Helpful
3
Replies
CreatePlease to create content