Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
799
Views
0
Helpful
6
Replies

How to allow access to external VPN network via PPTP

Go to solution
Angelo ANELLO
Level 1
Level 1

‎07-29-2012 05:59 PM

Hi guys, this is probably a simple one but i do not have much firewall experience so any help is appreciated.

We would like to have the ability to connect to a VPN of a business we recently acquired.  When connecting to it directly from the Internet (no firewall), it is accessible.  However, behind our firewall, there is no access.  We are using Cisco ASA 8.2 (2)

Currently, we have an entry as follows:

object-group service PPTP tcp

port-object eq pptp

access-list inside_access_in extended permit tcp any host object_name object-group PPTP

Can someone please advise what else is required to complete this as i am unsure of what else is required?  Basically, we want any device within our network to be able to access the VPN via PPTP.

Your help is appreciated

Regards,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
nkarthikeyan
Level 7
Level 7
In response to Angelo ANELLO

‎07-29-2012 11:44 PM

Hi Angelo,

It should work when you do a pptp allowed and inspected. But also allow GRE in ACL with your firewall towards PPTP server.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094a5a.shtml#pptpwith

The above documents helps you to understand better.

Please do rate if the given information helps.

By

Karthik

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎07-29-2012 10:49 PM

Hello Angelo,

PPTP,

You need to do a static one to one translation as PPTP uses GRE,

Then you will need to allow GRE access to that server.

Regards,

Julio

Rate all the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
Angelo ANELLO
Level 1
Level 1
In response to Julio Carvajal

‎07-29-2012 11:16 PM

Hi Julio,  thanks for your swift response.

Can i make it so that a group of machines has the ability to connect to the PPTP server?  That is what i am trying to achieve above.  Do i enable GRE at the firewall level or at the server level?

Thanks again

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP

‎07-29-2012 11:19 PM

For PPTP to work, you have to enable the PPTP-inspection:

ASA(config)#policy-map global_policy

ASA(config-pmap)#class inspection_default

ASA(config-pmap-c)#inspect pptp

Sent from Cisco Technical Support iPad App

0 Helpful

Go to solution
Angelo ANELLO
Level 1
Level 1
In response to Karsten Iwen

‎07-29-2012 11:21 PM

Hi Karsten, thanks for the reply.

After enabling the PPTP inspection, will my below entry work?  What about GRE?

object-group service PPTP tcp

port-object eq pptp

access-list inside_access_in extended permit tcp any host object_name object-group PPTP

Thanks!

0 Helpful

Go to solution
nkarthikeyan
Level 7
Level 7
In response to Angelo ANELLO

‎07-29-2012 11:44 PM

Hi Angelo,

It should work when you do a pptp allowed and inspected. But also allow GRE in ACL with your firewall towards PPTP server.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094a5a.shtml#pptpwith

The above documents helps you to understand better.

Please do rate if the given information helps.

By

Karthik

0 Helpful

Go to solution
Angelo ANELLO
Level 1
Level 1
In response to nkarthikeyan

‎07-29-2012 11:47 PM

Ok, thanks guys.  I will give this a try and update when possible.

0 Helpful
Customers Also Viewed These Support Documents