Sometimes you come at some network and try to connect by VPN from your windows system to your working network which accept connection using PPTP protocol but you find out that you can’t connect by VPN because the CISCO firewall in your network or in the network of your ISP is blocking the port 1723 or not configured.
The client side in general got the authentication window and after timeout, it receive the message error 721 or 806.
If you have access to the cisco firewall and the problem describe above is your , then it’s fixed very easy. And if you’re looking to protect your network from cyberattacks, you might want to install a NGFW.
Connect to your cisco firewall and add the command:
For connecting client machine from inside interface to Microsoft PPTP server located in the internet:
conf t policy-map global_policy class inspection_default inspect pptp write mem
For ASA 8.2 and early one
For incoming connection from internet to a Microsoft PPTP server located at inside interface:
translate the PPTP server private address 192.168.1.1 to public 188.8.131.52
ciscoasa(config)# static (inside,outside) 184.108.40.206 192.168.1.1 netmask 255.255.255.255
allow the appropriate protocols from outside to inside
ciscoasa(config)# access-list acl-out permit gre any host 220.127.116.11 ciscoasa(config)# access-list acl-out permit tcp any host 18.104.22.168 eq 1723 ciscoasa(config)# access-group acl-out in interface outside
For ASA 8.3 and later
ciscoasa(config)# object network rdp_server_static ciscoasa(config-network-object)# host 192.168.1.1 ciscoasa(config-network-object)# nat (inside , outside) static 22.214.171.124
ciscoasa(config)# access-list acl-out permit gre any host 192.168.1.1 ciscoasa(config)# access-list acl-out permit tcp any host 192.168.1.1 eq 1723 ciscoasa(config)# access-group acl-out in interface outside