PPTP VPN Problem when using port forwarding

We recently had someone come in to help setup our Exchange server. He made some modifications to our PIX firewall and now our VPN doesn't work. We used to have the following for this:
 access-list inbound permit tcp any host xxx.xxx.xxx.150 eq pptp
 access-list inbound permit tcp any host xxx.xxx.xxx.150 eq 1701
 access-list inbound permit gre any host xxx.xxx.xxx.150
 static(inside, outside) xxx.xxx.xxx.150 xxx.xxx.xxx.4 netmask 255.255.255.255 0 0

which translated all traffic coming to .150 to the internal server. He changed it to do port forwarding on specific ports to the server. The new configuration is
static (inside,outside) tcp interface smtp xxx.xxx.xxx.4 smtp netmask 255.255.255.255 0 0
static (inside,outside) tcp interface https xxx.xxx.xxx.4 https netmask 255.255.255.255 0 0

After he did this, the pptp VPN no longer worked. I added
static (inside,outside) tcp interface pptp xxx.xxx.xxx.4 pptp netmask 255.255.255.255 0 0
and was able to get further, but it still won't complete authentication without the gre being forwarded. Am I going to have to remove port forwarding and just forward all traffic to the server to get this to work. I noticed that you can only do port forwarding on tpc and upd, gre isn't allowed. Is there another way around this?

patrickmulcahyAsked:
Who is Participating?
 
lrmooreConnect With a Mentor Commented:
Someone screwed you over...
PPTP requires a 1-1 static NAT as you had it.
The VPN server is also the Exchange Server??

You have to keep this:
 static(inside, outside) xxx.xxx.xxx.150 xxx.xxx.xxx.4 netmask 255.255.255.255 0 0

Add these entries to the acl
 access-list inbound permit tcp any host xxx.xxx.xxx.150 eq pptp
 access-list inbound permit tcp any host xxx.xxx.xxx.150 eq 1701
 access-list inbound permit gre any host xxx.xxx.xxx.150
 access-list inbound permit tcp any host xxx.xxx.xxx.150 eq smtp
 access-list inbound permit tcp any host xxx.xxx.xxx.150 eq https

Your MX records must point to xxx.xxx.xxx.150

0
 
lrmooreCommented:
You can try enabling fixup pptp
  fixup protocol pptp 1723
0
All Courses

From novice to tech pro — start learning today.