Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

no pptp connection

I am having problem to connecting to my network through the pptp. The dial in is working fine but I am not able to ping any node inside the lan.

Here is the configuration. Thanks for your help ...

access-list 101 permit ip 192.168.168.0 255.255.255.0 192.168.169.0 255.255.255.0

access-list 101 permit ip 192.168.168.0 255.255.255.0 10.0.0.0 255.255.255.0

ip address outside 132.239.255.50 255.255.255.0

ip address inside 192.168.168.1 255.255.255.0

ip local pool mypool 10.0.0.1-10.0.0.50

nat (inside) 0 access-list 101

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) x.x.x.xx.x.168.0 netmask 255.255.255.0 0 0

sysopt connection permit-ipsec

sysopt connection permit-pptp

crypto ipsec transform-set strongsha esp-des esp-sha-hmac

crypto map tosonicwall 20 ipsec-isakmp

crypto map tosonicwall 20 match address 101

crypto map tosonicwall 20 set peer 132.239.20.40

crypto map tosonicwall 20 set transform-set strongsha

crypto map tosonicwall interface outside

isakmp enable outside

isakmp key ******** address x.x.x.40 netmask 255.255.255.0

isakmp identity address

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption des

isakmp policy 20 hash sha

isakmp policy 20 group 2

isakmp policy 20 lifetime 28800

vpdn group 1 accept dialin pptp

vpdn group 1 ppp authentication pap

vpdn group 1 ppp authentication chap

vpdn group 1 ppp authentication mschap

vpdn group 1 ppp encryption mppe 40

vpdn group 1 client configuraton address local mypool

vpdn group 1 pptp echo 60

vpdn group 1 client authentication local

vpdn username cisco password password

1 REPLY
Cisco Employee

Re: no pptp connection

You need to separate your "nat 0" and your "crypto" access-list. You have them both set to ACL 101, which tells the PIX that any traffic from 192.168.168.0, going to your PPTP clients (10.0.0.0), should be encrypted and sent to 132.239.20.40, which is why your PPTP users aren't getting any response.

Do the following:

access-list 102 permit ip 192.168.168.0 255.255.255.0 192.168.169.0 255.255.255.0

crypto map tosonicwall 20 match address 102

Leave the 101 access-list as is, and leave the "nat 0" command as is. This will tell your PIX to only encrypt the traffic that it's supposed to, but to not NAT both the IPSec and the PPTP traffic.

91
Views
0
Helpful
1
Replies