Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
258
Views
0
Helpful
1
Replies

VPN Server on PIX 506E Causes CPU Utilization 100%

ee99ee2
Level 1
Level 1

‎07-17-2005 02:38 PM - edited ‎02-21-2020 01:52 PM

I need to use my PIX 506E as a PPTP VPN server with authentication aginst my Active Directory intrigrated RAIDUS server (Windows IAS). Below is my configuration that is currently working:

-------------------------------

-------------------------------

-------------------------------

Building configuration...

: Saved

:

PIX Version 6.3(3)

interface ethernet0 auto

interface ethernet1 auto

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password ###### encrypted

passwd ###### encrypted

hostname ######

domain-name ######

clock timezone EST -5

fixup protocol dns

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol pptp 1723

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

no fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

<!-- OBJECT GROUP CUT -->

<!-- ACCESS LIST CUT -->

pager lines 24

logging on

logging timestamp

logging trap debugging

logging device-id string ######

logging host inside 10.17.1.91 17/1025

mtu outside 1500

mtu inside 1500

ip address outside ###### 255.255.255.192

ip address inside 10.17.1.1 255.255.0.0

ip audit info action alarm

ip audit attack action alarm

ip local pool vpnpool 10.18.0.1-10.18.0.254

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

<!-- STATIC STATEMENTS CUT -->

nat (inside) 0 access-list vpn

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

access-group outside in interface outside

access-group inside in interface inside

route outside 0.0.0.0 0.0.0.0 ###### 1

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

aaa-server AuthInbound protocol radius

aaa-server AuthInbound (inside) host 10.17.1.5 ###### timeout 5

no snmp-server location

no snmp-server contact

snmp-server community ######

no snmp-server enable traps

floodguard enable

sysopt connection permit-pptp

sysopt noproxyarp inside

telnet timeout 5

ssh 0.0.0.0 0.0.0.0 inside

ssh timeout 30

console timeout 0

vpdn group 1 accept dialin pptp

vpdn group 1 ppp authentication pap

vpdn group 1 ppp authentication chap

vpdn group 1 ppp authentication mschap

vpdn group 1 ppp encryption mppe 128

vpdn group 1 client configuration address local vpnpool

vpdn group 1 client authentication aaa AuthInbound

vpdn group 1 pptp echo 60

vpdn enable outside

terminal width 80

-------------------------------

-------------------------------

-------------------------------

I am able to connect to the PPTP VPN just fine with my domain login, but when I do, anytime traffic is passed I see the CPU utilization of the PIX go up to and stay at 100%. I have tried with both PPTP fixup protocol on and off, it does it either way. What is going on?

Labels:
0 Helpful
1 Reply 1

ee99ee2
Level 1
Level 1

‎07-17-2005 03:24 PM

Ahh.... DUH.... I had debugging on.... was flooding the console..... problem resolved....

-Chris

0 Helpful
Customers Also Viewed These Support Documents