Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

no pptp connection

I am having problem to connecting to my network through the pptp. The dial in is working fine but I am not able to ping any node inside the lan.

Here is the configuration. Thanks for your help ...

access-list 101 permit ip

access-list 101 permit ip

ip address outside

ip address inside

ip local pool mypool

nat (inside) 0 access-list 101

nat (inside) 1 0 0

static (inside,outside) x.x.x.xx.x.168.0 netmask 0 0

sysopt connection permit-ipsec

sysopt connection permit-pptp

crypto ipsec transform-set strongsha esp-des esp-sha-hmac

crypto map tosonicwall 20 ipsec-isakmp

crypto map tosonicwall 20 match address 101

crypto map tosonicwall 20 set peer

crypto map tosonicwall 20 set transform-set strongsha

crypto map tosonicwall interface outside

isakmp enable outside

isakmp key ******** address x.x.x.40 netmask

isakmp identity address

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption des

isakmp policy 20 hash sha

isakmp policy 20 group 2

isakmp policy 20 lifetime 28800

vpdn group 1 accept dialin pptp

vpdn group 1 ppp authentication pap

vpdn group 1 ppp authentication chap

vpdn group 1 ppp authentication mschap

vpdn group 1 ppp encryption mppe 40

vpdn group 1 client configuraton address local mypool

vpdn group 1 pptp echo 60

vpdn group 1 client authentication local

vpdn username cisco password password

Cisco Employee

Re: no pptp connection

You need to separate your "nat 0" and your "crypto" access-list. You have them both set to ACL 101, which tells the PIX that any traffic from, going to your PPTP clients (, should be encrypted and sent to, which is why your PPTP users aren't getting any response.

Do the following:

access-list 102 permit ip

crypto map tosonicwall 20 match address 102

Leave the 101 access-list as is, and leave the "nat 0" command as is. This will tell your PIX to only encrypt the traffic that it's supposed to, but to not NAT both the IPSec and the PPTP traffic.