Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Does pix 515 support more than one pptp vpdn group: radius and local auth?

Unanswered Question
Jun 6th, 2007
User Badges:

PIX 515 (ver 6.5 IOS) with pptp vpdn with Radius auth. Want to add second pptp vpdn group, but with local auth.

Here is the debug vpdn event output when I tried to connect with a local "innfinity" account:

Tnl 593 PPTP: Tunnel created; peer initiated

Tnl 593 PPTP: SCCRQ-ok -> state change wt-sccrq to estabd

Tnl/Cl 593/589 PPTP: l2x store session: tunnel id 593, session id 589, hash_ix=589

Tnl/Cl 593/589 PPTP: vacc-ok -> state change wt-vacc to estabd

Tnl 593 PPTP: StopCCRQ -> state change estabd to terminal

Tnl 593 PPTP: Destroy tunnel

innfinityTnl/Cl 593/589 PPTP: Destroying session

However, on the XP box I get Error 691: Access was denied because the username and/or password was invalid on the domain. It appears that the PIX is only using the vpdn group with Radius authentication. What are my options? I do not want to switch completely over to IPSEC vpn clients at this point since we have about 200 remote users configured for pptp.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
bstremp Tue, 06/12/2007 - 10:25
User Badges:

PIX 6.x cannot have two (or more) vpdn groups using PPTP. The group name is there to differentiate between protocols (such as between PPTP and L2TP). If you configure more than one PPTP group, the system will always use the first one anyway.

It may possible in PIX 7.x.


This Discussion