02-29-2008 08:31 AM - edited 02-21-2020 03:35 PM
I've only setup Cisco VPN remote client access on PIX 515e's...and am just wondering if you are also able to setup windows PPTP on the same PIX 515e that is setup for Cisco VPN client access? thanks!
03-02-2008 02:48 PM
Vince,
Unfortunately PIX does not terminate PPTP like it does with Cisco VPN concentrators, however, L2TP over Ipsec is supportted where you can still use the Macrosoft PPTP vpn client, personally I have not implemented L2TP as we have VPN concentrators for both Cisco VPN client users and Microsoft PPTP clients but if you read the bellow links you can implement L2TP over Ipsec. PIX/ASA will be configured for L2TP for remote access, your PPTP clients can use the native VPN client which will be specified in PPTP properties indicated by type of VPN L2TP over Ipsec
Configuring L2TP over Ipsec ( Code 7.x-8.x )
http://www.cisco.com/en/US/docs/security/asa/asa72/asdm52/selected_procedures/asdml2tp.html
Same as above using code 6.x
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800942ad.shtml
Rgds
Jorge
03-03-2008 06:22 AM
PIX does support MS PPTP VPN. I have a pix configured for that.
I dont see any issue if we can implement along with VPN client. I just tried configuring VPN client yesterday on the pix which I already have PPTP and did not work. But I believe that is something to do with my encryption and auth settings which I see from the debug messages. I am still working on it.
ip local pool vpn-clients 192.168.1.10-192.168.1.50
access-list inside_nonat_outbound permit ip 10.10.10.0 255.255.255.0 192.168.1.0 255.255.255.0
sysopt connection permit-pptp
vpdn group 1 accept dialin pptp
vpdn group 1 ppp authentication pap
vpdn group 1 ppp authentication chap
vpdn group 1 ppp authentication mschap
vpdn group 1 ppp encryption mppe auto
vpdn group 1 client configuration address local vpn-clients
vpdn group 1 client configuration dns x.x.x.x
vpdn group 1 pptp echo 300
vpdn group 1 client authentication local
vpdn username cisco password ciscotac
vpdn enable outside
I am running 6.3(5) version and I think ASA does not support PPTP.
Please rate if that helps
Thanks
Sarat
03-03-2008 11:13 AM
Hello,
7.x and later don't support PPTP. 6.3(5) does :)
Gr,
Dennis
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: