PPTP and PIX problems

Discussion in 'Cisco' started by -Chris, Feb 19, 2004.

  1. -Chris

    -Chris Guest

    I am having problems with traffic across a PPTP tunnel. I can
    establish the connection successfully, but all traffic results in the
    error:

    402106: Rec'd packet not an IPSEC packet

    Well, that's true, its a PPTP packet. I have:

    sysopt connection permit-pptp

    in my configuration. Comparisons between my configuration and the
    document:

    "Configuring the PIX Firewall and VPN Clients Using PPTP, MPPE and
    IPSec"

    Don't show any non-cosmetic differences. Right now I have it set up so
    it is:

    Windows machine <-> PIX <-> Windows Machine so there isn't any other
    hardware in the middle that could be interfering.

    Searching on the 402106 error message seems to primarily give me
    security warnings from a few years back. So I am officially lost.

    Any ideas?
     
    -Chris, Feb 19, 2004
    #1
    1. Advertising

  2. My guess is you nonat is wrong. the nonat acl should reflect the traffic
    from local LAN to the pptp ip pool.


    HTH
    Martin Bilgrav


    "-Chris" <> wrote in message
    news:...
    > I am having problems with traffic across a PPTP tunnel. I can
    > establish the connection successfully, but all traffic results in the
    > error:
    >
    > 402106: Rec'd packet not an IPSEC packet
    >
    > Well, that's true, its a PPTP packet. I have:
    >
    > sysopt connection permit-pptp
    >
    > in my configuration. Comparisons between my configuration and the
    > document:
    >
    > "Configuring the PIX Firewall and VPN Clients Using PPTP, MPPE and
    > IPSec"
    >
    > Don't show any non-cosmetic differences. Right now I have it set up so
    > it is:
    >
    > Windows machine <-> PIX <-> Windows Machine so there isn't any other
    > hardware in the middle that could be interfering.
    >
    > Searching on the 402106 error message seems to primarily give me
    > security warnings from a few years back. So I am officially lost.
    >
    > Any ideas?
     
    Martin Bilgrav, Feb 19, 2004
    #2
    1. Advertising

  3. -Chris

    -Chris Guest

    Martin, thanks for the input. I ended up doing a complete rebuild of
    the system, and I can't see any difference between what I had before
    and what I have now.

    I'll look at the acls again to see how they are different.


    "Martin Bilgrav" <> wrote in message news:<QvaZb.93836$>...
    > My guess is you nonat is wrong. the nonat acl should reflect the traffic
    > from local LAN to the pptp ip pool.
    >
    >
    > HTH
     
    -Chris, Feb 20, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Trond Hindenes
    Replies:
    1
    Views:
    3,126
    Trond Hindenes
    Jul 10, 2003
  2. Michael Gorsuch
    Replies:
    1
    Views:
    405
    Brian Bergin
    Oct 29, 2003
  3. Tom
    Replies:
    4
    Views:
    724
  4. Replies:
    0
    Views:
    572
  5. Elia Spadoni
    Replies:
    15
    Views:
    2,962
Loading...

Share This Page