Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

PIX 501 PPPOE and VPN Problem

Hi there,

im using 3x PIX 501. The first is the Easy VPN Server an two are Clients.

The Easy VPN Server Pix is connected on an 2Mbit SDSL Access. It uses a PPPoE Dial in Connection.

The Problem:

The Server PIX disconnects the PPPOE Session very often.

My ISP says, that the PIX trys to initiate a second PPP Session, during an running PPP Session. The ISP Radius blocks this Connection attempt and kills the running PPP Sessions after a couple Dialin attempts. After this, the PIX is now able to dial in again. Now everthing is working fine for a couple of hours.

My Suggestion:

Is it possible, that if an VPN Tunnel closes (runnes into an Timeout), the PIX think that the PPPOE Session is down und try to reinitialize a new one?

Can i increase these thimers?

In my logfiles i see following messages:

2006-01-25 04:21:00 Local4.Info Jan 25 2006 04:21:00 myrouter : %PIX-6-603109: Teardown PPPOE Tunnel, tunnel_id = 0, remote_p

eer_ip = 217.5.98.xx

2006-01-25 04:21:00 Local4.Error Jan 25 2006 04:21:00 myrouter : %PIX-3-403503:PPPoE:PPP link down:Peer Terminated

THX for help


Re: PIX 501 PPPOE and VPN Problem

The PPPoE client functionality is turned off by default. To enable the PPPoE client, enter the following command.

ip address ifName pppoe [setroute]

Reenter this command to clear and restart the PPPoE session. The current session will be shut down and a new one will be restarted.

The PPPoE client is only supported on the outside interface of the PIX Firewall. PPPoE is not supported in conjunction with DHCP because with PPPoE the IP address is assigned by PPP. The setroute option causes a default route to be created if no default route exists. The default router will be the address of the access concentrator. The maximum transmission unit (MTU) size is automatically set to 1492 bytes, which is the correct value to allow PPPoE transmission within an Ethernet frame.