PAMSC: cannot make multiple PPTP connections

book

Article ID: 222048

calendar_today

Updated On:

Products

CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

The first PPTP connection is disconnected when the second PPTP connection is made on jump server where PAMSC is installed and TCP class is used.

RDP to PAMSC server from 2 Windows10 clients by different users.
First, on RDP session from client1, user1 connects to other server via PPTP (VPN) and it works.
Then, do the same thing on RDP session from client2 (user2 connects to other server via PPTP), the connection made by user1 is disconnected.
 
This originally happened on 14.0 CR1 and still happens after upgrading to 14.1 CP2.

Cause

The defaccess for TCP _default rule is modified to none and ACL for remote PPTP server connections are added.
The defacc(none) for TCP _default is the cause of the problem.

Environment

Release : 14.0/14.1
Component : PAM SERVER CONTROL ENDPOINT WINDOWS

Resolution

The problem is resolved by reverting defacc for TCP _default rule to all.
The defacc for TCP _default rule should not be set to none as this may cause unexpected behavior by denying network connection.
Please consider to define specific TCP rules (such as 3389 for PPTP) and set defacc(n) to it if it is needed to block the access, and add ACL for exception (permision).