Resolution
It is not possible to connect multiple Point-to-Point Tunneling Protocol (PPTP) clients through PIX/ASA with Port Address Translation (PAT). In order to connect multiple clients, each client must be assigned a public IP address to get through to the firewall.
You can only have one PPTP connection through the PIX Security Appliance when you use PAT. This is because the necessary generic routing encapsulation (GRE) connection is established over port 0 and the PIX Security Appliance only maps port 0 to one host.
Refer to Permitting PPTP Connections Through The PIX/ASA for more information.
Problem Type
Connectivity through the device
Troubleshoot software feature
Product Family
Firewall - PIX 500 series
VPN - hardware & software clients
ASA Hardware & Software
PIX Software Version
PIX version 6.x
PIX version 7.x
VPN Client Software Version
Point-to-Point Tunneling Protocol (PPTP) client
ASA Software Version
7.0
7.1
7.2
PIX Model
PIX 500 Series Firewall
ASA Models
ASA 5500
ASA 5510
ASA 5520
ASA 5540
VPN Tunnel End Points
Client
Any end point
Features & Tasks
VPN pass-through
VPN Protocols
Point-to-Point Tunneling Protocol (PPTP)