Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Newbie pix issue 1

Status
Not open for further replies.
aschwartz71

aschwartz71

Technical User
Jun 3, 2006
32
US
This might be simple, but I am confused by it, and I have no idea what else to do.

We have a basic PIX (506) that we use for vendor VPN connections outside. In our training room, we setup a bunch of workstations and connected their switch to an internal port. The external port connects to our external network. I have NAT setup on it as well, and dhcp works, and so does the internet and all VPN connections EXCEPT microsoft's. When I remove the PIX from the equation, MS vpn connects normally, but when the pix is in place, we get 721 error. I have a few access rules setup so that it passes all TCP and all IP from inside to outside and outside to inside, and with these rules in place, I can telnet from the workstation to the remote vpn on port 1723, and when I set the rule to deny, it doesnt work, so I am sure that that is open. I also set a rule to allow GRE inbound and outbound, but it still gives error 721.

Any ideas?
 
Sort by date Sort by votes
Add this line to your config

fixup protocol pptp 1723

It will allow the PPTP to pass through the pix.





Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
Thanks for the response. Can that be done from the GUI? I havent ventured into the CLI as of yet. If it needs to be done via the command line, which file does it get added to, and which section?

Thanks again
 
Upvote 0 Downvote
I don't really know the gui but I'm sure it can be done that way. For the CLI it's easy,

Login via SSH or telnet
type
en
your password
config t
fixup protocol pptp 1723
wri mem
exit

voila!


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
Ok, so I started the PDM for the first time in a few years -
Go to Configuration Button -> System Properties tab -> Advanced Tree item and expand it. Now expand the fixup tree item and select PPTP. Put in 1723 as the low port and click add and then apply.

That should do it.
Hope it helped.



Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
That did it, once I added the port in, it worked with no issues. Thanks a bunch, that was great.

I need to go over my cisco cbts... :)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
771
nnaarrnn
nnaarrnn
Jimbo2015
  • Locked
  • Question
Avaya - Watch guard issue with keep alives
Replies
1
Views
286
hairlessupportmonkey
hairlessupportmonkey
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
205
xwray
xwray
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
258
brownmab53
brownmab53
sudhakar346
  • Locked
  • Question
Cisco ASA inside to DMZ issue over public IP
Replies
2
Views
255
kythri
kythri

Part and Inventory Search

Sponsor

Back
Top