PPTP and Cisco VPN client on same PIX 515e?

Unanswered Question
Feb 29th, 2008
User Badges:

I've only setup Cisco VPN remote client access on PIX 515e's...and am just wondering if you are also able to setup windows PPTP on the same PIX 515e that is setup for Cisco VPN client access? thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
JORGE RODRIGUEZ Sun, 03/02/2008 - 14:48
User Badges:
  • Green, 3000 points or more

Vince,


Unfortunately PIX does not terminate PPTP like it does with Cisco VPN concentrators, however, L2TP over Ipsec is supportted where you can still use the Macrosoft PPTP vpn client, personally I have not implemented L2TP as we have VPN concentrators for both Cisco VPN client users and Microsoft PPTP clients but if you read the bellow links you can implement L2TP over Ipsec. PIX/ASA will be configured for L2TP for remote access, your PPTP clients can use the native VPN client which will be specified in PPTP properties indicated by type of VPN L2TP over Ipsec


Configuring L2TP over Ipsec ( Code 7.x-8.x )


http://www.cisco.com/en/US/docs/security/asa/asa72/asdm52/selected_procedures/asdml2tp.html


Same as above using code 6.x

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800942ad.shtml



Rgds

Jorge


sarat1317 Mon, 03/03/2008 - 06:22
User Badges:

PIX does support MS PPTP VPN. I have a pix configured for that.


I dont see any issue if we can implement along with VPN client. I just tried configuring VPN client yesterday on the pix which I already have PPTP and did not work. But I believe that is something to do with my encryption and auth settings which I see from the debug messages. I am still working on it.


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080143a5d.shtml


ip local pool vpn-clients 192.168.1.10-192.168.1.50

access-list inside_nonat_outbound permit ip 10.10.10.0 255.255.255.0 192.168.1.0 255.255.255.0

sysopt connection permit-pptp

vpdn group 1 accept dialin pptp

vpdn group 1 ppp authentication pap

vpdn group 1 ppp authentication chap

vpdn group 1 ppp authentication mschap

vpdn group 1 ppp encryption mppe auto

vpdn group 1 client configuration address local vpn-clients

vpdn group 1 client configuration dns x.x.x.x

vpdn group 1 pptp echo 300

vpdn group 1 client authentication local

vpdn username cisco password ciscotac

vpdn enable outside


I am running 6.3(5) version and I think ASA does not support PPTP.


Please rate if that helps


Thanks

Sarat

Actions

This Discussion