You cannot open a Microsoft client VPN tunnel with a cisco PIX or ASA in front of you on the network

You need the following open (outbound)

• TCP port 1723 (thats pptp)
• Protocol 47 (GRE) - note thats a PROTOCOL and NOT a PORT

To allow a Microsoft PPTP Client through a PIX/ASA version 7 or above you need to add,

policy-map global_policy
class inspection_default
inspect pptp

To allow a Microsoft PPTP Client through a PIX/ASA version 6 you need to add,

fixup protocol pptp 1723

Working example (Version 7 and above)

access-list outbound extended permit gre any any
access-list outbound extended permit tcp any any eq pptp
access-group outbound in interface Inside
policy-map global_policy
class inspection_default
inspect pptp

If this post helped you, PLEASE take the time to +1 it.

Please be aware, all information is provided free, but it does cost me to have this site hosted, if I've helped you in any way, or saved you some time/cost please take time to make a donation.

If you have anything to add to an article, or have an article you would like us to publish please feel free to contact PeteNetLive. (Please be aware I get a LOT of email, I cannot assist and fix everyone's problems, please do not be offended if you do not get a response).