Solved

Configuring Microsoft VPN via Cisco PIX (ver. 5.1(4)) - continued

Posted on 2003-11-12
7
620 Views
Last Modified: 2013-11-16
td_miles was alot of help on this issue (see link below)

http://www.experts-exchange.com/Security/Firewalls/Q_20793766.html#9726724

But I'm still having issues - getting a 721 error when connecting from the client computer. Using this:

access-list acl-out permit gre any host 216.xx.xx.xx
access-list acl-out permit tcp any host 216.xx.xx.xx

static (inside,outside) 216.xx.xx.xx 192.168.xx.xx netmask 255.255.255.255 0

access-group acl-out in interface outside

It worked great, but shut down all incoming access on everything else and using this:

conduit permit esp any host 216.x.x.x
conduit permit udp any eq isakmp host 216.x.x.x
conduit permit gre any host 216.x.x.x

Isn't working for me. I changed the "any" in the above to host xx.xx.xx.xx the client IP address, and still get a 721 error from the VPN client connection. Any ideas?
0
Comment
Question by:welshiv
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
7 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 9735461
>216.xx.xx.xx
Is this the same IP address as your outside interface?

Try changing this:
>access-list acl-out permit tcp any host 216.xx.xx.xx

to this to be port-specific. This will keep from killing all your access:
access-list acl-out permit tcp any 1723 host 216.xx.xx.xx 1723
 
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 9735492
Wait, I just read the other link.
You are using conduits, not acls...
you should use the private IP of the host:

conduit permit esp host 192.168.x.x any
conduit permit udp eq isakmp host 192.168.x.x any
conduit permit gre host 192.168.x.x any

0
 

Author Comment

by:welshiv
ID: 9735656
I did use the private IP of the host - didn't work
0
Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 9735709
DOH!
Of course..
you need tcp 1723...not esp or isamkp for PPTP.

conduit permit tcp host 192.168.x.x  eq 1723 any


0
 
LVL 79

Expert Comment

by:lrmoore
ID: 9774431
Are you still working on this? Can you update us with your status?

Thanks!
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 10976439
No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
I will leave the following recommendation for this question in the Cleanup topic area:

--> Accept: lrmoore

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

tim_holman
EE Cleanup Volunteer
0

Featured Post

Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question