Cisco Support Community
Community Member

PPTP through PIX 6.3 problems??


1. Is there any problem when configuring FIXUP PROTOCOL PPTP 1723 ?.

2. Besides Access List to the Outside, Statics, or Access List to the Inside is needed??



Re: PPTP through PIX 6.3 problems??

Here is a document that clarifies the basic doubts regarding PPTP.

The Point-to-Point Tunneling Protocol (PPTP) is a protocol for tunneling PPP traffic. A PPTP session is composed of one TCP channel and usually two PPTP GRE tunnels. The TCP channel is the control channel used for negotiating and managing the PPTP GRE tunnels. The GRE tunnels carries PPP sessions between the two hosts.

As described in RFC 2637, the PPTP protocol is mainly used for the tunneling of PPP sessions initiated from a modem bank PAC (PPTP Access Concentrator) to the headend PNS (PPTP Network Server). When used this way, the PAC is the remote client and the PNS is the server.

However, when used for VPN by Windows, the interaction is inverted. The PNS is a remote single-user PC that initiates connection to the head-end PAC to gain access to a central network.

PPTP application inspection is disabled by default. You use the fixup command to enable PPTP. The command syntax is as follows:

[no] fixup protocol pptp 1723

When enabled, PPTP application inspection inspects PPTP protocol packets and dynamically creates the GRE connections and xlates necessary to permit PPTP traffic

You can also refer RFC 2637 for more details.

Community Member

Re: PPTP through PIX 6.3 problems??

PPTP fixup on 1723 is all thats needed.

CreatePlease to create content