×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

PPPoE and PPTP

Unanswered Question
afakhan Fri, 03/07/2003 - 14:54
User Badges:
  • Bronze, 100 points or more

Hi,


IOS and PIX both can be configured as PPTP servers, even if your outside Internet connection is based on PPPoE(ie ADSL).


If you want to encrypt GRE tunnels, then you should use IPSec.


Thanks,

Afaq

lpaster Wed, 07/23/2003 - 13:58
User Badges:

I have Verizon DSL (PPPoe) connected to my PIX501 ver 6.2.2 PDM 2.0.2.

I had to disable vpdn on outside interface on the PIX otherwise PPPoe wouldn't work (it can't have both PPPoe and vpdn on same interface accoring to the PIX error message).


does that mean that I can't access the PIX501 with PPTP VPN anymore?


is there any other VPN method I can use from remote mobile clients?

lpaster Thu, 07/24/2003 - 07:13
User Badges:

cisco docs say it is NOT possible on pix 6.2. see:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00801055dd.shtml


but is there a way to do it?

I tried VPN wizard for PPTP and got the following message on the PIX:


[OK] vpdn group PPTP-VPDN-GROUP accept dialin pptp

[OK] vpdn group PPTP-VPDN-GROUP ppp authentication pap

[OK] vpdn group PPTP-VPDN-GROUP ppp authentication chap

[OK] vpdn group PPTP-VPDN-GROUP ppp authentication mschap

[OK] vpdn group PPTP-VPDN-GROUP client authentication local

[OK] ip local pool VPNPool01 10.100.100.200-10.100.100.220

[OK] vpdn group PPTP-VPDN-GROUP client configuration address local VPNPool01

[OK] vpdn group PPTP-VPDN-GROUP ppp encryption mppe auto required

[ERR] vpdn enable outside

Can not enable vpdn on the same interface as PPPoE.

Command failed


access-list inside_outbound_nat0_acl permit ip any 10.100.100.192 255.255.255.224

nat (inside) 0 access-list inside_outbound_nat0_acl

sysopt connection permit-pptp



Actions

This Discussion