Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN cannot go through PIX 515 to VPN w2000 SEVER

Status
Not open for further replies.
melospawn

melospawn

IS-IT--Management
Feb 12, 2001
50
0
0
DE
Hi there,

I had everything working great with my VPN until I putted a PIX 515 (CISCO) between my router and my vpn server. Now if I try to get to my vpn server the dialer can get to the server but when it tries to check username & password i doesn't work

I guess I have to open some ports at my firewall. I have this lines:

conduit permit tcp host xx.xx.xx.xx eq 1723 any
conduit permit gre host xx.xx.xx.xx any

What I think is wrong is that to send info packets for the tunnel on the vpn the vpn server uses port 1723 and gre, but to send data packets (like password, etc) it uses another port, which I cannot find

Could someone please help me?¿

Thanks a lot.

Carpe Diem.
Carmelo Lopez-Portilla
CCNA
e-mail:clopez@infoport.digitainer.com
 
Sort by date Sort by votes
I believe it is port 47. I assume, since you mentioned GRE, you are using Win2k. Port 1701 if you are using L2TP. My guess is that you are passing the PPTP packet to the server, but the GRE header gets stopped on the way back.
 
Upvote 0 Downvote
I have exactly the same problem. The VPN is at my house, and the cisco box is at my office. So what is the fix? Do I need to get the IT people to open some ports, and if so, which ones??? 47 ???
 
Upvote 0 Downvote
Hi there, I already have it fix. My problem was my ISP, it has a Firewall and didn't open the ports for the vpn.

In the cisco PIX you cannot put port 47, you gotta open all the ports for GRE protocol

Slightsey, you gotta tell the people from IT to open port 1723 and all the ports for protocol GRE, (which number is 47, but in a CISCO PIX it already has the tag GRE in Hardware).

Hope this helps.

Thanks to everyone

Carpe Diem.
Carmelo Lopez-Portilla
CCNA
e-mail:clopez@infoport.digitainer.com
 
Upvote 0 Downvote
I am actually having the same problem, and am not very familiar with how to configure the pix. Can someone give me what I would need to add to the configuration to make this work?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

teknance
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
305
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
169
sircles
sircles
sarahz2
  • Question
Best vpn safe and fast
Replies
4
Views
196
GlobeTrekkerGal
GlobeTrekkerGal
ramblingrebel
  • Locked
  • Question
Built-in Windows 10 VPN
Replies
1
Views
125
Joon Smith
Joon Smith
LearningNetworking
  • Locked
  • Question
Linking Hosts on the same subnet via VPN
Replies
0
Views
220
LearningNetworking
LearningNetworking

Part and Inventory Search

Sponsor

Back
Top