Cisco PIX 515E, UR License but only allowing 125 Concurrent PPTP Connexions

Unanswered Question
Sep 17th, 2007
User Badges:


I'm having trouble with the VPN configuration of my Cisco PIX 515E Firewall.

I have a UR license which allows 2000 concurrent PPTP connections, but for some reason its stopping at 125.

Once it has reached 125, and other VPN connectins are attempted, i get the following error in my syslog.

"09-17-2007 13:35:44 Local0.Error %PIX-3-213001: PPTP control daemon socket io accept error, errno = 5"

We have tried replacing the hardware and we get the same issue. The only thing that has stayed consistant throughout is the configuration, so this has let me to believe that my config is wrong. Any help would be greatly appreciated.



David Prince

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Danilo Dy Wed, 10/03/2007 - 06:42
User Badges:
  • Blue, 1500 points or more


There is a bug found in the folowing versions;




They are supposed to be fixed in the following versions;




The bugs says "PIX firewall configured as a PPTP gateway may stop accepting new PPTP client connections"

Although your IOS 6.3(5) is one of the listed that fixed the bug. It would'nt hurt to upgrade it if it's doable. The stable version is 7.2(2).



tbsciscopix Wed, 10/03/2007 - 06:58
User Badges:

CSCeg07701 Yes pptp stops accepting new connections: tcp listening socked

The release notes state that this problem has been resolved in this version of IOS. Is this correct?

Danilo Dy Wed, 10/03/2007 - 07:19
User Badges:
  • Blue, 1500 points or more


Yes, it should be. I didn't see any problem with your config and your licensing. Maybe others could find something that I may not seen.

In my experience, I've discovered two bugs myself in separate occasions in the same router which the version its running supposed to have fixed the bug earlier or it's not mentioned in its caveats.

Whenever I have a problem that defies logic and the config and/or infrastructure/architecture is too simple to have resulted to that problem. I turn to upgrading the IOS to latest stable version, whether there is a bug announced or not - you can't wait for them to announce it, they are human also. So far, this approached fixed my problems 9 out of 10 :) - the one that I missed is something to do with Oracle which the DBA hide some information from me :)



tbsciscopix Wed, 10/03/2007 - 07:24
User Badges:

I agree, upgrading would be a far more effective fix. Although before we do upgrade, we would have to look at moving over to L2TP as later versions of the IOS dont support PPTP (for good reason).

We did get word back from cisco developers regarding this matter, and they stated that it was an undocumented limitation. I find that hard to believe as all the documents state 2000 concurrent PPTP VPN connections.

Danilo Dy Wed, 10/03/2007 - 07:36
User Badges:
  • Blue, 1500 points or more


The document doesn't mentioned PPTP. It does mentioned VPN but not specifically PPTP.

I may be reading different document though :)



tbsciscopix Wed, 10/03/2007 - 07:47
User Badges:

Yes, it also mentions 2000 IKE associations, which relates to both PPTP and L2TP.


This Discussion