Allow PPTP VPN through Cisco PIX
I came across a situation recently where a customers VPNs wouldn’t connect. This was a straight forward Microsoft PPTP VPN setup but there was no sign of any sessions hitting the RRAS server. The issue was caused by an incorrectly configured Cisco PIX. Here is a short guide to allow PPTP VPN through Cisco PIX:
1. Firstly ensure your access list allows ports 47 and 1722. Here is an example (replace X’s with the public IP VPN client’s will connect on):
access-list outside_access_in permit tcp any host XXX.XXX.XXX.XXX eq pptp access-list outside_access_in permit gre any host XXX.XXX.XXX.XXX
2. You also need a fixup rule for pptp, this bit is easily forgotten and a common reason why PPTP VPN’s won’t connect through a PIX.
fixup protocol pptp 1723