pix and ms pptp

Discussion in 'Cisco' started by mmark751969, Mar 29, 2009.

  1. mmark751969

    mmark751969 Guest

    I have a situation where i am not getting connections with clients
    doing microsoft pptp with winxp going through a pix506 terminating at
    a microsoft pptp server on win2k3. The pix is set with tcp 1723 and
    gre open for any any(and to the publicly natted server). I know the
    traffic is getting by the pix due to the following debugging output.
    PPTP start-control-request: (inside:192.168.x.x/1723 <- out
    side:173.11.x.x/39086)
    2: PPTP start-control-reply: (inside:192.168.x.x/1723 -> outside:
    173.11.x.x
    /39086)
    3: PPTP outgoing-call-request: (inside:192.168.x.x/1723 <- outside:
    173.11.x.
    25/39086)
    4: PPTP outgoing-call-reply: (inside:192.168.x.x/1723 -> outside:
    173.11.x.x
    /39086)
    5: PPTP set-link-info: (inside:192.168.x.x/1723 <- outside:173.11.x.x/
    39086
    )
    6: PPTP clear-request: (inside:192.168.x.x/1723 <- outside:173.11.x.x/
    39086
    )
    7: PPTP disconnect-notify: (inside:192.168.x.x/1723 -> outside:
    173.11.x.x/3
    9086)
    8: requesting gre CID 667 removal
    9: first gre CID 667 found, removing
    10: second gre lcid/fcid 1723/26146 found, removing
    11: PPTP unknown-message: (inside:192.168.x.x/1723 <- outside:
    173.11.x.x/39
    086)
    12: PPTP unknown-message: (inside:192.168.x.x/1723 -> outside:
    173.11.x.x/39
    086)
    13: PPTP start-control-request: (inside:192.168.x.x/1723 <- outside:
    173.11.x
    ..25/39095)
    14: PPTP start-control-reply: (inside:192.168.x.x/1723 -> outside:
    173.11.x.x
    5/39095)
    15: PPTP outgoing-call-request: (inside:192.168.x.x/1723 <- outside:
    173.11.x
    ..25/39095)
    16: PPTP outgoing-call-reply: (inside:192.168.x.x/1723 -> outside:
    173.11.x.x
    5/39095)
    17: PPTP set-link-info: (inside:192.168.x.x/1723 <- outside:173.11.x.x/
    3909
    5)
    18: PPTP clear-request: (inside:192.168.x.x/1723 <- outside:173.11.x.x/
    3909
    5)
    19: PPTP disconnect-notify: (inside:192.168.x.x/1723 -> outside:
    173.11.x.x/
    39095)
    20: requesting gre CID 28906 removal
    21: first gre CID 28906 found, removing
    22: second gre lcid/fcid 1723/34644 found, removing
    23: PPTP unknown-message: (inside:192.168.x.x/1723 <- outside:
    173.11.x.x/39
    095)
    24: PPTP unknown-message: (inside:192.168.x.x/1723 -> outside:
    173.11.x.x/39
    095)

    A set-link-info request is the client requesting pptp negotiation
    parameters from the server. But it doesn't seem the server is
    responding so the client is disconnecting with a clear-request
    packet. The client is configured with default parameters for a pptp
    connection. The server is running MS Rras. What would be causing the
    server to not negotiate the pptp connection parameters. It doesn't
    seem to be the pix
     
    mmark751969, Mar 29, 2009
    #1
    1. Advertising

  2. mmark751969

    Brian V Guest

    "mmark751969" <> wrote in message
    news:...
    >I have a situation where i am not getting connections with clients
    > doing microsoft pptp with winxp going through a pix506 terminating at
    > a microsoft pptp server on win2k3. The pix is set with tcp 1723 and
    > gre open for any any(and to the publicly natted server). I know the
    > traffic is getting by the pix due to the following debugging output.
    > PPTP start-control-request: (inside:192.168.x.x/1723 <- out
    > side:173.11.x.x/39086)
    > 2: PPTP start-control-reply: (inside:192.168.x.x/1723 -> outside:
    > 173.11.x.x
    > /39086)
    > 3: PPTP outgoing-call-request: (inside:192.168.x.x/1723 <- outside:
    > 173.11.x.
    > 25/39086)
    > 4: PPTP outgoing-call-reply: (inside:192.168.x.x/1723 -> outside:
    > 173.11.x.x
    > /39086)
    > 5: PPTP set-link-info: (inside:192.168.x.x/1723 <- outside:173.11.x.x/
    > 39086
    > )
    > 6: PPTP clear-request: (inside:192.168.x.x/1723 <- outside:173.11.x.x/
    > 39086
    > )
    > 7: PPTP disconnect-notify: (inside:192.168.x.x/1723 -> outside:
    > 173.11.x.x/3
    > 9086)
    > 8: requesting gre CID 667 removal
    > 9: first gre CID 667 found, removing
    > 10: second gre lcid/fcid 1723/26146 found, removing
    > 11: PPTP unknown-message: (inside:192.168.x.x/1723 <- outside:
    > 173.11.x.x/39
    > 086)
    > 12: PPTP unknown-message: (inside:192.168.x.x/1723 -> outside:
    > 173.11.x.x/39
    > 086)
    > 13: PPTP start-control-request: (inside:192.168.x.x/1723 <- outside:
    > 173.11.x
    > .25/39095)
    > 14: PPTP start-control-reply: (inside:192.168.x.x/1723 -> outside:
    > 173.11.x.x
    > 5/39095)
    > 15: PPTP outgoing-call-request: (inside:192.168.x.x/1723 <- outside:
    > 173.11.x
    > .25/39095)
    > 16: PPTP outgoing-call-reply: (inside:192.168.x.x/1723 -> outside:
    > 173.11.x.x
    > 5/39095)
    > 17: PPTP set-link-info: (inside:192.168.x.x/1723 <- outside:173.11.x.x/
    > 3909
    > 5)
    > 18: PPTP clear-request: (inside:192.168.x.x/1723 <- outside:173.11.x.x/
    > 3909
    > 5)
    > 19: PPTP disconnect-notify: (inside:192.168.x.x/1723 -> outside:
    > 173.11.x.x/
    > 39095)
    > 20: requesting gre CID 28906 removal
    > 21: first gre CID 28906 found, removing
    > 22: second gre lcid/fcid 1723/34644 found, removing
    > 23: PPTP unknown-message: (inside:192.168.x.x/1723 <- outside:
    > 173.11.x.x/39
    > 095)
    > 24: PPTP unknown-message: (inside:192.168.x.x/1723 -> outside:
    > 173.11.x.x/39
    > 095)
    >
    > A set-link-info request is the client requesting pptp negotiation
    > parameters from the server. But it doesn't seem the server is
    > responding so the client is disconnecting with a clear-request
    > packet. The client is configured with default parameters for a pptp
    > connection. The server is running MS Rras. What would be causing the
    > server to not negotiate the pptp connection parameters. It doesn't
    > seem to be the pix


    conf t
    fixup protocol pptp (might be fixup protocol pptp 1723)
    http://www.cisco.com/en/US/products...s_configuration_example09186a0080094a5a.shtml
    -Brian
     
    Brian V, Mar 29, 2009
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Trond Hindenes
    Replies:
    1
    Views:
    3,100
    Trond Hindenes
    Jul 10, 2003
  2. Michael Gorsuch
    Replies:
    1
    Views:
    393
    Brian Bergin
    Oct 29, 2003
  3. -Chris

    PPTP and PIX problems

    -Chris, Feb 19, 2004, in forum: Cisco
    Replies:
    2
    Views:
    1,130
    -Chris
    Feb 20, 2004
  4. Tom
    Replies:
    4
    Views:
    680
  5. Elia Spadoni
    Replies:
    15
    Views:
    2,900
Loading...

Share This Page