Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5830
Views
0
Helpful
1
Replies

How to allow hosts to connect to PPTP vpn on the internet-Cisco 2951 ISR G2

Vishal.Seetal
Level 1
Level 1

‎05-15-2012 06:52 PM

Hi all,

I am having this issue with connecting to a PPTP vpn server on the internet using Windows inbuilt vpn client. The connection is from the local network through a Cisco 2951 ISR G2 with Zone based Firewall to the internet. I opened ports 1723 for PPTP and 47 for GRE on the Firewall for Host X to connect to pptp vpn on the internet but the connection was not successful. Ther error message returned was Error 619:Connection was not made. I then opened all outgoing IP ports for Host X to the internet, but I still got the same problem. It seems Cisco has got a problem with Microsoft's pptp vpn. How can I get the two to work together? The problem is not on the other side of the connection because when I bypass the Cisco IOS router, vpn connection works fine. Besides opening those ports, is there anything else that I need to configure on the Firewall so that hosts  on the network can connect to pptp vpn on the internet?

Thank you for your help.

Kind regards,

Vishal                  

Labels:
0 Helpful
1 Reply 1

Haitham Jaradat
Cisco Employee
Cisco Employee

‎05-23-2012 05:37 AM

You will need to allow both GRE and TCP 1723, most probably TCP would work if you are already inspecting all TCP Traffic, however, for GRE you will need to creat a seperate class and ACL (permit gre destination>) and set action for that as pass in both driections (in out and out in) make sure that this class is the top most class in the policy map applied under each zone pair.

Here is an example you may find usefull:

http://www.cisco.com/en/US/products/ps5855/products_configuration_example09186a0080ab7073.shtml

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents