Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
397
Views
0
Helpful
1
Replies

no pptp connection

n14nguyen
Level 1
Level 1

‎01-27-2004 05:00 PM - edited ‎03-09-2019 06:14 AM

I am having problem to connecting to my network through the pptp. The dial in is working fine but I am not able to ping any node inside the lan.

Here is the configuration. Thanks for your help ...

access-list 101 permit ip 192.168.168.0 255.255.255.0 192.168.169.0 255.255.255.0

access-list 101 permit ip 192.168.168.0 255.255.255.0 10.0.0.0 255.255.255.0

ip address outside 132.239.255.50 255.255.255.0

ip address inside 192.168.168.1 255.255.255.0

ip local pool mypool 10.0.0.1-10.0.0.50

nat (inside) 0 access-list 101

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) x.x.x.xx.x.168.0 netmask 255.255.255.0 0 0

sysopt connection permit-ipsec

sysopt connection permit-pptp

crypto ipsec transform-set strongsha esp-des esp-sha-hmac

crypto map tosonicwall 20 ipsec-isakmp

crypto map tosonicwall 20 match address 101

crypto map tosonicwall 20 set peer 132.239.20.40

crypto map tosonicwall 20 set transform-set strongsha

crypto map tosonicwall interface outside

isakmp enable outside

isakmp key ******** address x.x.x.40 netmask 255.255.255.0

isakmp identity address

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption des

isakmp policy 20 hash sha

isakmp policy 20 group 2

isakmp policy 20 lifetime 28800

vpdn group 1 accept dialin pptp

vpdn group 1 ppp authentication pap

vpdn group 1 ppp authentication chap

vpdn group 1 ppp authentication mschap

vpdn group 1 ppp encryption mppe 40

vpdn group 1 client configuraton address local mypool

vpdn group 1 pptp echo 60

vpdn group 1 client authentication local

vpdn username cisco password password

Labels:
0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎01-28-2004 05:02 PM

You need to separate your "nat 0" and your "crypto" access-list. You have them both set to ACL 101, which tells the PIX that any traffic from 192.168.168.0, going to your PPTP clients (10.0.0.0), should be encrypted and sent to 132.239.20.40, which is why your PPTP users aren't getting any response.

Do the following:

access-list 102 permit ip 192.168.168.0 255.255.255.0 192.168.169.0 255.255.255.0

crypto map tosonicwall 20 match address 102

Leave the 101 access-list as is, and leave the "nat 0" command as is. This will tell your PIX to only encrypt the traffic that it's supposed to, but to not NAT both the IPSec and the PPTP traffic.

0 Helpful
Customers Also Viewed These Support Documents