Cannot access remote VPN via PIX

Discussion in 'Cisco' started by info_removethis_@robsavage.com, Apr 7, 2005.

  1. Guest

    We get the following log entries:

    305011: Built dynamic TCP translation from inside:10.0.0.72 to outside:
    10.0.1.253/7382
    302013: Built outbound TCP connection 8904 for
    outside:123.456.789.238/1723 (123.456.789.238/1723) to
    inside:10.0.0.72/2995 (10.0.1.253/7382)
    305011Built dynamic GRE translation from inside:10.0.0.72/1723 to
    outside:10.0.1.253/11
    305011: Built dynamic GRE translation from inside:10.0.0.72/49152 to
    outside:10.0.1.253/12
    302017: Built inbound GRE connection 8905 from outside:123.456.789.238
    (123.456.789.238) to inside:10.0.0.72/49152 (10.0.1.253/12)
    302017: Built inbound GRE connection 8905 from
    inside:10.0.0.72(10.0.1.253) to outside:123.456.789.238/1723
    (123.456.789.238/1723)
    302014: Teardown TCP connection 8904 fro outside:123.456.789.238/1723
    to inside:10.0.0.72/2995 duration 0:00:30 bytes 536 TCP FINS
    302018: Teardown GRE connection 8905 from outside:123.456.789.238 to
    inside:10.0.0.72/49152 duration 0:00:30 bytes 450
    302018: Teardown GRE connection 8906 from inside:10.0.0.72 to
    outside:123.456.789.238/62392 duration 0:00:30 bytes 0
    305012: Teardown dynamic GRE translation from inside:10.0.0.72/1723 to
    outside:10.0.1.253/11 duration 0:00:31


    In the above:

    10.0.0.72 is my PC in the office
    10.0.1.253 is the PIX outside interface
    123.456.789.238 is the remote VPN server

    I get the 'verifying username/password' message and then it times out
    with a 721 or 619 error.

    The log looks as though my rules are allowing 1723 & GRE traffic
    through OK - can you help me with why these connections are failing?

    We connect to a number of VPN servers outside to support our client's
    networks, and they all behave the same way. We can access them fine if
    we don't go through the PIX.

    Cheers

    Rob
    , Apr 7, 2005
    #1
    1. Advertising

  2. Dumbkid Guest

    If you have PIX 6.3, "fixup protocol pptp 1723" should be enough. And if
    you have earlier version of PIX software, you will need to use "static" nat,
    (i.e. static (inside, outside) xxxx xxxx x...)

    Tom

    http://www.cisco.com/en/US/products...s_configuration_example09186a0080094a5a.shtml



    <> wrote in message
    news:...
    > We get the following log entries:
    >
    > 305011: Built dynamic TCP translation from inside:10.0.0.72 to outside:
    > 10.0.1.253/7382
    > 302013: Built outbound TCP connection 8904 for
    > outside:123.456.789.238/1723 (123.456.789.238/1723) to
    > inside:10.0.0.72/2995 (10.0.1.253/7382)
    > 305011Built dynamic GRE translation from inside:10.0.0.72/1723 to
    > outside:10.0.1.253/11
    > 305011: Built dynamic GRE translation from inside:10.0.0.72/49152 to
    > outside:10.0.1.253/12
    > 302017: Built inbound GRE connection 8905 from outside:123.456.789.238
    > (123.456.789.238) to inside:10.0.0.72/49152 (10.0.1.253/12)
    > 302017: Built inbound GRE connection 8905 from
    > inside:10.0.0.72(10.0.1.253) to outside:123.456.789.238/1723
    > (123.456.789.238/1723)
    > 302014: Teardown TCP connection 8904 fro outside:123.456.789.238/1723
    > to inside:10.0.0.72/2995 duration 0:00:30 bytes 536 TCP FINS
    > 302018: Teardown GRE connection 8905 from outside:123.456.789.238 to
    > inside:10.0.0.72/49152 duration 0:00:30 bytes 450
    > 302018: Teardown GRE connection 8906 from inside:10.0.0.72 to
    > outside:123.456.789.238/62392 duration 0:00:30 bytes 0
    > 305012: Teardown dynamic GRE translation from inside:10.0.0.72/1723 to
    > outside:10.0.1.253/11 duration 0:00:31
    >
    >
    > In the above:
    >
    > 10.0.0.72 is my PC in the office
    > 10.0.1.253 is the PIX outside interface
    > 123.456.789.238 is the remote VPN server
    >
    > I get the 'verifying username/password' message and then it times out
    > with a 721 or 619 error.
    >
    > The log looks as though my rules are allowing 1723 & GRE traffic
    > through OK - can you help me with why these connections are failing?
    >
    > We connect to a number of VPN servers outside to support our client's
    > networks, and they all behave the same way. We can access them fine if
    > we don't go through the PIX.
    >
    > Cheers
    >
    > Rob
    >
    Dumbkid, Apr 8, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Bill F
    Replies:
    1
    Views:
    421
    Walter Roberson
    Nov 25, 2003
  2. Marko Uusitalo
    Replies:
    1
    Views:
    1,485
    Frank Durham
    Apr 11, 2005
  3. (PeteCresswell)

    OT: How to reboot remote PC via VPN/Remote Desktop?

    (PeteCresswell), Jul 4, 2006, in forum: Wireless Networking
    Replies:
    9
    Views:
    29,953
    staffwriter
    Feb 8, 2013
  4. pasatealinux
    Replies:
    1
    Views:
    2,001
    pasatealinux
    Dec 17, 2007
  5. BF
    Replies:
    2
    Views:
    738
Loading...

Share This Page