Troubleshooting Windows Client VPN access and CISCO firewall

Sometimes you come at some network and try to connect by VPN from your windows system to your working network which accept connection using PPTP protocol but you find out that you can’t connect by VPN because the CISCO firewall in your network or in the network of your ISP is blocking the port 1723 or not configured.
The client side in general got the authentication window and after timeout, it receive the message error 721 or 806.

If you have access to the cisco firewall and the problem describe above is your , then it’s fixed very easy. And if you’re looking to protect your network from cyberattacks, you might want to install a NGFW.

Connect to your cisco firewall and add the command:

For connecting client machine from inside interface to Microsoft PPTP server located in the internet:

conf t
 policy-map global_policy
  class inspection_default
   inspect pptp
write mem

For ASA 8.2 and early one
For incoming connection from internet to a Microsoft PPTP server located at inside interface:
translate the PPTP server private address 192.168.1.1 to public 50.50.50.1

ciscoasa(config)# static (inside,outside) 50.50.50.1 192.168.1.1 netmask 255.255.255.255

allow the appropriate protocols from outside to inside

ciscoasa(config)# access-list acl-out permit gre any host 50.50.50.1
ciscoasa(config)# access-list acl-out permit tcp any host 50.50.50.1 eq 1723
ciscoasa(config)# access-group acl-out in interface outside

For ASA 8.3 and later
Static NAT:

ciscoasa(config)# object network rdp_server_static
ciscoasa(config-network-object)# host 192.168.1.1
ciscoasa(config-network-object)# nat (inside , outside) static 50.50.50.1

Access List:

ciscoasa(config)# access-list acl-out permit gre any host 192.168.1.1
ciscoasa(config)# access-list acl-out permit tcp any host 192.168.1.1 eq 1723
ciscoasa(config)# access-group acl-out in interface outside