I am trying to connect to an internal server from the internet using MS PPTP. I get a connection failure all the time with error 678: There was no answer on the PC. Has anybody come across this before and how did you resolve it.
I do not think there is anyting wrong with the config. Here it is:
PIX Version 6.1(4)
access-list nonat permit ip 10.0.0.0 255.255.255.0 10.0.1.0 255.255.255.0
pager lines 24
logging monitor debugging
logging trap debugging
logging facility 23
interface ethernet0 auto
interface ethernet1 auto
mtu outside 1500
mtu inside 1500
ip address outside xxxxxxxxxxx 255.255.255.240
ip address inside 192.x.x.x 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool pptp-pool 10.0.1.1-10.0.1.254
arp timeout 14400
global (outside) 1 A.A.A.A netmask 255.255.255.240
Config looks OK from what I can tell, although you're nonnat access-list should be:
access-list nonat permit ip 192.x.x.0 255.255.255.0 10.0.1.0 255.255.255.0
but that wouldn't stop you from connecting. Do you have a personal firewall on the PC or anything like that? Are you behind a NAT device? The error sounds like your PC is not getting a response from the PIX, but it may be that your packets are never getting there in the first place, or the PIX is replying and those replies aren't making it back.
Thanks for your reply.There is not a personal firewall on the PC. The PC has a private address which is nated to get on to the internet, from there, I call the Global address of the PIX. I also tried a dial up from a laptop but got the same message, although the PC took a lot longer to come up with the error message. When I do a debug ICMP TRACE I see the PC trying to connect but then drops. I am clutching at straws now. I know it is something simple but i just cannot put my fingers on it.
If you are behind a NAT device you will need to have a static one to one translation, you cannot connect with pptp to the pix if you are being port address translated. Its ok to have a private address on the pc, as long as when it goes out its using NAT and not PAT. Are you using 98 as your pc OS? If you are, its going to send username@domainname so you will have to configure your username/password on the pix to match. You have option to log the connection, it will be saved under ppp.log on your pc, take a look at that to see exactly what is being sent for username. First thing i'd do as well is to remove encryption, chap and ms-chap. Test it first with only pap and no encryption. Once you get connected then you can move it up.
I have tried all suggestions but still getting the same windows error message. Which is:
A modem or other device did not pick up the phone. Check the number and dial again. If this is a virtual private network (VPN) connection, check the host name or IP address of your destination server, and try to connect again.
Also, make sure that the phone line is plugged into the correct socket in the modem.
I have added the following to the config to make it NAT :
static (inside,outside) 217.x.x.x (one of the global addresses) 192.x.x.x (inside add) netmask 255.255.255.255 0 0
I am using windows 2000 professional. There does not seem to be a ppp log.
I seem to be getting somewhere but i am not getting the following message.
110001: no route to 217.x.x.x(my global outside) from 212.x.x.x(address allocated by ISP). I do not get this at all because I have default static route as follows on my firewall: route outside 0.0.0.0 217.x.x.x (my adsl router).
Does anybody have an idea ??. I am really clutching at straws now.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...