welshiv
asked on
Configuring Microsoft VPN via Cisco PIX (ver. 5.1(4)) - continued
td_miles was alot of help on this issue (see link below)
https://www.experts-exchange.com/questions/20793766/Configuring-Microsoft-VPN-via-Cisco-PIX-ver-5-1-4.html#9726724
But I'm still having issues - getting a 721 error when connecting from the client computer. Using this:
access-list acl-out permit gre any host 216.xx.xx.xx
access-list acl-out permit tcp any host 216.xx.xx.xx
static (inside,outside) 216.xx.xx.xx 192.168.xx.xx netmask 255.255.255.255 0
access-group acl-out in interface outside
It worked great, but shut down all incoming access on everything else and using this:
conduit permit esp any host 216.x.x.x
conduit permit udp any eq isakmp host 216.x.x.x
conduit permit gre any host 216.x.x.x
Isn't working for me. I changed the "any" in the above to host xx.xx.xx.xx the client IP address, and still get a 721 error from the VPN client connection. Any ideas?
https://www.experts-exchange.com/questions/20793766/Configuring-Microsoft-VPN-via-Cisco-PIX-ver-5-1-4.html#9726724
But I'm still having issues - getting a 721 error when connecting from the client computer. Using this:
access-list acl-out permit gre any host 216.xx.xx.xx
access-list acl-out permit tcp any host 216.xx.xx.xx
static (inside,outside) 216.xx.xx.xx 192.168.xx.xx netmask 255.255.255.255 0
access-group acl-out in interface outside
It worked great, but shut down all incoming access on everything else and using this:
conduit permit esp any host 216.x.x.x
conduit permit udp any eq isakmp host 216.x.x.x
conduit permit gre any host 216.x.x.x
Isn't working for me. I changed the "any" in the above to host xx.xx.xx.xx the client IP address, and still get a 721 error from the VPN client connection. Any ideas?
Wait, I just read the other link.
You are using conduits, not acls...
you should use the private IP of the host:
conduit permit esp host 192.168.x.x any
conduit permit udp eq isakmp host 192.168.x.x any
conduit permit gre host 192.168.x.x any
You are using conduits, not acls...
you should use the private IP of the host:
conduit permit esp host 192.168.x.x any
conduit permit udp eq isakmp host 192.168.x.x any
conduit permit gre host 192.168.x.x any
ASKER
I did use the private IP of the host - didn't work
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Are you still working on this? Can you update us with your status?
Thanks!
Thanks!
No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
I will leave the following recommendation for this question in the Cleanup topic area:
--> Accept: lrmoore
Any objections should be posted here in the next 4 days. After that time, the question will be closed.
tim_holman
EE Cleanup Volunteer
I will leave the following recommendation for this question in the Cleanup topic area:
--> Accept: lrmoore
Any objections should be posted here in the next 4 days. After that time, the question will be closed.
tim_holman
EE Cleanup Volunteer
Is this the same IP address as your outside interface?
Try changing this:
>access-list acl-out permit tcp any host 216.xx.xx.xx
to this to be port-specific. This will keep from killing all your access:
access-list acl-out permit tcp any 1723 host 216.xx.xx.xx 1723