07-02-2003 06:20 AM - edited 02-21-2020 12:38 PM
I've read a few posts regarding the subject and have utilized a few suggestions but have not been able to complete the task of being able to VPN in to my companies network from home. I (we) keep getting error 721 and am not able to establish connectivity to our LAN. Any insight shared would be greatly appreciated!!!
Environmentals:
PIX 506E v6.1(4)
Windows 2000 advanced Server
remote desktops XP
CONFIGURATION:
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password xxxxx encrypted
passwd xxxxxx encrypted
hostname
domain-name
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
access-list internet permit tcp any host x.x.x.x eq smtp
access-list internet permit tcp any host x.x.x.x eq 1494
access-list internet permit tcp any host x.x.x.x eq 1604
access-list internet permit udp any host x.x.x.x eq 1604
access-list internet permit tcp any host x.x.x.x eq 1723
access-list internet permit gre any x.x.x.x 255.255.255.252
access-list 101 permit ip 10.1.0.0 255.255.255.0
192.168.100.0 255.255.255.0
pager lines 24
logging on
interface ethernet0 auto
interface ethernet1 auto
mtu outside 1500
mtu inside 1500
ip address outside x.x.x.x 255.255.255.252
ip address inside 10.1.0.254 255.255.255.0
ip local pool pptp-pool 192.168.100.1-192.168.100.50
ip verify reverse-path interface outside
ip audit info action alarm
ip audit attack action alarm
pdm location 10.1.0.1 255.255.255.255 inside
pdm location 10.1.0.2 255.255.255.255 inside
pdm location 10.1.0.113 255.255.255.255 inside
pdm location 10.0.0.0 255.0.0.0 inside
pdm location x.x.x.x 255.255.255.255 outside
pdm location 10.1.0.1 255.255.255.255 outside
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
nat (inside) 0 access-list 101
static (inside,outside) tcp x.x.x.x smtp 10.1.0.1 smtp netmask 255.255.255.255 0 0
static (inside,outside) tcp x.x.x.x 1494 10.1.0.2 1494 netmask 255.255.255.255 0 0
static (inside,outside) tcp x.x.x.x 1604 10.1.0.2 1604 netmask 255.255.255.255 0 0
static (inside,outside) udp x.x.x.x 1604 10.1.0.2 1604 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 1723 10.1.0.1 1723 netmask 255.255.255.255 0 0
access-group internet in interface outside
route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
route inside 10.0.0.0 255.0.0.0 10.1.0.3 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
http server enable
http 10.1.0.113 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-pptp
no sysopt route dnat
auth-prompt reject Warning unauthorized visiters will be prosecuted.
telnet timeout 5
vpdn group 1 accept dialin pptp
vpdn group 1 ppp authentication pap
vpdn group 1 ppp authentication chap
vpdn group 1 ppp authentication mschap
vpdn group 1 client configuration address local pptp-pool
vpdn group 1 client authentication local
vpdn username xxxx password xxxx
vpdn enable outside
ssh timeout 5
dhcpd address 10.1.0.179-10.1.0.181 inside
dhcpd dns 10.1.0.1 10.1.0.15
dhcpd wins 10.1.0.1
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd domain hq
dhcpd enable inside
terminal width 80
Cryptochecksum:xxxxx
07-02-2003 06:25 PM
Config looks OK, in fact certainly looks like you've copied the sample config here (going by your use of IP pools):
http://www.cisco.com/warp/public/110/pptppix.html
What is error 721 again? Check your PPTP packets are even getting to the PIX, you should be able to "debug vpdn" or "debug pptp" or one of those (can't remember the exact command), that'll tell you if the packets are even getting there.
07-07-2003 05:00 AM
Yeah, I did copy that config and added a few other needs.
Error 721 Remote PPP peer is not responding.
Thanks, I'll try debuging and see what messages I get...
07-11-2003 12:32 PM
For everyone's reference in case your XP clients do get error 721 when trying to VPN in, make sure that if your using Win2K server that it has the latest service pack (4) on it.
http://support.microsoft.com/default.aspx?kbid=810839
thanks to all that offered help on this matter
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide