Core issue

The PIX is not configured properly to allow Point-to-Point Tunneling Protocol (PPTP) connections, or the authentication is failing.

Resolution

1. Verify that the following commands are in the PIX configuration.

   ip local pool pool_name pool_start-address[-pool_end-address] sysopt connection permit-pptp vpdn group group_name accept dialin pptp vpdn group group_name ppp authentication pap  vpdn group group_name ppp authentication chap  vpdn group group_name ppp authentication mschap  vpdn group group_name client configuration address local address_pool_name vpdn enable outside vpdn group group_name client authentication local vpdn username username password password

2. Verify that the following command is not in the PIX configuration.

   vpdn group group_name ppp encryption mppe auto

3. Turn on debug using the debug vpdn event command, and verify that you can still connect with the local username.
4. Add the following commands.

   aaa-server server_group_name protocol radius|tacacs+ aaa-server server_group_name host ip_address key timeout 5

5. Use the vpdn group group_name client authentication aaa server_group_name command to change the authentication to point to the authentication server.
6. Turn on the debug ppp uauth command and try to make the connection.

For more information about these commands, see Cisco Secure PIX Firewall Command References.