Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX PPTP VPN Config

I have a PIX 515 that I have been trying to get a simple PPTP VPN to work on, I must have something wrong in the config.

I can connect and authenticate to outside ip addr but I cannot access anything on the inside net.

If I try to connect to outside global ip I get an error saying that the encryption attempt failed because no valid certificate was found. I have attached the config and there is also a show version in the config. Any help would be greatly appretiated.

3 REPLIES
New Member

Re: PIX PPTP VPN Config

It sounds like your VPN client (built in VPN client with windows, I presume) is trying to make an L2TP connection. In your client, check Properties -> networking -> Type of VPN server I am calling: set it to PPTP. Even if it set to automatic, I have seen where it tries to make an L2TP connection before PPTP and will give you the exact error that you mentioned.

RJ

Anonymous
N/A

Re: PIX PPTP VPN Config

VPN type was set to auto (win200 pro), I changed to pptp. Now I get 'there was no answer' when trying to connect to o/s global ip. I can however still connect successfully to o/s ip, but cannot pass any traffic.

I should be connecting to o/s global - correct? Shouldn't be able to connect to o/s ip - correct?

Silver

Re: PIX PPTP VPN Config

Make sure your client is using 40-bit mppe keying, as you only have 40-bit available on pix config. As a side note the pix 6.3 code can use 128-bit mppe keying for local vpdn users.

Yes, you should be able to connect to the global, not the true ip address of the server.

I also noted two issues with your static:

1. The global ip address matches that of the global (outside) 1 command and that the local is the host 10.100.0.0 because of your netmask. Make sure that the local address is the true ip address of the host, because your quad-255 subnet mask should be used. I would change the global ip on the static.

Let me know if this helps.

91
Views
0
Helpful
3
Replies
CreatePlease login to create content