Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PPTP VPN Connection HOW?

Status
Not open for further replies.
tpcolson

tpcolson

IS-IT--Management
Mar 13, 2001
9
0
0
US
How to set up a PPTP VPN Connection from a W2K client, thru a Pix 6.1(1) box, using VPDN groups? I've tried every example on Cisco web site, nothing works! User can authenticate, but can't access any resoureses inside network! What of the many hundreds of settings do you have to configure on the clien in the DUN settings? and how do you encrypt the session? Thanks!
 
Sort by date Sort by votes
HI.

First, you'll need the DES activation key enabled at the pix.
Issue "show version" to verify if you have.

The encription at the pix should be set to 40 bit unless you have purchased and enabled 3des at the pix.

Try pixcript to generate a sample config, and compare it to yours to see if you missed anything:

Did you configure nat 0 properly?
Did you permit the VPN traffic using either access-list or
sysopt connection permit-pptp?

Did you use an ip local pool range which does not overlap with the existing one? like:
ip address inside 192.168.1.254 ....
ip local pool ... 192.168.15.1-192.168.15.99

Bye
Yizhar Hurwitz
 
Upvote 0 Downvote
access-list 90 permit ip US_LAN 255.255.255.0 UK_LAN 255.255.255.0
access-list 90 permit ip UK_LAN 255.255.255.0 US_LAN 255.255.255.0
access-list 191 permit ip US_VPN_CLIENT 255.255.255.0 US_LAN 255.255.255.0
access-list 191 permit ip US_LAN 255.255.255.0 US_VPN_CLIENT 255.255.255.0
access-list 191 permit udp US_VPN_CLIENT 255.255.255.0 US_LAN 255.255.255.0
access-list 191 permit udp US_LAN 255.255.255.0 US_VPN_CLIENT 255.255.255.0
access-list 191 permit tcp US_LAN 255.255.255.0 US_VPN_CLIENT 255.255.255.0
access-list 191 permit tcp US_VPN_CLIENT 255.255.255.0 US_LAN 255.255.255.0

nat (inside) 0 access-list 191
nat (inside) 1 US_LAN 255.255.255.0 0 0
nat (dmz) 1 172.16.16.0 255.255.255.0 0 0

ip local pool pptp-pool 192.168.6.1-192.168.6.50

vpdn group 1 accept dialin pptp
vpdn group 1 ppp authentication mschap
vpdn group 1 client configuration address local pptp-pool
vpdn group 1 client configuration dns 192.168.1.4 198.6.1.2
vpdn group 1 client configuration wins 192.168.1.4
vpdn group 1 client authentication aaa AuthInbound
vpdn group 1 pptp echo 60
vpdn enable outside
terminal width 80


 
Upvote 0 Downvote
HI.

If you dont use sysopt connection permit-pptp, then you need to allow VPN traffic with an access-list bound to the outside interface.

Look at your syslog messages (use "logging buffer 4") - Do you get messages about blocking traffic from 192.168.6.1 ???

Bye
Yizhar Hurwitz
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
150
intel233
intel233
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
73
gkittelson
gkittelson
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
175
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
53
WhosYourDiffie
WhosYourDiffie
Garbear
  • Locked
  • Question
TZ190 VPN Connection works but can't ping some IP's on either side
Replies
0
Views
42
Garbear
Garbear

Part and Inventory Search

Sponsor

Back
Top