Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
297
Views
0
Helpful
1
Replies

Does pix 515 support more than one pptp vpdn group: radius and local auth?

murray-davis
Level 1
Level 1

‎06-06-2007 11:55 AM - edited ‎03-11-2019 03:26 AM

PIX 515 (ver 6.5 IOS) with pptp vpdn with Radius auth. Want to add second pptp vpdn group, but with local auth.

Here is the debug vpdn event output when I tried to connect with a local "innfinity" account:

Tnl 593 PPTP: Tunnel created; peer initiated

Tnl 593 PPTP: SCCRQ-ok -> state change wt-sccrq to estabd

Tnl/Cl 593/589 PPTP: l2x store session: tunnel id 593, session id 589, hash_ix=589

Tnl/Cl 593/589 PPTP: vacc-ok -> state change wt-vacc to estabd

Tnl 593 PPTP: StopCCRQ -> state change estabd to terminal

Tnl 593 PPTP: Destroy tunnel

innfinityTnl/Cl 593/589 PPTP: Destroying session

However, on the XP box I get Error 691: Access was denied because the username and/or password was invalid on the domain. It appears that the PIX is only using the vpdn group with Radius authentication. What are my options? I do not want to switch completely over to IPSEC vpn clients at this point since we have about 200 remote users configured for pptp.

Labels:
0 Helpful
1 Reply 1

bstremp
Level 2
Level 2

‎06-12-2007 10:25 AM

PIX 6.x cannot have two (or more) vpdn groups using PPTP. The group name is there to differentiate between protocols (such as between PPTP and L2TP). If you configure more than one PPTP group, the system will always use the first one anyway.

It may possible in PIX 7.x.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card