I recently had to connect to a customers network to troubleshoot an EMC storage array. The customer created a user name and password for me on a Windows Server and requested that I connect to their environment using a VPN (PPTP) connection. I attempted to connect with my MacBook Pro, but I received the error message “The server is unreachable” after several attempts.
I switched to my Windows Desktop and attempted to connect to the customers VPN (PPTP) server and also received an error message. This time the error was, “Error 619 – A connection to the remote computer could not be established.” After disabling anti-virus software I reattempted to connect to the VPN (PPTP) server but continued to receive the same Error 619 message.
A quick Google search revealed that the Cisco ASA 5505 (my office Security Appliance) does not pass PPTP client traffic by default. Cisco Document ID 18806 Permitting PPTP/L2TP Through the PIX/ASA/FWSM details the problem. Here is how you can quickly enable clients behind a Cisco ASA 5505 to connect to a VPN (PPTP) server on the Internet:
- Open Cisco ASDM for ASA
- Click on the Configuration button in the top menu bar, then select the Firewall button in the left hand pane.
- Select Service Policy Rules, then click on the inspection_default Traffic Classification.
- Click on the Edit button, then select the Rule Actions tab and Protocol Inspection sub tab.
- Scroll down and locate PPTP (by default it is unchecked), check it then click OK.
- From the File Menu, select Save Running Configuration to Flash.
You should now be able to use the VPN (PPTP) client on your MacBook or Windows Desktop.
