Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

The sample from Cisco is not working

New Member

Re: The sample from Cisco is not working

I'm trying to implement PPTP client and Cisco VPN IPSEC client together.It just cannot comunication thru the network once co-exist.

This is the sample from Cisco website,anybody try it before? as I'm using latest version 6.3

PIX Version 5.2(3)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password xxxxxx encrypted

passwd xxxxxxencrypted

hostname goss-515A

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 1720

fixup protocol rsh 514

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060


access-list 101 permit ip

pager lines 24

logging on

no logging timestamp

no logging standby

no logging console

no logging monitor

no logging buffered

no logging trap

no logging history

logging facility 20

logging queue 512

interface ethernet0 auto

interface ethernet1 auto

mtu outside 1500

mtu inside 1500

ip address outside

ip address inside

ip audit info action alarm

ip audit attack action alarm

ip local pool bigpool

no failover

failover timeout 0:00:00

failover poll 15

failover ip address outside

failover ip address inside

arp timeout 14400

nat (inside) 0 access-list 101

route outside 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00

h323 0:05:00 sip 0:30:00

sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt connection permit-ipsec

sysopt connection permit-pptp

no sysopt route dnat

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto dynamic-map dynmap 10 set transform-set myset

crypto map mymap 10 ipsec-isakmp dynamic dynmap

crypto map mymap client configuration address initiate

crypto map mymap client configuration address respond

crypto map mymap interface outside

isakmp enable outside

!--- CiscoSecure_VPNClient_key.

isakmp key ******** address netmask

isakmp identity address

isakmp client configuration address-pool local bigpool outside

!--- ISAKMP Policy for Cisco VPN Client 2.5 or

!--- CiscoSecure VPN Client 1.1.

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption des

isakmp policy 10 hash md5

!--- The 1.1 and 2.5 clients use Diffie-Hellman (D-H)

!--- group 1 policy (PIX default).

isakmp policy 10 group 1

isakmp policy 10 lifetime 86400


!--- ISAKMP Policy for VPN Client 3.0.

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption des

isakmp policy 20 hash md5

!--- The 3.0 clients use D-H group 2 policy

!--- and PIX 6.0 code.

isakmp policy 20 group 2

isakmp policy 20 lifetime 86400

vpngroup vpn3000-all address-pool bigpool

vpngroup vpn3000-all dns-server

vpngroup vpn3000-all wins-server

vpngroup vpn3000-all default-domain password

vpngroup vpn3000-all idle-time 1800

!--- VPN 3000 group_name and group_password.

vpngroup vpn3000-all password ********

telnet timeout 5

ssh timeout 5

vpdn group 1 accept dialin pptp

vpdn group 1 ppp authentication pap

vpdn group 1 ppp authentication chap

vpdn group 1 ppp authentication mschap

vpdn group 1 ppp encryption mppe auto

vpdn group 1 client configuration address local bigpool

vpdn group 1 client authentication local

!--- PPTP username and password.

vpdn username x password x

vpdn enable outside

terminal width 80