Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
511
Views
0
Helpful
3
Replies

PPTP vpn into 506E (error 721)

stevem
Level 1
Level 1

‎07-02-2003 06:20 AM - edited ‎02-21-2020 12:38 PM

I've read a few posts regarding the subject and have utilized a few suggestions but have not been able to complete the task of being able to VPN in to my companies network from home. I (we) keep getting error 721 and am not able to establish connectivity to our LAN. Any insight shared would be greatly appreciated!!!

Environmentals:

PIX 506E v6.1(4)

Windows 2000 advanced Server

remote desktops XP

CONFIGURATION:

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password xxxxx encrypted

passwd xxxxxx encrypted

hostname

domain-name

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 1720

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000

names

access-list internet permit tcp any host x.x.x.x eq smtp

access-list internet permit tcp any host x.x.x.x eq 1494

access-list internet permit tcp any host x.x.x.x eq 1604

access-list internet permit udp any host x.x.x.x eq 1604

access-list internet permit tcp any host x.x.x.x eq 1723

access-list internet permit gre any x.x.x.x 255.255.255.252

access-list 101 permit ip 10.1.0.0 255.255.255.0

192.168.100.0 255.255.255.0

pager lines 24

logging on

interface ethernet0 auto

interface ethernet1 auto

mtu outside 1500

mtu inside 1500

ip address outside x.x.x.x 255.255.255.252

ip address inside 10.1.0.254 255.255.255.0

ip local pool pptp-pool 192.168.100.1-192.168.100.50

ip verify reverse-path interface outside

ip audit info action alarm

ip audit attack action alarm

pdm location 10.1.0.1 255.255.255.255 inside

pdm location 10.1.0.2 255.255.255.255 inside

pdm location 10.1.0.113 255.255.255.255 inside

pdm location 10.0.0.0 255.0.0.0 inside

pdm location x.x.x.x 255.255.255.255 outside

pdm location 10.1.0.1 255.255.255.255 outside

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

nat (inside) 0 access-list 101

static (inside,outside) tcp x.x.x.x smtp 10.1.0.1 smtp netmask 255.255.255.255 0 0

static (inside,outside) tcp x.x.x.x 1494 10.1.0.2 1494 netmask 255.255.255.255 0 0

static (inside,outside) tcp x.x.x.x 1604 10.1.0.2 1604 netmask 255.255.255.255 0 0

static (inside,outside) udp x.x.x.x 1604 10.1.0.2 1604 netmask 255.255.255.255 0 0

static (inside,outside) tcp interface 1723 10.1.0.1 1723 netmask 255.255.255.255 0 0

access-group internet in interface outside

route outside 0.0.0.0 0.0.0.0 x.x.x.x 1

route inside 10.0.0.0 255.0.0.0 10.1.0.3 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

http server enable

http 10.1.0.113 255.255.255.255 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt connection permit-pptp

no sysopt route dnat

auth-prompt reject Warning unauthorized visiters will be prosecuted.

telnet timeout 5

vpdn group 1 accept dialin pptp

vpdn group 1 ppp authentication pap

vpdn group 1 ppp authentication chap

vpdn group 1 ppp authentication mschap

vpdn group 1 client configuration address local pptp-pool

vpdn group 1 client authentication local

vpdn username xxxx password xxxx

vpdn enable outside

ssh timeout 5

dhcpd address 10.1.0.179-10.1.0.181 inside

dhcpd dns 10.1.0.1 10.1.0.15

dhcpd wins 10.1.0.1

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd domain hq

dhcpd enable inside

terminal width 80

Cryptochecksum:xxxxx

Labels:
0 Helpful
3 Replies 3

gfullage
Cisco Employee
Cisco Employee

‎07-02-2003 06:25 PM

Config looks OK, in fact certainly looks like you've copied the sample config here (going by your use of IP pools):

http://www.cisco.com/warp/public/110/pptppix.html

What is error 721 again? Check your PPTP packets are even getting to the PIX, you should be able to "debug vpdn" or "debug pptp" or one of those (can't remember the exact command), that'll tell you if the packets are even getting there.

0 Helpful

stevem
Level 1
Level 1
In response to gfullage

‎07-07-2003 05:00 AM

Yeah, I did copy that config and added a few other needs.

Error 721 Remote PPP peer is not responding.

Thanks, I'll try debuging and see what messages I get...

0 Helpful

stevem
Level 1
Level 1
In response to gfullage

‎07-11-2003 12:32 PM

For everyone's reference in case your XP clients do get error 721 when trying to VPN in, make sure that if your using Win2K server that it has the latest service pack (4) on it.

http://support.microsoft.com/default.aspx?kbid=810839

thanks to all that offered help on this matter

0 Helpful
Customers Also Viewed These Support Documents