PPTP Windows clients thru PIX 520 to Win Server

[Chugger]

Hello. Please help me to understand why I can't establish PPTP connections thru my pix 520 [5.0(3)] that remain up beyond 34 seconds.

I have the correct ports open: tcp 1723, and GRE statement, I can even monitor the activity on the conduits. But the client always drops after 34 seconds.. Any tips out there?

Heres the config:
Win clients: (98, 2000)
Firewall: Pix 520 Version 5.0(3)
Server: NT4.0 with latest builds, a BDC, with RAS.

Thank you

 

[melospawn]

Hi, could you tell me how to monitor the activities of the conduits. I have a PIX 515 and the same problem. For What I have been told the VPN uses the port 1723 to pass the status packets, as well as the packets to create the tunnel, but the info (like the password of the user ) goes trhough other port, I don't know wich one, so I guess you must open that port so you can get packets from outside to your VPN SERVER.

Please, I will like to know how to monitor the conduits so I can try to find an answer. As soon as I got it I will tell you.

Thanks a lot Carpe Diem.
Carmelo Lopez-Portilla
CCNA
e-mail:clopez@infoport.digitainer.com

 

[bill2001]

Carmello,
Hey, Don't forget to open both the 1723 and do the GRE statement.

Here's the example:

conduit permit tcp host ##.###.#.### eq 1723 any
conduit permit gre host ##.###.#.### any

Where #### is, be sure to enter the "outside/translated" IP address of your RAS server behind the firewall.

By the way, I just began to get results when I enabled NetBuis on both the clients and the RAS server.

Its not perfect yet, because I can't do anything after the VPN is established. Just establish and sit there.... I'll keep you posted if anything comes up..

I hope this helps....