Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PPTP VPN passthrough

We have a RRAS server on the inside. When the client from outside tries to connect it is unable to. I tried to capture packets and below are the results. Not sure how to understand it.

RRAS server IP: 192.168.1.2

Outside natted IP for RRAS: 2.2.2.2

External client IP: 1.1.1.1

<ASA># show cap capin

34 packets captured

   1: 06:14:28.488118 802.1Q vlan#1 P0 1.1.1.1.34456 > 192.168.1.2.1723: S 48488619:48488619(0) win 8192 <mss 1200,nop,wscale 8,nop,nop,nop,nop>

   2: 06:14:28.488286 802.1Q vlan#1 P0 192.168.1.2.1723 > 1.1.1.1.34456: S 1044594220:1044594220(0) ack 48488620 win 8192 <mss 1460,nop,wscale 8>

   3: 06:14:28.504292 802.1Q vlan#1 P0 1.1.1.1.34456 > 192.168.1.2.1723: . ack 1044594221 win 257

   4: 06:14:28.504475 802.1Q vlan#1 P0 1.1.1.1.34456 > 192.168.1.2.1723: P 48488620:48488776(156) ack 1044594221 win 257

   5: 06:14:28.504688 802.1Q vlan#1 P0 192.168.1.2.1723 > 1.1.1.1.34456: P 1044594221:1044594377(156) ack 48488776 win 257

   6: 06:14:28.523212 802.1Q vlan#1 P0 1.1.1.1.34456 > 192.168.1.2.1723: P 48488776:48488944(168) ack 1044594377 win 257

   7: 06:14:28.524051 802.1Q vlan#1 P0 192.168.1.2.1723 > 1.1.1.1.34456: P 1044594377:1044594409(32) ack 48488944 win 257

   8: 06:14:28.546099 802.1Q vlan#1 P0 1.1.1.1.34456 > 192.168.1.2.1723: P 48488944:48488968(24) ack 1044594409 win 257

   9: 06:14:28.737480 802.1Q vlan#1 P0 192.168.1.2.1723 > 1.1.1.1.34456: . ack 48488968 win 257

  10: 06:15:05.549272 802.1Q vlan#1 P0 1.1.1.1.34456 > 192.168.1.2.1723: P 48488968:48488984(16) ack 1044594409 win 257

  11: 06:15:05.746085 802.1Q vlan#1 P0 192.168.1.2.1723 > 1.1.1.1.34456: . ack 48488984 win 257

  12: 06:15:06.564561 802.1Q vlan#1 P0 1.1.1.1.34456 > 192.168.1.2.1723: P 48488984:48489000(16) ack 1044594409 win 257

  13: 06:15:06.564713 802.1Q vlan#1 P0 192.168.1.2.1723 > 1.1.1.1.34456: P 1044594409:1044594425(16) ack 48489000 win 256

  14: 06:15:06.582382 802.1Q vlan#1 P0 1.1.1.1.34456 > 192.168.1.2.1723: F 48489000:48489000(0) ack 1044594425 win 257

  15: 06:15:06.582489 802.1Q vlan#1 P0 192.168.1.2.1723 > 1.1.1.1.34456: . ack 48489001 win 256

  16: 06:15:06.582535 802.1Q vlan#1 P0 192.168.1.2.1723 > 1.1.1.1.34456: F 1044594425:1044594425(0) ack 48489001 win 256

  17: 06:15:06.598235 802.1Q vlan#1 P0 1.1.1.1.34456 > 192.168.1.2.1723: R 48489001:48489001(0) ack 1044594425 win 0

  18: 06:16:36.622068 802.1Q vlan#1 P0 1.1.1.1.38442 > 192.168.1.2.1723: S 1083106154:1083106154(0) win 8192 <mss 1200,nop,wscale 8,nop,nop,nop,nop>

  19: 06:16:36.622236 802.1Q vlan#1 P0 192.168.1.2.1723 > 1.1.1.1.38442: S 3463790092:3463790092(0) ack 1083106155 win 8192 <mss 1460,nop,wscale 8>

  20: 06:16:36.639066 802.1Q vlan#1 P0 1.1.1.1.38442 > 192.168.1.2.1723: . ack 3463790093 win 257

  21: 06:16:36.639539 802.1Q vlan#1 P0 1.1.1.1.38442 > 192.168.1.2.1723: P 1083106155:1083106311(156) ack 3463790093 win 257

  22: 06:16:36.639813 802.1Q vlan#1 P0 192.168.1.2.1723 > 1.1.1.1.38442: P 3463790093:3463790249(156) ack 1083106311 win 257

  23: 06:16:36.657772 802.1Q vlan#1 P0 1.1.1.1.38442 > 192.168.1.2.1723: P 1083106311:1083106479(168) ack 3463790249 win 257

  24: 06:16:36.658748 802.1Q vlan#1 P0 192.168.1.2.1723 > 1.1.1.1.38442: P 3463790249:3463790281(32) ack 1083106479 win 257

  25: 06:16:36.686228 802.1Q vlan#1 P0 1.1.1.1.38442 > 192.168.1.2.1723: P 1083106479:1083106503(24) ack 3463790281 win 257

  26: 06:16:36.884338 802.1Q vlan#1 P0 192.168.1.2.1723 > 1.1.1.1.38442: . ack 1083106503 win 257

  27: 06:17:13.690165 802.1Q vlan#1 P0 1.1.1.1.38442 > 192.168.1.2.1723: P 1083106503:1083106519(16) ack 3463790281 win 257

  28: 06:17:13.880981 802.1Q vlan#1 P0 192.168.1.2.1723 > 1.1.1.1.38442: . ack 1083106519 win 257

  29: 06:17:14.691614 802.1Q vlan#1 P0 1.1.1.1.38442 > 192.168.1.2.1723: P 1083106519:1083106535(16) ack 3463790281 win 257

  30: 06:17:14.691751 802.1Q vlan#1 P0 192.168.1.2.1723 > 1.1.1.1.38442: P 3463790281:3463790297(16) ack 1083106535 win 256

  31: 06:17:14.707894 802.1Q vlan#1 P0 1.1.1.1.38442 > 192.168.1.2.1723: F 1083106535:1083106535(0) ack 3463790297 win 257

  32: 06:17:14.708016 802.1Q vlan#1 P0 192.168.1.2.1723 > 1.1.1.1.38442: . ack 1083106536 win 256

  33: 06:17:14.708062 802.1Q vlan#1 P0 192.168.1.2.1723 > 1.1.1.1.38442: F 3463790297:3463790297(0) ack 1083106536 win 256

  34: 06:17:14.721672 802.1Q vlan#1 P0 1.1.1.1.38442 > 192.168.1.2.1723: R 1083106536:1083106536(0) ack 3463790297 win 0

34 packets shown

<ASA># show cap capout

66 packets captured

   1: 06:13:59.417031 802.1Q vlan#2 P0 1.1.1.1.411 > 2.2.2.2.500:  udp 528

   2: 06:14:01.416543 802.1Q vlan#2 P0 1.1.1.1.411 > 2.2.2.2.500:  udp 528

   3: 06:14:03.416055 802.1Q vlan#2 P0 1.1.1.1.411 > 2.2.2.2.500:  udp 528

   4: 06:14:07.464117 802.1Q vlan#2 P0 1.1.1.1.57089 > 2.2.2.2.443: S 843129358:843129358(0) win 8192 <mss 1380,nop,wscale 8,nop,nop,sackOK>

   5: 06:14:10.458731 802.1Q vlan#2 P0 1.1.1.1.57089 > 2.2.2.2.443: S 843129358:843129358(0) win 8192 <mss 1380,nop,wscale 8,nop,nop,sackOK>

   6: 06:14:16.466330 802.1Q vlan#2 P0 1.1.1.1.57089 > 2.2.2.2.443: S 843129358:843129358(0) win 8192 <mss 1380,nop,nop,sackOK>

   7: 06:14:28.487920 802.1Q vlan#2 P0 1.1.1.1.34456 > 2.2.2.2.1723: S 2932486090:2932486090(0) win 8192 <mss 1380,nop,wscale 8,nop,nop,nop,nop>

   8: 06:14:28.488317 802.1Q vlan#2 P0 2.2.2.2.1723 > 1.1.1.1.34456: S 1344162866:1344162866(0) ack 2932486091 win 8192 <mss 1200,nop,wscale 8>

   9: 06:14:28.504261 802.1Q vlan#2 P0 1.1.1.1.34456 > 2.2.2.2.1723: . ack 1344162867 win 257

  10: 06:14:28.504459 802.1Q vlan#2 P0 1.1.1.1.34456 > 2.2.2.2.1723: P 2932486091:2932486247(156) ack 1344162867 win 257

  11: 06:14:28.504704 802.1Q vlan#2 P0 2.2.2.2.1723 > 1.1.1.1.34456: P 1344162867:1344163023(156) ack 2932486247 win 257

  12: 06:14:28.523196 802.1Q vlan#2 P0 1.1.1.1.34456 > 2.2.2.2.1723: P 2932486247:2932486415(168) ack 1344163023 win 257

  13: 06:14:28.524066 802.1Q vlan#2 P0 2.2.2.2.1723 > 1.1.1.1.34456: P 1344163023:1344163055(32) ack 2932486415 win 257

  14: 06:14:28.546083 802.1Q vlan#2 P0 1.1.1.1.34456 > 2.2.2.2.1723: P 2932486415:2932486439(24) ack 1344163055 win 257

  15: 06:14:28.548906 802.1Q vlan#2 P0 1.1.1.1 > 2.2.2.2:  ip-proto-47, length 37

  16: 06:14:28.737495 802.1Q vlan#2 P0 2.2.2.2.1723 > 1.1.1.1.34456: . ack 2932486439 win 257

  17: 06:14:30.548448 802.1Q vlan#2 P0 1.1.1.1 > 2.2.2.2:  ip-proto-47, length 37

  18: 06:14:33.549364 802.1Q vlan#2 P0 1.1.1.1 > 2.2.2.2:  ip-proto-47, length 37

  19: 06:14:37.548006 802.1Q vlan#2 P0 1.1.1.1 > 2.2.2.2:  ip-proto-47, length 37

  20: 06:14:41.548113 802.1Q vlan#2 P0 1.1.1.1 > 2.2.2.2:  ip-proto-47, length 37

  21: 06:14:45.547350 802.1Q vlan#2 P0 1.1.1.1 > 2.2.2.2:  ip-proto-47, length 37

  22: 06:14:49.547563 802.1Q vlan#2 P0 1.1.1.1 > 2.2.2.2:  ip-proto-47, length 37

  23: 06:14:53.546785 802.1Q vlan#2 P0 1.1.1.1 > 2.2.2.2:  ip-proto-47, length 37

  24: 06:14:57.549303 802.1Q vlan#2 P0 1.1.1.1 > 2.2.2.2:  ip-proto-47, length 37

  25: 06:15:01.548799 802.1Q vlan#2 P0 1.1.1.1 > 2.2.2.2:  ip-proto-47, length 37

  26: 06:15:05.549257 802.1Q vlan#2 P0 1.1.1.1.34456 > 2.2.2.2.1723: P 2932486439:2932486455(16) ack 1344163055 win 257

  27: 06:15:05.746100 802.1Q vlan#2 P0 2.2.2.2.1723 > 1.1.1.1.34456: . ack 2932486455 win 257

  28: 06:15:06.564546 802.1Q vlan#2 P0 1.1.1.1.34456 > 2.2.2.2.1723: P 2932486455:2932486471(16) ack 1344163055 win 257

  29: 06:15:06.564744 802.1Q vlan#2 P0 2.2.2.2.1723 > 1.1.1.1.34456: P 1344163055:1344163071(16) ack 2932486471 win 256

  30: 06:15:06.582367 802.1Q vlan#2 P0 1.1.1.1.34456 > 2.2.2.2.1723: F 2932486471:2932486471(0) ack 1344163071 win 257

  31: 06:15:06.582504 802.1Q vlan#2 P0 2.2.2.2.1723 > 1.1.1.1.34456: . ack 2932486472 win 256

  32: 06:15:06.582550 802.1Q vlan#2 P0 2.2.2.2.1723 > 1.1.1.1.34456: F 1344163071:1344163071(0) ack 2932486472 win 256

  33: 06:15:06.598220 802.1Q vlan#2 P0 1.1.1.1.34456 > 2.2.2.2.1723: R 2932486472:2932486472(0) ack 1344163071 win 0

  34: 06:16:07.529284 802.1Q vlan#2 P0 1.1.1.1.411 > 2.2.2.2.500:  udp 528

  35: 06:16:08.527316 802.1Q vlan#2 P0 1.1.1.1.411 > 2.2.2.2.500:  udp 528

  36: 06:16:11.527331 802.1Q vlan#2 P0 1.1.1.1.411 > 2.2.2.2.500:  udp 528

  37: 06:16:15.578659 802.1Q vlan#2 P0 1.1.1.1.25805 > 2.2.2.2.443: S 3890303247:3890303247(0) win 8192 <mss 1380,nop,wscale 8,nop,nop,sackOK>

  38: 06:16:18.590179 802.1Q vlan#2 P0 1.1.1.1.25805 > 2.2.2.2.443: S 3890303247:3890303247(0) win 8192 <mss 1380,nop,wscale 8,nop,nop,sackOK>

  39: 06:16:24.585220 802.1Q vlan#2 P0 1.1.1.1.25805 > 2.2.2.2.443: S 3890303247:3890303247(0) win 8192 <mss 1380,nop,nop,sackOK>

  40: 06:16:36.621885 802.1Q vlan#2 P0 1.1.1.1.38442 > 2.2.2.2.1723: S 1059810453:1059810453(0) win 8192 <mss 1380,nop,wscale 8,nop,nop,nop,nop>

  41: 06:16:36.622251 802.1Q vlan#2 P0 2.2.2.2.1723 > 1.1.1.1.38442: S 834792694:834792694(0) ack 1059810454 win 8192 <mss 1200,nop,wscale 8>

  42: 06:16:36.639050 802.1Q vlan#2 P0 1.1.1.1.38442 > 2.2.2.2.1723: . ack 834792695 win 257

  43: 06:16:36.639523 802.1Q vlan#2 P0 1.1.1.1.38442 > 2.2.2.2.1723: P 1059810454:1059810610(156) ack 834792695 win 257

  44: 06:16:36.639828 802.1Q vlan#2 P0 2.2.2.2.1723 > 1.1.1.1.38442: P 834792695:834792851(156) ack 1059810610 win 257

  45: 06:16:36.657757 802.1Q vlan#2 P0 1.1.1.1.38442 > 2.2.2.2.1723: P 1059810610:1059810778(168) ack 834792851 win 257

  46: 06:16:36.658764 802.1Q vlan#2 P0 2.2.2.2.1723 > 1.1.1.1.38442: P 834792851:834792883(32) ack 1059810778 win 257

  47: 06:16:36.686213 802.1Q vlan#2 P0 1.1.1.1.38442 > 2.2.2.2.1723: P 1059810778:1059810802(24) ack 834792883 win 257

  48: 06:16:36.690378 802.1Q vlan#2 P0 1.1.1.1 > 2.2.2.2:  ip-proto-47, length 37

  49: 06:16:36.884353 802.1Q vlan#2 P0 2.2.2.2.1723 > 1.1.1.1.38442: . ack 1059810802 win 257

  50: 06:16:38.689753 802.1Q vlan#2 P0 1.1.1.1 > 2.2.2.2:  ip-proto-47, length 37

  51: 06:16:41.689249 802.1Q vlan#2 P0 1.1.1.1 > 2.2.2.2:  ip-proto-47, length 37

  52: 06:16:45.694055 802.1Q vlan#2 P0 1.1.1.1 > 2.2.2.2:  ip-proto-47, length 37

  53: 06:16:49.692881 802.1Q vlan#2 P0 1.1.1.1 > 2.2.2.2:  ip-proto-47, length 37

  54: 06:16:53.691889 802.1Q vlan#2 P0 1.1.1.1 > 2.2.2.2:  ip-proto-47, length 37

  55: 06:16:57.691462 802.1Q vlan#2 P0 1.1.1.1 > 2.2.2.2:  ip-proto-47, length 37

  56: 06:17:01.690912 802.1Q vlan#2 P0 1.1.1.1 > 2.2.2.2:  ip-proto-47, length 37

  57: 06:17:05.690119 802.1Q vlan#2 P0 1.1.1.1 > 2.2.2.2:  ip-proto-47, length 37

  58: 06:17:09.690073 802.1Q vlan#2 P0 1.1.1.1 > 2.2.2.2:  ip-proto-47, length 37

  59: 06:17:13.690149 802.1Q vlan#2 P0 1.1.1.1.38442 > 2.2.2.2.1723: P 1059810802:1059810818(16) ack 834792883 win 257

  60: 06:17:13.881012 802.1Q vlan#2 P0 2.2.2.2.1723 > 1.1.1.1.38442: . ack 1059810818 win 257

  61: 06:17:14.691584 802.1Q vlan#2 P0 1.1.1.1.38442 > 2.2.2.2.1723: P 1059810818:1059810834(16) ack 834792883 win 257

  62: 06:17:14.691767 802.1Q vlan#2 P0 2.2.2.2.1723 > 1.1.1.1.38442: P 834792883:834792899(16) ack 1059810834 win 256

  63: 06:17:14.707879 802.1Q vlan#2 P0 1.1.1.1.38442 > 2.2.2.2.1723: F 1059810834:1059810834(0) ack 834792899 win 257

  64: 06:17:14.708032 802.1Q vlan#2 P0 2.2.2.2.1723 > 1.1.1.1.38442: . ack 1059810835 win 256

  65: 06:17:14.708078 802.1Q vlan#2 P0 2.2.2.2.1723 > 1.1.1.1.38442: F 834792899:834792899(0) ack 1059810835 win 256

  66: 06:17:14.721642 802.1Q vlan#2 P0 1.1.1.1.38442 > 2.2.2.2.1723: R 1059810835:1059810835(0) ack 834792899 win 0

66 packets shown


2 REPLIES
Cisco Employee

PPTP VPN passthrough

Where is it failing?

I can see that you have GRE passing, so I assume that you are connected through the PPTP however can't pass any data, is that correct assumption?

Have you enabled "inspect pptp" on your firewall?

New Member

PPTP VPN passthrough

could u share your outside_access_in rule for this rras server? i would check ur rras logs as well..

420
Views
0
Helpful
2
Replies
CreatePlease to create content