Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Win2K VPN thru PIX500 to ISA Server Firewall

I have opened the 1723 and gre ports on the Cisco to allow a Win2K client using Microsoft PPTP to access and Microsoft ISA Server providing the VPN thru the CIsco.

I get an error 721: The remote computer is not responding when I try to VPN in.

I tested access with VPN to the ISA on the on the south side of the CISCO and the ISA responds okay. So it is something with the Cisco.

Is there some other port that relates to authentication?

Dennis

4 REPLIES
New Member

Re: Win2K VPN thru PIX500 to ISA Server Firewall

Dennis,

Must be something then, can you ping the ISA server from your client then? Do you have a static nat translation in the pix for the ISA server?

Kurtis

New Member

Re: Win2K VPN thru PIX500 to ISA Server Firewall

I am having the same exact problem and am searching for an answer. What I have learned so far is that if you only have one static ip address, which is in my case, it may not work because Cisco requires a static one-to-one NAT for PPTP passthrough and also the GRE47 protocol must be enabled. I am dying for a explaination or verification to this issue.

Thanks.

Cisco Employee

Re: Win2K VPN thru PIX500 to ISA Server Firewall

you are correct. The pix does not support pptp through a pat address. It has to be a static full address assigned for the isa server only.

Regards,

New Member

Re: Win2K VPN thru PIX500 to ISA Server Firewall

In other words, as long as your server has a static one-on-one translation, should be fine. Other hand your clients can be port address translated. Here's a sample of that http://www.cisco.com/warp/public/471/pptp_pat.html

Here is a sample of configuring pptp pass through on the pix http://www.cisco.com/warp/public/110/pix_pptp.html

Kurtis Durrett

223
Views
0
Helpful
4
Replies
CreatePlease to create content