You can only have one PPTP connection through the PIX Security Appliance when you use PAT. This is because the necessary GRE connection is established over port 0 and the PIX Security Appliance only maps port 0 to one host."
Is this just an old, out-of-date piece of info or is this still an issue even with PIX v6.3 and later? I have other clients using PPTP through a PIX and I'm sure they have multiple simultaneous connections through it to a MS RAS server.
If the PPTP clients are on the outside and the PPTP server is on the inside, then the server will need a one-to-one static entry in the PIX and the appropriate protocols allowed in. Once that's done, then you should be able to get multiple connections going.
If however, the PPTP clients are inside and the PPTP server is outside, and you're doing PAT on the PIX (using a nat/global pair), then that get's a bit harder. PPTP is not a TCP or UDP based protocol, and hence the PIX can't PAT it properly because there is no TCP/UDP port number to use.
If you assign each internal PPTP client a one-to-one static translation, then again this will work properly, but this means you need a valid global IP address for each client.
V6.3 code of the PIX does include support for PAT for PPTP, where it uses the tunnel-id parameter within the GRE packet as the port number for PAT'ing.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :