Skip to content

Accessing a Microsoft VPN (PPTP) server using a client behind a Cisco ASA 5505 Security Appliance

June 25, 2014

I recently had to connect to a customers network to troubleshoot an EMC storage array.  The customer created a user name and password for me on a Windows Server and requested that I connect to their environment using a VPN (PPTP) connection.  I attempted to connect with my MacBook Pro, but I received the error message “The server is unreachable” after several attempts.

Image

I switched to my Windows Desktop and attempted to connect to the customers VPN (PPTP) server and also received an error message.  This time the error was, “Error 619 – A connection to the remote computer could not be established.”  After disabling anti-virus software I reattempted to connect to the VPN (PPTP) server but continued to receive the same Error 619 message.

A quick Google search revealed that the Cisco ASA 5505 (my office Security Appliance) does not pass PPTP client traffic by default.  Cisco Document ID 18806 Permitting PPTP/L2TP Through the PIX/ASA/FWSM details the problem.  Here is how you can quickly enable  clients behind a Cisco ASA 5505 to connect to a VPN (PPTP) server on the Internet:

  1. Open Cisco ASDM for ASA
  2. Click on the Configuration button in the top menu bar, then select the Firewall button in the left hand pane.
  3. Select Service Policy Rules, then click on the inspection_default Traffic Classification.
  4. Click on the Edit button, then select the Rule Actions tab and Protocol Inspection sub tab.
  5. Scroll down and locate PPTP (by default it is unchecked), check it then click OK.
  6. From the File Menu, select Save Running Configuration to Flash.

You should now be able to use the VPN (PPTP) client on your MacBook or Windows Desktop.

Image

Advertisements
No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: