DeZo1
asked on
CISCO ASA 5510, PPTP passthrough, but clients don't come in on port 1723
I setup a CISCO ASA and since it doesn't support PPTP tunnels I configured the ACL to forward PPTP requests to my PPTP server. If I use the following NAT command;
static (inside,outside) tcp interface 1723 10.100.100.6 1723 netmask 255.255.255.255 0 0
my clients can't connect, when I looked at the logging information I see that my clients are coming in on random ports, seems as though they are not sending the PPTP request on 1723. since my NAT specifies 1723 to 1723 it won't connect.
if I use the NAT translation rule of; (71.xxx.xxx.208 being my outside int IP addr.)
static (inside,outside) 71.xxx.xxx.208 10.100.100.6 netmask 255.255.255.255 0 0
my PPTP clients connect seamlessly, but then this redirects every unspecified port to 10.100.100.6.
so for instance if I try to setup a VPN using the CISCO vpn tunnel using the CISCO vpn client, it tries to direct that request to 10.100.100.6
Can anyone offer some insight on this?
static (inside,outside) tcp interface 1723 10.100.100.6 1723 netmask 255.255.255.255 0 0
my clients can't connect, when I looked at the logging information I see that my clients are coming in on random ports, seems as though they are not sending the PPTP request on 1723. since my NAT specifies 1723 to 1723 it won't connect.
if I use the NAT translation rule of; (71.xxx.xxx.208 being my outside int IP addr.)
static (inside,outside) 71.xxx.xxx.208 10.100.100.6 netmask 255.255.255.255 0 0
my PPTP clients connect seamlessly, but then this redirects every unspecified port to 10.100.100.6.
so for instance if I try to setup a VPN using the CISCO vpn tunnel using the CISCO vpn client, it tries to direct that request to 10.100.100.6
Can anyone offer some insight on this?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks. That was the knowledge I needed to know.
ccess-list acl-out permit gre host 192.168.201.25 host 192.168.201.5
This article has some good information on setting this up.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094a5a.shtml
Cheers,
Gary