>>>>Apparently the only thing that works is passing (ie not inspecting) gre
traffic in both directions (and also having a pass or inspect rule for the
1723tcp traffic).
That is normal, not sure what is your issue.
GRE+1723 port needs to be open for PPTP.
On Mon, Feb 14, 2011 at 8:20 AM, Paul Cocker <paul.cocker_at_gmx.com> wrote:
> Hi,
>
> Just trying to understand why the following happens.
>
> Trying to get a PPTP windows client to vpn through a zone based firewall.
>
> have an inspect for all traffic from that host, that doesn't work.
>
> Tried the inspect pptp option, that doens't work.
>
> Apparently the only thing that works is passing (ie not inspecting) gre
> traffic in both directions (and also having a pass or inspect rule for the
> 1723tcp traffic).
>
> Any ideas? Or just a bad implementation by cisco of their inspect pptp and
> inspect gre on the ZBF?
>
> Paul
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Mon Feb 14 2011 - 19:44:48 ART
This archive was generated by hypermail 2.2.0 : Tue Mar 01 2011 - 07:01:50 ART