Configuring Microsoft VPN via Cisco PIX (ver. 5.1(4)) - continued

td_miles was alot of help on this issue (see link below)

http://www.experts-exchange.com/Security/Firewalls/Q_20793766.html#9726724

But I'm still having issues - getting a 721 error when connecting from the client computer. Using this:

access-list acl-out permit gre any host 216.xx.xx.xx
access-list acl-out permit tcp any host 216.xx.xx.xx

static (inside,outside) 216.xx.xx.xx 192.168.xx.xx netmask 255.255.255.255 0

access-group acl-out in interface outside

It worked great, but shut down all incoming access on everything else and using this:

conduit permit esp any host 216.x.x.x
conduit permit udp any eq isakmp host 216.x.x.x
conduit permit gre any host 216.x.x.x

Isn't working for me. I changed the "any" in the above to host xx.xx.xx.xx the client IP address, and still get a 721 error from the VPN client connection. Any ideas?
welshivAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

lrmooreCommented:
>216.xx.xx.xx
Is this the same IP address as your outside interface?

Try changing this:
>access-list acl-out permit tcp any host 216.xx.xx.xx

to this to be port-specific. This will keep from killing all your access:
access-list acl-out permit tcp any 1723 host 216.xx.xx.xx 1723
 
0
lrmooreCommented:
Wait, I just read the other link.
You are using conduits, not acls...
you should use the private IP of the host:

conduit permit esp host 192.168.x.x any
conduit permit udp eq isakmp host 192.168.x.x any
conduit permit gre host 192.168.x.x any

0
welshivAuthor Commented:
I did use the private IP of the host - didn't work
0
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

lrmooreCommented:
DOH!
Of course..
you need tcp 1723...not esp or isamkp for PPTP.

conduit permit tcp host 192.168.x.x  eq 1723 any


0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
lrmooreCommented:
Are you still working on this? Can you update us with your status?

Thanks!
0
Tim HolmanCommented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
I will leave the following recommendation for this question in the Cleanup topic area:

--> Accept: lrmoore

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

tim_holman
EE Cleanup Volunteer
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.