Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
363
Views
0
Helpful
1
Replies

PPTP dial-in is not properly inspected by ZBF

sylvain.munaut
Level 1
Level 1

‎01-04-2012 11:26 AM

Hi,

I have a PPTP dialin to a router, the vitual templace is places in zone_A

The clients can dialin fine and reach any host on the local net in the same security zone_A as they are.

But they can't reach clients on other zones (says zone_B) they should have access to.

When on the wired zone_A LAN direclty, then they can reach zone_B without problem.

When trying to analyze the issue, I can see that the fwd packets (zone_A pptp client -> zone_B server) go though just fine (they reach zone_B), but the return packet don't because it seems the router never created a session (show policy-firewall sesssions doesn't show anything)

Cheers,

    Sylvain

Labels:
0 Helpful
1 Reply 1

sylvain.munaut
Level 1
Level 1

‎01-05-2012 07:47 AM

Ok, if I disable CEF in the virtual template, I can now see the session in "show policy-firewall sesssion", but the return packets still don't make it through to me ...

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents