Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Unable to connect multiple PPTP clients to remote headend through ASA/PIX


It is not possible to connect multiple Point-to-Point Tunneling Protocol (PPTP) clients through PIX/ASA with Port Address Translation (PAT). In order to connect multiple clients, each client must be assigned a public IP address to get through to the firewall.

You can only have one PPTP connection through the PIX Security Appliance when you use PAT. This is because the necessary generic routing encapsulation (GRE) connection is established over port 0 and the PIX Security Appliance only maps port 0 to one host.

Refer to Permitting PPTP Connections Through The PIX/ASA for more information.

Problem Type

Connectivity through the device

Troubleshoot software feature

Product Family

Firewall - PIX 500 series

VPN - hardware & software clients

ASA Hardware & Software

PIX Software Version

PIX version 6.x

PIX version 7.x

VPN Client Software Version

Point-to-Point Tunneling Protocol (PPTP) client

ASA Software Version




PIX Model

PIX 500 Series Firewall

ASA Models

ASA 5500

ASA 5510

ASA 5520

ASA 5540

VPN Tunnel End Points


Any end point

Features & Tasks

VPN pass-through

VPN Protocols

Point-to-Point Tunneling Protocol (PPTP)

Version history
Revision #:
1 of 1
Last update:
‎06-17-2009 10:16 PM
Updated by:
Labels (1)