Cisco ASAv - Allow external PPTP VPN connections outbound

If you have a user who is unable to connect to a VPN located outside your network, from inside your network, you will need to allow inspection of the GRE protocol to pass through the ASA as well as allow port TCP port 1723 outbound:

Do the following:

en
conf t
policy-map global_policy
class inspection_default
inspect pptp

access-list outbound extended permit gre any any
access-list outbound extended permit tcp any any eq pptp
access-group outbound in interface inside

write mem

And that should do the trick

comments powered by Disqus