Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PPTP VPN Client Config Query for PIX 515E

I have already a functional Cisco VPM client config. I have newly configured the Remote Access PPTP Client config in PIX. I have used MSCHAP with MPE 40 bit encryption. I have also specified the DNS servers of my Network in my config. I am using the exisiting IP Pool being used by Cisco VPN clients. For AAA authentication I am using RADIUS. I am facing a strange problem. Whenever I configure my Windows XP to connect via the VPN configured in Windows, it gets perfectly connected. After getting connected when I check the routing table using the command ROUTE PRINT, I get a favourable O/P (i.e. for my Company's N/W I see an entry whose default gateway is the IP my PC obtains after connecting via VPN, with a metric 1. Also the IP I get from my ISP is the default gateway with metric 2). But when I run NSLOOKUP to check the response of the DNS Servers I get response timeout for all my DNS Servers, i.e. My Company's DNS Servers as well as my ISP's DNS Servers. Due to this I am neither able to connect to my Office resouces nor browse Internet. But after disconnecting from VPN my ISP's DNS Servers start responding. Can some1 tell me the perfect PIX & Windows config for PPTP/L2TP VPN. Thnx in advance.

4 REPLIES
Gold

Re: PPTP VPN Client Config Query for PIX 515E

The below config I have setup in my lab and it work fine for me. Hope it helps you too.

PIX Version 6.3(1)

fixup protocol pptp 1723

access-list pptp permit ip 1.0.x.0 255.255.255.0 192.x.x.0 255.255.255.240

ip local pool pptp_dial_in 192.x.x.1-192.x.x.10

nat (inside) 0 access-list pptp

sysopt connection permit-pptp

vpdn group PPTP-VPDN-GROUP accept dialin pptp

vpdn group PPTP-VPDN-GROUP ppp authentication chap

vpdn group PPTP-VPDN-GROUP ppp authentication mschap

vpdn group PPTP-VPDN-GROUP ppp encryption mppe auto

vpdn group PPTP-VPDN-GROUP client configuration address local pptp_dial_in

vpdn group PPTP-VPDN-GROUP client configuration dns

vpdn group PPTP-VPDN-GROUP client configuration wins

vpdn group PPTP-VPDN-GROUP pptp echo 60

vpdn group PPTP-VPDN-GROUP client authentication local

vpdn username password

vpdn enable outside

Jay

New Member

Re: PPTP VPN Client Config Query for PIX 515E

Thnx 4 ur help. I compared ur config with mine & d only thing I had missed out is "fixup protocol pptp 1723". Also I use RADIUS authentication rather than local database. Another thing which I wanted 2 tell u is tht u dont require 2 define tht access list as u have already specified SYSOPT for PPTP traffic (I guess Im rite).

Currently even after doing fixup for PPTP I c sum error on my PIX syslog. I am attaching the screenshot 4 d same. The IP addresses being half erased r my 2 DNS Server IP's. These r d requests which r getting blocked by my Firewall 4 DNS requests.

New Member

Re: PPTP VPN Client Config Query for PIX 515E

Sorry 4 d statement "Another thing which I wanted 2 tell u is tht u dont require 2 define tht access list as u have already specified SYSOPT for PPTP traffic (I guess Im rite)". I got confused with something else. I do have a similar access-list & applied to nat(inside) 0. Now infact I have enabled all d authentication protocols (PAP,CHAP,MSCHAP), as 1 of d Cisco docs tells 2 do so. It says d system will negiotiate d best protocol. But still Im getting d same problems mentioned above.

New Member

Re: PPTP VPN Client Config Query for PIX 515E

My issue is still not resolved. Plz find attached my config 4 reference. Tell me where I'm wrong.

193
Views
0
Helpful
4
Replies
CreatePlease login to create content