PPPoe and PPTP VPN on PIX501

lpaster · ‎07-24-2003

Is there a way to configure PPTP VPN over PPPoE DSL connection on PIX501 ?

a cisco tech engineer says it is possible on pix, but no reference/docs are available.

actually cisco docs say it is NOT possible on pix 6.2. see:

is there a way to do it?

I tried VPN wizard for PPTP and got the following message on the PIX:

[OK] vpdn group PPTP-VPDN-GROUP accept dialin pptp

[OK] vpdn group PPTP-VPDN-GROUP ppp authentication pap

[OK] vpdn group PPTP-VPDN-GROUP ppp authentication chap

[OK] vpdn group PPTP-VPDN-GROUP ppp authentication mschap

[OK] vpdn group PPTP-VPDN-GROUP client authentication local

[OK] ip local pool VPNPool01 10.100.100.200-10.100.100.220

[OK] vpdn group PPTP-VPDN-GROUP client configuration address local VPNPool01

[OK] vpdn group PPTP-VPDN-GROUP ppp encryption mppe auto required

[ERR] vpdn enable outside

Can not enable vpdn on the same interface as PPPoE.

Command failed

access-list inside_outbound_nat0_acl permit ip any 10.100.100.192 255.255.255.224

nat (inside) 0 access-list inside_outbound_nat0_acl

sysopt connection permit-pptp

gfullage · ‎07-24-2003

The documentation you reference is correct, you can't enable the PPTP server on a PIX that is getting its address via PPPoE.

If you want to create a VPN to this PIX then it'll have to be an IPSec VPN, not a PPTP one.

lpaster · ‎07-25-2003

so can I create an IPSec VPN with cisco VPN client, or only as fixed tunnel with PIX-PIX IPSec?

and is there any idea if PPTP will be enabled on pix501 with pppoe in the future?