Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PPTP thru PIX 6.3(4)

I am trying to allow an internal user

to access an external PPTP server thru

our PIX 6.3(4). I added the needed fixup

protocol "fixup protocol pptp 1723". I am allowing the needed protocols thru and back in (currently testing with allow ip for specific hosts"). I even tried using a 1-to-1 NAT for the internal host to no avail.

Currently, the user attempts login, registers on network, and after about a minute the following msg comes back:

"Error 734: The PPP Link control protocol was terminated"

4 REPLIES

Re: PPTP thru PIX 6.3(4)

You need as allready mentioned the and an access-list entry, that let pass PPTP outbound, if you have configured an access-list on the inside interface.

Try to enable globaly PPTP by using:

sysopt connection permit-ipsec

# Allow PPTP traffic to bypass conduit or access-list command statement checking.

Reset the translation table after that:

clear xlate

sincerely

Patrick

New Member

Re: PPTP thru PIX 6.3(4)

Thanks for the quick reply. I still have a couple of questions.

1) Should I use the command sysopt connection permit-pptp instead ?

2) Would this be the only way to get it to work ? Bypassing the normal conduits/ACLS globally seems

to be a 'last resort' method. Would not my current

ACLS allowing all ip (in and out) to the hosts suffice ?

Thanks,

David

Re: PPTP thru PIX 6.3(4)

David,

1.) Of course I meaned < sysopt connection permit-pptp >, sorry about that. I draged and droped the wrong line.

2.) No you should just be sure that the protocol GRE and PPTP = TCP 1723 is able to connect to the outside world.

The < sysopt connection permit-pptp > could be used to check if it is just an access-list problem.

sincerely

Patrick

Gold

Re: PPTP thru PIX 6.3(4)

David,

Here's the documentation on how to allow PPTP traffic thru the PIX:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094a5a.shtml

Hope this helps,

Jay

206
Views
0
Helpful
4
Replies