I have successfully, or so I though, set up my PIX 506 (6.1) to use our WIn2k Radius server to authenticate PPTP sessions. I can authenticate fine, but I don't seem to be able to actually use anything remotely. My suspicion is that when I look at the details of the VPN connection (XP Pro), the remote server address is the outside address of the PIX. I ususally do this sort of set up passing the PPTP traffic through to a win2k radius client, in which case the address is an internal address of that server, not this external address. But, I am not so sure that is even the problem, as my pings go timed out. Any ideas?
Another thing you should try is to disable the MPPE encryption, see it will be working fine or not. If you encryption type you configed in the W2k Radius server not matching the encryption type you put in the PIX, it wil not be able to pass any traffic.
I've got the MPPE set to auto. I see what you are saying about the no nat on the ip pool and have done so. But I am not sure that it is working. I have one access-list for my internal user, which is combined with a group bound to the interface. But i have put in this second access-list which is not grouped with any interface, because it can't. Is this right? I will post the config fo the VPN below. Thanks PS: I don't have a cco login to check out that link
access-list nonat permit ip 10.10.10.0 255.255.255.0 192.168.50.0 255.255.255.0
ip local pool pptp-pool 192.168.50.1-192.168.50.10
Ignore all that. I got it working. I had to enable the use remote gateway feature in the client in order for the pix to send it the gateway. Is there not way around this??? I'll post a seperate topic on this VPDN command.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :