Outbound PPTP PIX Problems

Discussion in 'Cisco' started by paul_tomlin@hotmail.com, Feb 6, 2008.

  1. Guest

    trying to get outbound PPTP working through our PIX, i've added in
    ISAKMP NAT TRAVERSAL 20 , thinking this would resolve it but no luck!
    anyone have any ideas? i've pasted sanitized config below:

    Regards

    Paul

    interface ethernet0 auto
    interface ethernet1 auto
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    fixup protocol dns maximum-length 512
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol pptp 1723
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    no fixup protocol smtp 25
    fixup protocol sqlnet 1521
    fixup protocol tftp 69
    names
    access-list out-acl permit tcp any any eq ssh
    access-list out-acl permit icmp any any
    access-list out-acl permit tcp any host xx.xx.xx.35 eq pptp
    access-list out-acl permit gre any host xx.xx.xx.35
    access-list out-acl permit ip yy.yy.14.0 255.255.255.0 yy.yy.9.0
    255.255.255.0
    access-list out-acl permit tcp any any eq pptp
    access-list out-acl permit gre any any
    access-list 100 permit ip yy.yy.14.0 255.255.255.0 yy.yy.9.0
    255.255.255.0
    access-list 100 permit ip yy.yy.14.0 255.255.255.0 yy.yy.10.0
    255.255.254.0
    access-list 110 permit ip yy.yy.14.0 255.255.255.0 yy.yy.10.0
    255.255.254.0
    access-list 120 permit ip yy.yy.14.0 255.255.255.0 yy.yy.9.0
    255.255.255.0
    pager lines 24
    mtu outside 1500
    mtu inside 1500
    ip address outside xx.xx.xx.34 255.255.255.248
    ip address inside yy.yy.14.254 255.255.255.0
    ip audit info action alarm
    ip audit attack action alarm
    pdm logging informational 100
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 0 access-list 100
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    static (inside,outside) tcp xx.xx.xx.35 pptp yy.yy.14.1 pptp netmask
    255.255.255.255 0 0
    static (inside,outside) tcp xx.xx.xx.35 3389 yy.yy.14.1 3389 netmask
    255.255.255.255 0 0
    static (inside,outside) xx.xx.xx.35 yy.yy.14.1 netmask 255.255.255.255
    0 0
    access-group out-acl in interface outside
    route outside 0.0.0.0 0.0.0.0 xx.xx.xx.33 1
    http server enable
    http yy.yy.14.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server community public
    no snmp-server enable traps
    floodguard enable
    sysopt connection tcpmss 1300
    sysopt connection permit-ipsec
    crypto ipsec transform-set atosset esp-3des esp-sha-hmac
    crypto dynamic-map dynmap 40 set transform-set atosset
    crypto map newmap 10 ipsec-isakmp
    crypto map newmap 10 match address 110
    crypto map newmap 10 set peer xx.xx.xx.227
    crypto map newmap 10 set transform-set atosset
    crypto map newmap 20 ipsec-isakmp
    crypto map newmap 20 match address 120
    crypto map newmap 20 set peer xx.xx.xx.114
    crypto map newmap 20 set transform-set atosset
    crypto map newmap interface outside
    isakmp enable outside
    isakmp key ******** address xx.xx.xx227 netmask 255.255.255.255 no-
    xauth no-con
    fig-mode
    isakmp key ******** address xx.xx.xx.114 netmask 255.255.255.255 no-
    xauth no-
    config-mode
    isakmp identity address
    isakmp nat-traversal 20
    isakmp policy 20 authentication pre-share
    isakmp policy 20 encryption 3des
    isakmp policy 20 hash sha
    isakmp policy 20 group 2
    isakmp policy 20 lifetime 86400
    telnet 0.0.0.0 0.0.0.0 inside
    telnet timeout 5
    ssh 0.0.0.0 0.0.0.0 outside
    ssh timeout 5
    console timeout 0
    terminal width 80
    , Feb 6, 2008
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Thomas L

    PPTP Outbound on Cisco 803

    Thomas L, Jul 8, 2004, in forum: Cisco
    Replies:
    0
    Views:
    524
    Thomas L
    Jul 8, 2004
  2. Tom
    Replies:
    4
    Views:
    669
  3. Replies:
    2
    Views:
    761
    Walter Roberson
    Mar 3, 2007
  4. Replies:
    4
    Views:
    509
    Brian V
    Feb 7, 2008
  5. Elia Spadoni
    Replies:
    15
    Views:
    2,879
Loading...

Share This Page