Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Does pix 515 support more than one pptp vpdn group: radius and local auth?

PIX 515 (ver 6.5 IOS) with pptp vpdn with Radius auth. Want to add second pptp vpdn group, but with local auth.

Here is the debug vpdn event output when I tried to connect with a local "innfinity" account:

Tnl 593 PPTP: Tunnel created; peer initiated

Tnl 593 PPTP: SCCRQ-ok -> state change wt-sccrq to estabd

Tnl/Cl 593/589 PPTP: l2x store session: tunnel id 593, session id 589, hash_ix=589

Tnl/Cl 593/589 PPTP: vacc-ok -> state change wt-vacc to estabd

Tnl 593 PPTP: StopCCRQ -> state change estabd to terminal

Tnl 593 PPTP: Destroy tunnel

innfinityTnl/Cl 593/589 PPTP: Destroying session

However, on the XP box I get Error 691: Access was denied because the username and/or password was invalid on the domain. It appears that the PIX is only using the vpdn group with Radius authentication. What are my options? I do not want to switch completely over to IPSEC vpn clients at this point since we have about 200 remote users configured for pptp.

Community Member

Re: Does pix 515 support more than one pptp vpdn group: radius a

PIX 6.x cannot have two (or more) vpdn groups using PPTP. The group name is there to differentiate between protocols (such as between PPTP and L2TP). If you configure more than one PPTP group, the system will always use the first one anyway.

It may possible in PIX 7.x.

CreatePlease to create content