PPTP stopped working on PIX 515

dadams · ‎06-06-2002

We have had PPTP working for several months on a PIX 515 pair up until last Wednesday. Since that time no one has been able to connect via PPTP. Cisco VPN 3.x clients are working OK. As far as I can see, no changes have been made to the PIX config in the last few months that would cause this. Our PPTP config is below:

ip local pool pptppool 10.0.253.1-10.0.253.254

sysopt connection permit-pptp

vpdn group 1 accept dialin pptp

vpdn group 1 ppp authentication pap

vpdn group 1 ppp authentication chap

vpdn group 1 ppp authentication mschap

vpdn group 1 ppp encryption mppe 40

vpdn group 1 client configuration address local pptppool

vpdn group 1 client configuration wins x.x.x.x y.y.y.y

vpdn group 1 pptp echo 60

vpdn group 1 client authentication local

vpdn username aaaa password ****

vpdn username DOMAIN1\aaaa password ****

vpdn enable outside

vijkrish · ‎06-10-2002

Try enabling debugs as described in :

http://www.cisco.com/warp/customer/110/pptppix.html

and see / compare where things are failing with your setup.

dadams · ‎06-10-2002

We did enable debugs but were unable to see anything when monitoring a telnet session. We finally did a failover to our secondary, re-booted the primary, then did a fail back to the primary; after this, PPTP worked fine on the primary. What would cause the PIX to stop passing PPTP? No changes were made to the config.

vijkrish · ‎06-12-2002

SSH, PPTP debugs only show up on serial console. Unsure why it did not work until you had to do a failover. If you can reproduce this, then contact TAC.