Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
492
Views
0
Helpful
3
Replies

VPN Problems

joneschw1
Level 1
Level 1

‎12-03-2004 11:17 AM - edited ‎02-21-2020 01:29 PM

Hi all, I am having 2 issues with the vpn. I have a pix501 6.3.4 and am using the Microsoft pptp vpn native to Windows XP (standard settings).

1. When I uncheck the use remote gateway on the tcp properties of the vpn connection, I can no longer get to any internal resources. When it is checked, it works, but I can't surf the internet.

2. When it is working, the connection is extremely slow to access files on the network. I manage a couple other 501s and am not seeing the same issues. Please help. Config posted below:

hostname company-PIX501

domain-name company.local

fixup protocol dns maximum-length 2000

fixup protocol pptp 1723

names

name 192.168.21.4 blackberry

name 48.x.x.83 smallbiz

access-list outside_in deny ip 0.0.0.0 255.0.0.0 any

access-list outside_in deny ip 10.0.0.0 255.0.0.0 any

access-list outside_in deny ip 127.0.0.0 255.0.0.0 any

access-list outside_in deny ip 172.16.0.0 255.240.0.0 any

access-list outside_in deny ip 192.168.0.0 255.255.0.0 any

access-list outside_in deny ip 224.0.0.0 224.0.0.0 any

access-list outside_in permit tcp any host smallbiz eq https

access-list outside_in permit tcp any host smallbiz eq smtp

access-list outside_in permit tcp any host smallbiz eq pop3

access-list outside_in permit tcp any host smallbiz eq 3389

access-list outside_in permit icmp any any echo-reply

access-list ping-acl permit icmp any any

access-list 101 permit ip 192.168.21.0 255.255.255.0 192.168.34.0 255.255.255.0

pager lines 24

mtu outside 1500

mtu inside 1500

ip address outside 48.21.x.x.x.255.240

ip address inside 192.168.21.1 255.255.255.0

ip local pool pptp-vpdn 192.168.34.1-192.168.34.30

arp timeout 14400

global (outside) 1 48.x.x.x.21.44.91

global (outside) 1 48.x.x.93

nat (inside) 0 access-list 101

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) smallbiz 192.168.21.3 netmask 255.255.255.255 0 0

static (inside,outside) 48.x.x.84 blackberry netmask 255.255.255.255 0 0

access-group outside_in in interface outside

route outside 0.0.0.0 0.0.x.x.x.44.81 1

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

sysopt connection permit-pptp

telnet 192.168.21.0 255.255.255.0 inside

telnet timeout 5

ssh timeout 5

console timeout 15

vpdn group 1 accept dialin pptp

vpdn group 1 ppp authentication pap

vpdn group 1 ppp authentication chap

vpdn group 1 ppp authentication mschap

vpdn group 1 ppp encryption mppe 40

vpdn group 1 client configuration address local pptp-vpdn

vpdn group 1 client configuration dns 192.168.x.x .255.86.8

vpdn group 1 pptp echo 60

vpdn group 1 client authentication local

vpdn username user1 password ********

vpdn username user2 password ********

Labels:
0 Helpful
3 Replies 3

joneschw1
Level 1
Level 1

‎12-05-2004 07:03 PM

Anyone??? Please help. I am stuck.

0 Helpful

joneschw1
Level 1
Level 1
In response to joneschw1

‎12-17-2004 07:20 AM

bump... please help. I am still stuck.

0 Helpful

sbantz007
Level 1
Level 1

‎12-17-2004 08:11 AM

I am not sure if this is your problem, but it looks like you need to make use of the split-tunnel command in conjuction with an access-list.

access-list splitTunnelAcl permit ip 192.168.21.0 255.255.255.0 any

vpdn group 1 split-tunnel splitTunnelAcl

0 Helpful
Customers Also Viewed These Support Documents