I am trying to configure PPTP on my Cisco PIX and cant seem to figure out what is wrong. I have wiped out the whole configuration and used the PDM to setup a initial site-to-site vpn and vpdn group. But I get the following error over and over. I have turned on debug on vpdn and I get the following over and over. I am going insane here not knowing what to do . I am a newbie to Cisco pix so please bare with me. Thank you all in advance for any type of help.
Debug PPTP
outside PPTP: Sending xGRE pak to xx.xx.xx.xx, len 32, seq 21, ack 9, data: 308
1880b001040000000001500000009ff03c0210409000c0104057807020802
Xmit Link Control Protocol pkt, Action code is: Config Request, len is: 11
Pkt dump: 0305c2238005062017d323
LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22380
LCP Option: MAGIC_NUMBER, len: 6, data: 2017d323
PPP xmit, ifc = 0, len: 19 data: ff03c0210103000f0305c2238005062017d323
Interface outside - PPTP xGRE: Out paket, PPP len 19
outside PPTP: Sending xGRE pak to xx.xx.xx.xx, len 35, seq 22, ack 9, data: 308
1880b001340000000001600000009ff03c0210103000f0305c2238005062017d323
PPTP: soc select returns rd mask = 0x10
PPTP: cc rcvdata, socket fd=4, new_conn: 0
PPTP: cc rcv 16 bytes of data
Tnl 6 PPTP: CC I 001000011a2b3c4d000c00004000000047523e0005000000000000000000000
000400000050000000400000000000000e089ff00d089ff00010000001000...
Tnl/Cl 6/6 PPTP: CC I ClearRQ
Tnl/Cl 6/6 PPTP: ClearReq -> state change estabd to terminal
Tnl/Cl 6/6 PPTP: CC O CDN
PPTP: cc snddata, socket fd=4, len=148, data: 009400011a2b3c4d000d00000006010000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
0000000000...
Tnl/Cl 6/6 PPTP: Destroying session
PPP va close, device = 1
Xmit Link Control Protocol pkt, Action code is: Termination Request, len is: 15
Pkt dump: 50656572205465726d696e61746564
PPP xmit, ifc = 0, len: 23 data: ff03c0210504001350656572205465726d696e61746564
Interface outside - PPTP xGRE: Out paket, PPP len 23
Interface outside - PPTP xGRE: Session 6 not estd
Tnl 6 PPTP: no-sess -> state change estabd to wt-stprp
Tnl 6 PPTP: CC O StopCCRQ
PPTP: cc snddata, socket fd=4, len=16, data: 001000011a2b3c4d0003000000000000
PPTP: cc waiting for input, max soc fd = 4
PPTP: soc select returns rd mask = 0x10
PPTP: cc rcvdata, socket fd=4, new_conn: 0
PPTP: cc rcv 16 bytes of data
Tnl 6 PPTP: CC I 001000011a2b3c4d000300000100000047523e0005000000000000000000000
000400000050000000400000000000000e089ff00d089ff00010000001000...
Tnl 6 PPTP: Recvd STOPCCRQ
Tnl 6 PPTP: reason 1
Tnl 6 PPTP: StopCCRQ -> state change wt-stprp to wt-stprp
Tnl 6 PPTP: CC O StopCCRP
PPTP: cc snddata, socket fd=4, len=16, data: 001000011a2b3c4d0004000001000000
Tnl 6 PPTP: Destroy tunnel
This is my running-config
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password xxxxxx encrypted
passwd xxxxxx encrypted
hostname testpix
domain-name test.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list inside_outbound_nat0_acl permit ip any 172.20.2.0 255.255.255.192
access-list outside_cryptomap_dyn_20 permit ip any 172.20.2.0 255.255.255.192
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside xx.xx.xx.xx 255.255.255.248
ip address inside 172.20.2.3 255.255.0.0
ip audit info action alarm
ip audit attack action alarm
ip local pool xxxpool 172.20.2.10-172.20.2.50
pdm location 172.20.0.156 255.255.255.255 inside
pdm location 172.20.2.0 255.255.255.192 outside
pdm history enable
arp timeout 14400
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 0 0.0.0.0 0.0.0.0 0 0
route outside 0.0.0.0 0.0.0.0 xx.xx.xx.xx 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 172.20.0.156 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
sysopt connection permit-pptp
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
isakmp enable outside
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
vpngroup xxxVPN address-pool xxxpool
vpngroup xxxVPN dns-server 172.20.0.52
vpngroup xxxPVPN wins-server 172.20.0.52
vpngroup xxxVPN default-domain xxxcomm.com
vpngroup xxxVPN idle-time 1800
vpngroup xxxVPN password ********
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group PPTP-VPDN-GROUP accept dialin pptp
vpdn group PPTP-VPDN-GROUP ppp authentication mschap
vpdn group PPTP-VPDN-GROUP ppp encryption mppe auto
vpdn group PPTP-VPDN-GROUP client configuration address local xxxpool
vpdn group PPTP-VPDN-GROUP client configuration dns 172.20.0.14
vpdn group PPTP-VPDN-GROUP client configuration wins 172.20.0.14
vpdn group PPTP-VPDN-GROUP pptp echo 60
vpdn group PPTP-VPDN-GROUP client authentication local
vpdn username testuser password *********
vpdn enable outside
vpdn enable inside
username testuser password xxxxxxxxxxxx encrypted privilege 15
terminal width 80
Cryptochecksum:743a627a98d60f0080629a31cba50592
: end
Debug PPTP
outside PPTP: Sending xGRE pak to xx.xx.xx.xx, len 32, seq 21, ack 9, data: 308
1880b001040000000001500000009ff03c0210409000c0104057807020802
Xmit Link Control Protocol pkt, Action code is: Config Request, len is: 11
Pkt dump: 0305c2238005062017d323
LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22380
LCP Option: MAGIC_NUMBER, len: 6, data: 2017d323
PPP xmit, ifc = 0, len: 19 data: ff03c0210103000f0305c2238005062017d323
Interface outside - PPTP xGRE: Out paket, PPP len 19
outside PPTP: Sending xGRE pak to xx.xx.xx.xx, len 35, seq 22, ack 9, data: 308
1880b001340000000001600000009ff03c0210103000f0305c2238005062017d323
PPTP: soc select returns rd mask = 0x10
PPTP: cc rcvdata, socket fd=4, new_conn: 0
PPTP: cc rcv 16 bytes of data
Tnl 6 PPTP: CC I 001000011a2b3c4d000c00004000000047523e0005000000000000000000000
000400000050000000400000000000000e089ff00d089ff00010000001000...
Tnl/Cl 6/6 PPTP: CC I ClearRQ
Tnl/Cl 6/6 PPTP: ClearReq -> state change estabd to terminal
Tnl/Cl 6/6 PPTP: CC O CDN
PPTP: cc snddata, socket fd=4, len=148, data: 009400011a2b3c4d000d00000006010000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
0000000000...
Tnl/Cl 6/6 PPTP: Destroying session
PPP va close, device = 1
Xmit Link Control Protocol pkt, Action code is: Termination Request, len is: 15
Pkt dump: 50656572205465726d696e61746564
PPP xmit, ifc = 0, len: 23 data: ff03c0210504001350656572205465726d696e61746564
Interface outside - PPTP xGRE: Out paket, PPP len 23
Interface outside - PPTP xGRE: Session 6 not estd
Tnl 6 PPTP: no-sess -> state change estabd to wt-stprp
Tnl 6 PPTP: CC O StopCCRQ
PPTP: cc snddata, socket fd=4, len=16, data: 001000011a2b3c4d0003000000000000
PPTP: cc waiting for input, max soc fd = 4
PPTP: soc select returns rd mask = 0x10
PPTP: cc rcvdata, socket fd=4, new_conn: 0
PPTP: cc rcv 16 bytes of data
Tnl 6 PPTP: CC I 001000011a2b3c4d000300000100000047523e0005000000000000000000000
000400000050000000400000000000000e089ff00d089ff00010000001000...
Tnl 6 PPTP: Recvd STOPCCRQ
Tnl 6 PPTP: reason 1
Tnl 6 PPTP: StopCCRQ -> state change wt-stprp to wt-stprp
Tnl 6 PPTP: CC O StopCCRP
PPTP: cc snddata, socket fd=4, len=16, data: 001000011a2b3c4d0004000001000000
Tnl 6 PPTP: Destroy tunnel
This is my running-config
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password xxxxxx encrypted
passwd xxxxxx encrypted
hostname testpix
domain-name test.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list inside_outbound_nat0_acl permit ip any 172.20.2.0 255.255.255.192
access-list outside_cryptomap_dyn_20 permit ip any 172.20.2.0 255.255.255.192
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside xx.xx.xx.xx 255.255.255.248
ip address inside 172.20.2.3 255.255.0.0
ip audit info action alarm
ip audit attack action alarm
ip local pool xxxpool 172.20.2.10-172.20.2.50
pdm location 172.20.0.156 255.255.255.255 inside
pdm location 172.20.2.0 255.255.255.192 outside
pdm history enable
arp timeout 14400
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 0 0.0.0.0 0.0.0.0 0 0
route outside 0.0.0.0 0.0.0.0 xx.xx.xx.xx 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 172.20.0.156 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
sysopt connection permit-pptp
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
isakmp enable outside
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
vpngroup xxxVPN address-pool xxxpool
vpngroup xxxVPN dns-server 172.20.0.52
vpngroup xxxPVPN wins-server 172.20.0.52
vpngroup xxxVPN default-domain xxxcomm.com
vpngroup xxxVPN idle-time 1800
vpngroup xxxVPN password ********
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group PPTP-VPDN-GROUP accept dialin pptp
vpdn group PPTP-VPDN-GROUP ppp authentication mschap
vpdn group PPTP-VPDN-GROUP ppp encryption mppe auto
vpdn group PPTP-VPDN-GROUP client configuration address local xxxpool
vpdn group PPTP-VPDN-GROUP client configuration dns 172.20.0.14
vpdn group PPTP-VPDN-GROUP client configuration wins 172.20.0.14
vpdn group PPTP-VPDN-GROUP pptp echo 60
vpdn group PPTP-VPDN-GROUP client authentication local
vpdn username testuser password *********
vpdn enable outside
vpdn enable inside
username testuser password xxxxxxxxxxxx encrypted privilege 15
terminal width 80
Cryptochecksum:743a627a98d60f0080629a31cba50592
: end