Allow PPTP VPN through Cisco PIX


Allow PPTP VPN through Cisco PIX

I came across a situation recently where a customers VPNs wouldn’t connect. This was a straight forward Microsoft PPTP VPN setup but there was no sign of any sessions hitting the RRAS server. The issue was caused by an incorrectly configured Cisco PIX. Here is a short guide to allow PPTP VPN through Cisco PIX:

1. Firstly ensure your access list allows ports 47 and 1722. Here is an example (replace X’s with the public IP VPN client’s will connect on):

access-list outside_access_in permit tcp any host XXX.XXX.XXX.XXX eq pptp
access-list outside_access_in permit gre any host XXX.XXX.XXX.XXX


2. You also need a fixup rule for pptp, this bit is easily forgotten and a common reason why PPTP VPN’s won’t connect through a PIX.

fixup protocol pptp 1723



Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>