03-22-2006 09:46 AM - edited 02-21-2020 12:47 AM
Hi have a small issue with my pptp vpn connection. I followed the instructions as seen on http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080143a5d.shtml
the problem I have is that after the PPTP connects to the pix I cannot see any machines on the pix side and vice versa. here is my config:
access-list nonat permit ip 10.10.24.0 255.255.255.0 10.10.25.0 255.255.255.0
pager lines 24
logging on
logging monitor informational
logging history informational
mtu outside 1500
mtu inside 1500
ip address outside 66.x.x.x.255.255.240
ip address inside 10.10.24.3 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool my-addr-pool 10.10.25.10-10.10.25.20
pdm history enable
arp timeout 14400
nat (inside) 0 access-list nonat
route outside 0.0.0.0 0.0.0.0 66.29.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
sysopt connection permit-pptp
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group 1 accept dialin pptp
vpdn group 1 ppp authentication mschap
vpdn group 1 ppp encryption mppe auto
vpdn group 1 client configuration address local my-addr-pool
vpdn group 1 client configuration dns 34.x.x.1
vpdn group 1 pptp echo 60
vpdn group 1 client authentication local
vpdn username client1 password *******
vpdn enable outside
terminal width 80
03-23-2006 04:38 AM
Have you got fixup enabled for pptp, if not can you enable this in config mode:
fixup protocol pptp 1723
Jay
03-24-2006 07:12 PM
I have never used pptp but I discovered the command "isakmp nat-traversal 20" when I could not see my computer on the local side of the pix when I was attempting a connection behind another firewall.
If I had a public IP address my access worked without this command.
Good luck.
Kevin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide