service-policy pptp_policy interface outside

I found that here: http://www.cisco.com/en/US/docs/security/asa/asa83/command/reference/i2.html#wp1761500

In order for scenario 2 to work, you need a dedicated public IP which will be static nat to the inside server. Your problem shows that GRE does not pass from client (outside) to server inside. Only TCP port 1723 can pass from what you describe.

thanks for the tutorial.I’ve a problem with it.

I’ve an ASA 5110 8.0(4) released. I’m working on scenario 2.
When i try to connect with the client, it contact the server, try to verify user and password and after 30second it reply with the message:

Error 806: a connection between your computer and the VPN server has been established but the VPN connection cannot be completed. The most common cause for this is that there is at least one internet device between your computer and the VPN server is not configured to allow GRE protocol packets Verify that protocol 47 GRE is allowed on all personal firewall devices or routers. if the problem persists, contact your administrator.

If i try a telnet from client to server, on 1723 port, it work.

where i wrong?

Thanks

! allow the appropriate protocols from outside to inside
ciscoasa(config)# access-list acl-out permit gre any host 50.50.50.1
ciscoasa(config)# access-list acl-out permit tcp any host 50.50.50.1 eq 1723
ciscoasa(config)# access-group acl-out in interface outside

But still I have error message on VPN server saying that:
Firewall between VPN server and clients is not configured to allow GRE packets.

Any suggestion?

Thanks

I check out the link: http://www.tech21century.com/allowing-microsoft-pptp-through-cisco-asa/.

It would allow me to excute the following command:

ciscoasa(config)# static (inside,outside) 50.50.50.1 192.168.1.1 netmask 255.255.255.255

Could you help me with it?

Thanks.

Check out the post here: http://www.tech21century.com/allowing-microsoft-pptp-through-cisco-asa/