hi raj,

this is the debug output...

Tnl 27 PPTP: Tunnel created; peer initiated

Tnl 27 PPTP: SCCRQ-ok -> state change wt-sccrq to estabd

Tnl/Cl 27/27 PPTP: l2x store session: tunnel id 27, session id 27, hash_ix=27

Tnl/Cl 27/27 PPTP: vacc-ok -> state change wt-vacc to estabdPPTP mgmt daemon wak

eup, major = 1

Tnl 27 PPTP: timeout -> state change estabd to estabdPPTP mgmt daemon wakeup, ma

jor = 1

Tnl 27 PPTP: timeout -> state change estabd to estabd

Tnl 27 PPTP: timeout -> echo state change Idle to wt-echorp

Tnl 27 PPTP: EchoRP -> state change estabd to estabd

Tnl 27 PPTP: EchoRP -> echo state change wt-echorp to IdlePPTP mgmt daemon wakeu

p, major = 1

Tnl 27 PPTP: timeout -> state change estabd to estabd

Tnl 27 PPTP: timeout -> echo state change Idle to wt-echorp

Tnl 27 PPTP: EchoRP -> state change estabd to estabd

Tnl 27 PPTP: EchoRP -> echo state change wt-echorp to Idle

Tnl/Cl 27/27 PPTP: ClearReq -> state change estabd to terminal

Tnl/Cl 27/27 PPTP: Destroying session

Tnl 27 PPTP: no-sess -> state change estabd to wt-stprp

Tnl 27 PPTP: StopCCRQ -> state change wt-stprp to wt-stprp

Tnl 27 PPTP: Destroy tunnel

and this IS PIX CONFIGURATION:

PIX Configuration

show run

: Saved

:

PIX Version 6.3(3)

interface ethernet0 100full

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password xxx

passwd xxx

hostname pixfirewall

domain-name Sprint

no fixup protocol dns

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol pptp 1723

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

<--- More --->

fixup protocol tftp 69

names

access-list inside_access_in permit ip any any

access-list inside_outbound_nat0_acl permit ip host 10.1.1.2 10.1.1.0 255.255.255.0

access-list outside_access_in permit tcp any any

pager lines 24

logging on

mtu outside 1500

mtu inside 1500

ip address outside 172.16.1.1 255.255.255.0

ip address inside 10.1.1.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

ip local pool sprint 10.1.1.3-10.1.1.254

pdm location 10.1.1.2 255.255.255.255 inside

pdm location 10.1.1.0 255.255.255.0 outside

pdm history enable

arp timeout 14400

nat (inside) 0 access-list inside_outbound_nat0_acl

static (inside,outside) tcp interface 3389 10.1.1.2 3389 netmask 255.255.255.255 0 0

access-group outside_access_in in interface outside

access-group inside_access_in in interface inside

route outside 0.0.0.0 0.0.0.0 172.16.1.1 1

timeout xlate 3:00:00

<--- More --->

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

http server enable

http 10.1.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt connection permit-pptp

sysopt connection permit-l2tp

telnet timeout 5

ssh timeout 5

console timeout 0

vpdn group 1 accept dialin pptp

vpdn group 1 ppp authentication mschap

vpdn group 1 client configuration address local sprint

vpdn group 1 client configuration dns 172.16.1.1

vpdn group 1 pptp echo 60

vpdn group 1 client authentication local

<--- More --->

vpdn username gms password *********

vpdn enable outside

vpdn enable inside

dhcpd address 10.1.1.3-10.1.1.254 inside

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd auto_config outside

dhcpd enable inside

username xxx password xxx

encrypted privilege 2

terminal width 80

Cryptochecksum:xxx

:

end

pixfirewall(config)#

NOTE: i have change the origional IP addresses with 10.1.1.0 and 172.16.1.0.

please let me know if there is any thing wrong.

Devang

Hello devang,

The debug messages does not show any significant error message.. did you do debug vpdn error/packets/events. u can also try debug ppp uauth.. what really happens here ?? is your authentication not happening ? or after authentication, u are not getting IP ??

The config seems kinda OK.. however u can add two things to ur config.. you have added mschap authentication. u can also add pap & chap to make sure you have added the right auth protocols.. vpdn group 1 ppp authentication pap & chap.. u can add these... apart from this, u can also try disabling the fixup protocol for PPTP and try...

Let us know...

Raj

so as per you my configuration is all right...right!!! yes i got connection and then its showing the verification window of username and password... then suddenly i got the error mesag like Remote host(PIX) is not responding... i got the alternetive of it... i used router instad of PIX but still i havent test it on live network i did some testing in my lab using 2651XM with secure ios... and it worked so tomorrow i will test it on live network then will let you know... i will also try your answers for the PIX but whatever router is my temorary solution but i want to get PIX up and running...

actually i had sent you one mail on your id for the preperation guidence of the CCIE and i am still waiting for your respons... any way thanks for your response... i will test and will let you know but just respond me about my configuration of PIX is okay or not...

regards

Devang

hi raj,

now both pix and router configuration is working no problem... one thing i dont understand is PPTP on PIX is not allowing the tunneling through the subnet addresses of my office but its work well from outside network...

anyway thanks a lot for your respons but please reply to my mail so i can think of further...

regards

Devang