pptp pb

lyes.ouarti · ‎05-21-2004

hi, i tried to configure a vpn in my pix 515 with pptp,

i have already configured a pix to pix vpn and it works properly,(ipsec)

i want to add another vpn to access my network from home.

so here is the config in my pix for pptp:

ip local pool mypool 192.168.3.1-192.168.3.10

vpdn username user1 password password1

vpdn username user2 password password2

vpdn group 1 accept dialin pptp

vpdn group 1 ppp authentication mschap

vpdn group 1 client authentication local

vpdn group 1 client configuration address local mypool

vpdn enable outside

sysopt connection permit-pptp

when i go to my client window2000 i try to connect, my computer find the pix and try to authenticate, and when i do a shwo vpdn on my pix i see the client trying to authenticate but suddenly my computer disply an error 721?

could any one help me please?

thanks!!

ehirsel · ‎05-21-2004

What version of the pix code are you running? The client may be wanting to use 128-bit mppe encryption, but the pix code lower than ver 6.3 won't support local accounts if mppe is 128-bit.

You are missing this statement: vpdn group 1 ppp encryption mppe (40 | 128 | auto {required} ) if you want to use mppe. The pix ver 6.3 code can support local authen using 128-bit mppe encryption.

If you do not want encry for this test, insure that the ms win client is set to use any authen including cleartext.

Also, insure that the pptp client pool is not part of the same subnet that the ipsec client pool uses. IE. If the ipsec pool is using 192.168.3.11-.20 for example and you have a crypto map that has an acl net dest of 192.168.3.0/24 then the pix may send the data to the client over ipsec instead of pptp.

I hope this helps.

lyes.ouarti · ‎05-22-2004

hi,

i dont want to put encryption, and my windows is properly configured.

and nothing is wrong with my pool.

it's a mistery.