PPTP Problem

Unanswered Question
Feb 18th, 2008
User Badges:

Basically we have a remote office and we from there we have a ADSL line. We configured Microsoft PPTP VPN to connect to our Head Office. We have PIX 525 at our head office which is terminating the VPN connections. The problem is we are not able to establish a multiple VPN session, only one machine can connect and the others are not.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
abinjola Mon, 02/18/2008 - 11:15
User Badges:
  • Cisco Employee,

is this PPTP terminating on Pix ?

Can you paste the config here

cisco24x7 Mon, 02/18/2008 - 11:22
User Badges:
  • Silver, 250 points or more

that's how PPTP works especially if your

windows PPTP machines are behind a "hide"

or "PAT" device. Use static nat 1-to-1

if you want multiple windows machine to

connect to your Pix via pptp.


CCIE Security

renato.berana Mon, 02/18/2008 - 19:56
User Badges:

VPN is terminated on a PIX 525 FW.


Is there any work around to solve this issue aside from using 1-to-1 NAT? How about using Cisco VPN client?

cisco24x7 Mon, 02/18/2008 - 20:33
User Badges:
  • Silver, 250 points or more

With Cisco VPN client, I think it is possible

because if you enable NAT-T (aka udp-4500),

in theory, it should work with multiple

VPN client machine behind a "hide" NAT or

"PAT" device because it's UDP. However,

I've never tried it because I never have to

implement it in a production environment.


Problem with PPTP is that you have to pass

both GRE and tcp port 1723 and GRE is the one

causing problem for multiple clients behind

a PAT device.


CCIE Security

renato.berana Mon, 02/18/2008 - 20:26
User Badges:

Hi cisco24x7, We tested it using Leased Line and all clients are able to establish a VPN connection simultaneously.

Actions

This Discussion