3 Replies Latest reply on Oct 31, 2012 3:38 AM by PhilM

    MFE VPN times out


          My client has PPTP VPN configured on their firewall. The client from the remote site always disconnects when it is idle or even ther are using it.


      1.) Is there a session time our for VPN?

      2.) Is the Application Defense Group related to the problem? We tried to apply an App Defense group with <None> applied on the protocols and a default one for the Generic Defense but it made it worst. The clients cannot connect to the VPN. My purpose creating this App Group is apply a blank filtering without Proxying. When we applied a default app group the clients can now connect but still experiencing disconnection.




        • 1. Re: MFE VPN times out

          Can you provide details of the rules you have created to allow these PPTP connections to pass through your Firewall?



          • 2. Re: MFE VPN times out

            Hi Phil,

                       Thanks for your reply. The rules are below.


            1.) ISAKMP

            2.) A rule to allow from virual burb to the internal network

            • 3. Re: MFE VPN times out

              You will benefit from looking at my answer to your other VPN post.


              As you have now hopefully established there is no on-box PPTP functionality on the Firewall and ISAKMP is not part of the PPTP service - not that I am aware of anyway.


              You need to have a PPTP server installed on your internal network and then create an ACL allowing TCP port 1723 (for the initial connection) and IP protocol 47 (for the tunnel) which redirects through the Firewall to that server.


              While many of the customers I work with now use SSL-based solutions for their client VPN access, I still have a number quite happily using PPTP using the method I have described.