I am having trouble getting PPTP to pass through my ASL firewall (Internal to External). The trouble is only occuring with a Cisco VPN Concentrator. I connect to Microsoft Servers without any trouble at all. I would appreciate if anyone can give me a clue as to any potential settings or ASL problems.
Existing Settings:
Internal eth0 (using 10.10.1.2)
Internal clients using 10.10.1.x
External eth1 (using 208.150.211.60)
Masquerading set Internal to External
Route set Internal to External
No SNAT or DNAT
Not using any Proxy
Services -
Name Protocol S-Port D-Port
IPSec AH Any 1024:65535 138
IPSec ESP Any 1024:65535 1721:1728
IPSec ISAKMP Any 1024:65535 500
Kerberos Any 1024:65535 88
PPTP GRE Any 1024:65535 47
All of these Services are set in a group called IPSec and the IPSec group is enabled in the Packet Filter Rules.
I know this has to do with the firewall because the client has no trouble connecting to the VPN Concentrator if it is on the outside of the firewall.
Additional Info:
1) Even if I set the packet filter to allow "Any" (so basically allowing every packet through) it still does not work.
2) On the Packet Filter LiveLog there is no indication of any filtered packet coming from the Internal Client.
3) Connection starts (gets to Verifying User Name and Password) so I know I am atleast hitting the concentrator, pauses for a long time, then closes with an "Error 619: The specified port is not connected."
4) Using PPTP Roadwarrior into the ASL firewall is working fine.
Any information would be greatly appreciated,
Jeremy G.
This thread was automatically locked due to age.
