desk12
asked on
Enable PPTP on PIX
Hi,
Appreciate if anyone could provide me with instructions on how to enable the PPTP in the PIX for VPN access?
I have setup a WinXP Prof VPN Server in my LAN but couldnt figure out how to make it possible for remote clients to connect to it.
Currently running a Cisco PIX with IOS 6.0(1), using static Public IP addresses in my LAN.
I have tried this but it doesnt worked.
access-list outside permit tcp any host xxx.xxx.xxx.xxx eq 1723
xxx - refer to the public IP address of the VPN server.
Appreciate if anyone could provide me with instructions on how to enable the PPTP in the PIX for VPN access?
I have setup a WinXP Prof VPN Server in my LAN but couldnt figure out how to make it possible for remote clients to connect to it.
Currently running a Cisco PIX with IOS 6.0(1), using static Public IP addresses in my LAN.
I have tried this but it doesnt worked.
access-list outside permit tcp any host xxx.xxx.xxx.xxx eq 1723
xxx - refer to the public IP address of the VPN server.
Here is the simple solution
PPTP
>
> static (inside,outside) 189.1.1.1 10.0.0.1 netmask 255.255.255.255
> access-list 101 permit tcp host 172.1.1.1 host 189.1.1.1 eq 1723
> access-list 101 permit gre host 172.1.1.1 host 189.1.1.1
> access-group 101 in interface outside
Just change the ip addresses...
I've never tried this myself....but I understand that you have to go from a static to a static IP addres...
I've been told this will not work through PAT on either end....
Let me know if you are using PAT and it works...
Thanks
good Luck
PPTP
>
> static (inside,outside) 189.1.1.1 10.0.0.1 netmask 255.255.255.255
> access-list 101 permit tcp host 172.1.1.1 host 189.1.1.1 eq 1723
> access-list 101 permit gre host 172.1.1.1 host 189.1.1.1
> access-group 101 in interface outside
Just change the ip addresses...
I've never tried this myself....but I understand that you have to go from a static to a static IP addres...
I've been told this will not work through PAT on either end....
Let me know if you are using PAT and it works...
Thanks
good Luck
There's a couple things you need to do here.
First, you will have to bypass all access-list checks for PPTP:
sysopt connection permit-pptp
Next, if you are using port address translation (PAT), you will need to use the "fixup" feature to make the translation work. (If you have a static translation from the client to an outside IP, you don't need this). The following command is for firmware versions 6.3 and above, so you'll want to upgrade your firmware.
fixup protocol pptp 1723
Note that this last command will BREAK any PPTP VPNs configured on the PIX itself, if you have any, which it sounds like you don't.
Lastly, you will need to modify/create your access-list to allow IP protocols 47 (gre) and TCP protocol 1723 inbound from any outside host to your VPN server.
First, you will have to bypass all access-list checks for PPTP:
sysopt connection permit-pptp
Next, if you are using port address translation (PAT), you will need to use the "fixup" feature to make the translation work. (If you have a static translation from the client to an outside IP, you don't need this). The following command is for firmware versions 6.3 and above, so you'll want to upgrade your firmware.
fixup protocol pptp 1723
Note that this last command will BREAK any PPTP VPNs configured on the PIX itself, if you have any, which it sounds like you don't.
Lastly, you will need to modify/create your access-list to allow IP protocols 47 (gre) and TCP protocol 1723 inbound from any outside host to your VPN server.
Now that I think about it, that fixup on port 1723 might only be needed for outbound PPTP. I dunno, try it either way. :-)
ASKER
What90 - Thanks for the url u posted, I will try it out.
Visioneer - I cant afford to upgrade the Firmware, Think you could provide me with detailed steps on what you have mentioned? Sorry, I am a newbie in networking. How do I create the access-list for Gre (47) n pptp (1723) from any outside host to my VPN server?
Thanks.
Visioneer - I cant afford to upgrade the Firmware, Think you could provide me with detailed steps on what you have mentioned? Sorry, I am a newbie in networking. How do I create the access-list for Gre (47) n pptp (1723) from any outside host to my VPN server?
Thanks.
The firmware upgrade is free. You download it from Cisco's site.
hawgpig was heading in the right direction, but his example would only allow one hose on the outside to access your server.
First, create your static NAT from the inside to the outside (it's gotta be a one-to-one for this to work -- you cannot use interface PAT here):
static (inside,outside) <outside_ip_address> <inside_ip_address> netmask 255.255.255.255 0 0
Next, create or modify your access list to allow the traffic inbound:
access-list outside_access_in permit gre any host <outside_IP_address>
access-list outside_access_in permit tcp any host <outside_IP_address> eq 1723
access-group outside_access_in in interface outside
(Obviously, you would replace <outside_IP_address> and <inside_IP_address> with real IP addresses.)
hawgpig was heading in the right direction, but his example would only allow one hose on the outside to access your server.
First, create your static NAT from the inside to the outside (it's gotta be a one-to-one for this to work -- you cannot use interface PAT here):
static (inside,outside) <outside_ip_address> <inside_ip_address> netmask 255.255.255.255 0 0
Next, create or modify your access list to allow the traffic inbound:
access-list outside_access_in permit gre any host <outside_IP_address>
access-list outside_access_in permit tcp any host <outside_IP_address> eq 1723
access-group outside_access_in in interface outside
(Obviously, you would replace <outside_IP_address> and <inside_IP_address> with real IP addresses.)
ASKER
Guys,
I ran into the following error when I was using the Client notebook (winXp Pro) to do the VPN connection:
After connecting to the internet, when I click on the VPN client, the verifying username and password box, it throw me an error box saying "Disconnected
Error 619: A Connection to the remote computer could not be established, so the port used for this connection was closed.~~~~~~~~". I can see on my VPN server(win2000 Srv) that there is some connection activity (the network icon at the lower right taskbar is blinking when the vpn client was trying to connect to it).No logs is recorded at the VPN srv even though I had configure it to log everything.
Does anyone has any idea whether the problem lies with the VPN tunnelling via the Cisco PIX or does it lies with the VPN srv configuration?
Thanks.
I ran into the following error when I was using the Client notebook (winXp Pro) to do the VPN connection:
After connecting to the internet, when I click on the VPN client, the verifying username and password box, it throw me an error box saying "Disconnected
Error 619: A Connection to the remote computer could not be established, so the port used for this connection was closed.~~~~~~~~". I can see on my VPN server(win2000 Srv) that there is some connection activity (the network icon at the lower right taskbar is blinking when the vpn client was trying to connect to it).No logs is recorded at the VPN srv even though I had configure it to log everything.
Does anyone has any idea whether the problem lies with the VPN tunnelling via the Cisco PIX or does it lies with the VPN srv configuration?
Thanks.
Have you set the user in Ad to have Allow access, rather than use the default user policy (which is deny access) ?
ASKER
I think the error message i got above was due to the VPN srv not configure to be on AD.
http://support.microsoft.com/default.aspx?scid=kb;en-us;314485&Product=winxp
Hmm...Side track abit.
My PDC is NT 4.0 , should I configure the VPN Srv (Win2000 srv) into AD, will it have any impact on my PDC?
http://support.microsoft.com/default.aspx?scid=kb;en-us;314485&Product=winxp
Hmm...Side track abit.
My PDC is NT 4.0 , should I configure the VPN Srv (Win2000 srv) into AD, will it have any impact on my PDC?
In order to install Active Directory, you would have to upgrade your PDC from NT 4.0 to Windows 2000 or 2003.
On a side note, why not just configure your PIX to be the PPTP server?
On a side note, why not just configure your PIX to be the PPTP server?
ASKER
How difficult would it be to configure my PIX into a PPTP srv? (* I am not familiar with Cisco stuff and dun wanna risk screwing up all the configuration in the PIX)
* My PIX current firmware is at 6.0(1), I dun have the luxury to upgrade it, is it possible to tweak it into a PPTP srv?
Thanks.
* My PIX current firmware is at 6.0(1), I dun have the luxury to upgrade it, is it possible to tweak it into a PPTP srv?
Thanks.
I still don't understand why you can't flash the firmware... it doesn't cost you anything. Do you need the instructions?
Anyway, it's pretty easy. Here's a sample config, assuming your internal network is 10.1.69.x and your DNS/WINS server is 10.1.69.100:
vpdn group PPTP-VPDN-GROUP accept dialin pptp
vpdn group PPTP-VPDN-GROUP ppp authentication pap
vpdn group PPTP-VPDN-GROUP ppp authentication chap
vpdn group PPTP-VPDN-GROUP ppp authentication mschap
vpdn group PPTP-VPDN-GROUP client authentication local
! this next line creates a username for PPTP access
vpdn username testuser password testing!
! this next line creates a pool of addresses for use in this VPN
ip local pool vpn_pool 10.1.69.200-10.1.69.250
! the next line assigns the new pool to the VPN
vpdn group PPTP-VPDN-GROUP client configuration address local vpn_pool
! the next 2 lines configure the DNS/WINS server addresses to hand out to the clients
vpdn group PPTP-VPDN-GROUP client configuration dns 10.1.69.100
vpdn group PPTP-VPDN-GROUP client configuration wins 10.1.69.100
vpdn group PPTP-VPDN-GROUP ppp encryption mppe auto
vpdn enable outside
access-list inside_outbound_nat0_acl line 2 permit ip 10.1.69.0 255.255.255.0 10.1.69.192 255.255.255.192
nat (inside) 0 access-list inside_outbound_nat0_acl
sysopt connection permit-pptp
Anyway, it's pretty easy. Here's a sample config, assuming your internal network is 10.1.69.x and your DNS/WINS server is 10.1.69.100:
vpdn group PPTP-VPDN-GROUP accept dialin pptp
vpdn group PPTP-VPDN-GROUP ppp authentication pap
vpdn group PPTP-VPDN-GROUP ppp authentication chap
vpdn group PPTP-VPDN-GROUP ppp authentication mschap
vpdn group PPTP-VPDN-GROUP client authentication local
! this next line creates a username for PPTP access
vpdn username testuser password testing!
! this next line creates a pool of addresses for use in this VPN
ip local pool vpn_pool 10.1.69.200-10.1.69.250
! the next line assigns the new pool to the VPN
vpdn group PPTP-VPDN-GROUP client configuration address local vpn_pool
! the next 2 lines configure the DNS/WINS server addresses to hand out to the clients
vpdn group PPTP-VPDN-GROUP client configuration dns 10.1.69.100
vpdn group PPTP-VPDN-GROUP client configuration wins 10.1.69.100
vpdn group PPTP-VPDN-GROUP ppp encryption mppe auto
vpdn enable outside
access-list inside_outbound_nat0_acl line 2 permit ip 10.1.69.0 255.255.255.0 10.1.69.192 255.255.255.192
nat (inside) 0 access-list inside_outbound_nat0_acl
sysopt connection permit-pptp
By the way, you can download the updated firmware and a free TFTP server to upload it with here:
http://network.esd101.net/Apps4Install/CiscoPIX/index.asp
http://network.esd101.net/Apps4Install/CiscoPIX/index.asp
ASKER
Thanks.
My PIX was setup by a System Integrator company, according to thier network enginner (the fella whom setup the PIX for me) claims that my PIX hardware cannot support the updated firmware and that should I really need to update the firmware, I need to upgrade the PIX rams.
Is it easy to update the firmware myself? (consider the fact that I have ZERO knowledge on Cisco stuff)
The instructions you have attached seem pretty straight forward, can I try it without updating my PIX firmware?
Thanks.
My PIX was setup by a System Integrator company, according to thier network enginner (the fella whom setup the PIX for me) claims that my PIX hardware cannot support the updated firmware and that should I really need to update the firmware, I need to upgrade the PIX rams.
Is it easy to update the firmware myself? (consider the fact that I have ZERO knowledge on Cisco stuff)
The instructions you have attached seem pretty straight forward, can I try it without updating my PIX firmware?
Thanks.
Your integrator is wrong. Even a PIX 501 can run 633 (I know because I'm doing it on my own personal firewall and have done so on others). The install docs say you need more RAM than the 501 has, but I have yet to have a problem with it. So go for it.
Yes, it is easy to do the firmware upgrade. You can try it without the upgrade, but I don't know if all the commands are supported. But 633 fixes some bugs, so I'd upgrade it.
Place the update file (i.e., pix633.bin) on a Trivial File Transfer Protocol (TFTP) server. There's one for download in the link.
Connect to your PIX through Telnet or through a terminal session.
From enable mode, type:
copy tftp flash
It'll ask you for the IP address of the TFTP server, and the name of the file. Then boom, it gets the file and installs it. When it's all done, type:
reload
Yes, it is easy to do the firmware upgrade. You can try it without the upgrade, but I don't know if all the commands are supported. But 633 fixes some bugs, so I'd upgrade it.
Place the update file (i.e., pix633.bin) on a Trivial File Transfer Protocol (TFTP) server. There's one for download in the link.
Connect to your PIX through Telnet or through a terminal session.
From enable mode, type:
copy tftp flash
It'll ask you for the IP address of the TFTP server, and the name of the file. Then boom, it gets the file and installs it. When it's all done, type:
reload
ASKER
Ok..i will give it a try.
Thanks.
Thanks.
Legally you must purchase either SMARTnet for your PIX or Cisco P/N PIX-SW-UPGRADE before you can upgrade the firmware on your PIX. Do not upgrade your firmware if you have not purchased one of these.
-Pascal
-Pascal
Ah yes, I forgot about that. Very good point.
ASKER
ok. Will consult my System Integrator for the advise if I wanna upgrade the PIX firmware.
Thanks.
Thanks.
From what I understand, you have:
VPN Client
|
Internet
|
PIX
|
W2K VPN Server
?
In this case, the sysopt command on the PIX won't help, as this only opens up PPTP destined directly for the PIX itself.
What you need to do is redirect PPTP and GRE as HawPig first suggested.
Setting up the PIX as a PPTP server is very easy, as per Visioneer's comments.
:)
VPN Client
|
Internet
|
PIX
|
W2K VPN Server
?
In this case, the sysopt command on the PIX won't help, as this only opens up PPTP destined directly for the PIX itself.
What you need to do is redirect PPTP and GRE as HawPig first suggested.
Setting up the PIX as a PPTP server is very easy, as per Visioneer's comments.
:)
ASKER
yup..you are right.
VPN Client
|
Internet
|
PIX
|
Winxp or NT4.0 or Win2k (configure as VPN Server)
I have tried Hawgpig instructions, I can see the VPN client tunnel thru the PIX and is trying to connect to the VPN Server but the client just timed - out during the authentication part. Any idea what went wrong?
I would certainly like to configure my PIX as a PPTP server but can my current firmware allows me to do so? [*** My PIX current firmware is at 6.0(1) ], if yes, how do i do it?
Please advise.
Thanks.
VPN Client
|
Internet
|
PIX
|
Winxp or NT4.0 or Win2k (configure as VPN Server)
I have tried Hawgpig instructions, I can see the VPN client tunnel thru the PIX and is trying to connect to the VPN Server but the client just timed - out during the authentication part. Any idea what went wrong?
I would certainly like to configure my PIX as a PPTP server but can my current firmware allows me to do so? [*** My PIX current firmware is at 6.0(1) ], if yes, how do i do it?
Please advise.
Thanks.
Go ahead and try to set it up as per the instructions already provided. Couldn't hurt to try it. Back up your current config first, just in case something gets wacky.
In this example, 189.1.1.1 is the INTERNAL server, 10.0.0.1 is the EXTERNAL NATted address, just to be clear:
> static (inside,outside) 189.1.1.1 10.0.0.1 netmask 255.255.255.255
> access-list 101 permit tcp host 172.1.1.1 host 189.1.1.1 eq 1723
> access-list 101 permit gre host 172.1.1.1 host 189.1.1.1
> access-group 101 in interface outside
Are there any authentication errors in the event logs of the domain controllers, or the VPN server itself ?
Does the VPN server know to route back out via the PIX (ie not the default gateway that all the other clients use, if this is applicable ??)
> static (inside,outside) 189.1.1.1 10.0.0.1 netmask 255.255.255.255
> access-list 101 permit tcp host 172.1.1.1 host 189.1.1.1 eq 1723
> access-list 101 permit gre host 172.1.1.1 host 189.1.1.1
> access-group 101 in interface outside
Are there any authentication errors in the event logs of the domain controllers, or the VPN server itself ?
Does the VPN server know to route back out via the PIX (ie not the default gateway that all the other clients use, if this is applicable ??)
ASKER
Visioneer.
What does the following meant? (extract from your above instructions)
access-list inside_outbound_nat0_acl line 2 permit ip 10.1.69.0 255.255.255.0 10.1.69.192 255.255.255.192
nat (inside) 0 access-list inside_outbound_nat0_acl
I am using Public IP addresses, so how shld my configuration be?
Thanks.
What does the following meant? (extract from your above instructions)
access-list inside_outbound_nat0_acl line 2 permit ip 10.1.69.0 255.255.255.0 10.1.69.192 255.255.255.192
nat (inside) 0 access-list inside_outbound_nat0_acl
I am using Public IP addresses, so how shld my configuration be?
Thanks.
ASKER
Visioneer - I tried it and did not get it to work, while configuring the PIX, i got this error "
Addresses overlap with existing Global range".....
Tim_Holman - I tried that also...the client VPN gets timed out during the authentication part.
Visioneer & Tim_Holman
I'm posting my email address (desk12@hotmail.com)
Can drop me a mail so that I can forward my sh_config to you guys?
Thanks.
Addresses overlap with existing Global range".....
Tim_Holman - I tried that also...the client VPN gets timed out during the authentication part.
Visioneer & Tim_Holman
I'm posting my email address (desk12@hotmail.com)
Can drop me a mail so that I can forward my sh_config to you guys?
Thanks.
To setup the PIX as a PPTP server, follow the steps here:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080143a5d.shtml
So, this line specifies an access list to ensure the local / inside network can get back to the PPTP clients:
access-list 101 permit ip 10.1.1.0 255.255.255.0
192.168.1.0 255.255.255.0
This line gives the PPTP clients a pool of addresses:
ip local pool pptp-pool 192.168.1.1-192.168.1.50
This line ensures anything in access-list 101 is NOT NATted - you want the traffic to go back to the PPTP clients, NOT out to the Internet:
nat (inside) 0 access-list 101
This line ensures the PIX is ready to accept PPTP:
sysopt connection permit-pptp
These lines specifiies PPTP group settings:
vpdn group 1 accept dialin pptp
vpdn group 1 ppp authentication pap
vpdn group 1 ppp authentication chap
vpdn group 1 ppp authentication mschap
vpdn group 1 client configuration address local pptp-pool
vpdn group 1 client authentication local
This line sets up a user:
vpdn username cisco password cisco
This line turns PPTP on:
vpdn enable outside
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080143a5d.shtml
So, this line specifies an access list to ensure the local / inside network can get back to the PPTP clients:
access-list 101 permit ip 10.1.1.0 255.255.255.0
192.168.1.0 255.255.255.0
This line gives the PPTP clients a pool of addresses:
ip local pool pptp-pool 192.168.1.1-192.168.1.50
This line ensures anything in access-list 101 is NOT NATted - you want the traffic to go back to the PPTP clients, NOT out to the Internet:
nat (inside) 0 access-list 101
This line ensures the PIX is ready to accept PPTP:
sysopt connection permit-pptp
These lines specifiies PPTP group settings:
vpdn group 1 accept dialin pptp
vpdn group 1 ppp authentication pap
vpdn group 1 ppp authentication chap
vpdn group 1 ppp authentication mschap
vpdn group 1 client configuration address local pptp-pool
vpdn group 1 client authentication local
This line sets up a user:
vpdn username cisco password cisco
This line turns PPTP on:
vpdn enable outside
To get PPTP to pass through:
You need to setup static NAT for your VPN server:
static (inside,outside) xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx 0 0
..and allow GRE and PPTP to get through to it:
access-list outside permit gre host xxx.xxx.xxx.xxx
access-list outside permit tcp host xxx.xxx.xxx.xxx eq 1723
You need to setup static NAT for your VPN server:
static (inside,outside) xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx 0 0
..and allow GRE and PPTP to get through to it:
access-list outside permit gre host xxx.xxx.xxx.xxx
access-list outside permit tcp host xxx.xxx.xxx.xxx eq 1723
ASKER
Tim,
Thanks. I will give both a try when I am back in office on tuesday.
Need to check with you:
When you say:
static (inside,outside) xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx 0 0
access-list outside permit gre host xxx.xxx.xxx.xxx
access-list outside permit tcp host xxx.xxx.xxx.xxx eq 1723
what does the xxx refers to? (which ip does the xxx refering to)
Thanks. I will give both a try when I am back in office on tuesday.
Need to check with you:
When you say:
static (inside,outside) xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx 0 0
access-list outside permit gre host xxx.xxx.xxx.xxx
access-list outside permit tcp host xxx.xxx.xxx.xxx eq 1723
what does the xxx refers to? (which ip does the xxx refering to)
xxx.xxx.xxx.xxx is the OUTSIDE address
yyy.yyy.yyy.yyy is the INSIDE address
static (inside,outside) is the other way round to what you would logically expect !!
So:
static (inside,outside) xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy netmask 255.255.255.255 0 0
access-list outside permit gre any host xxx.xxx.xxx.xxx
access-list outside permit tcp any host xxx.xxx.xxx.xxx eq 1723
yyy.yyy.yyy.yyy is the INSIDE address
static (inside,outside) is the other way round to what you would logically expect !!
So:
static (inside,outside) xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy netmask 255.255.255.255 0 0
access-list outside permit gre any host xxx.xxx.xxx.xxx
access-list outside permit tcp any host xxx.xxx.xxx.xxx eq 1723
ASKER
Tim,
ouside address...does that means it is in private ip form like 192.168.xxx.xxx?
The xxx for the below two statement, is it refering to the ip address of the VPN server?
access-list outside permit gre any host xxx.xxx.xxx.xxx
access-list outside permit tcp any host xxx.xxx.xxx.xxx eq 1723
Thanks.
ouside address...does that means it is in private ip form like 192.168.xxx.xxx?
The xxx for the below two statement, is it refering to the ip address of the VPN server?
access-list outside permit gre any host xxx.xxx.xxx.xxx
access-list outside permit tcp any host xxx.xxx.xxx.xxx eq 1723
Thanks.
xxx.xxx.xxx.xxx is the outside address of the VPN server - ie the address you've decided to use for NAT (you will need NAT for your VPN server to be visible to the outside world !!)
yyy.yyy.yyy.yyy is your inside address - ie real address - 192.168.xxx.xxx.
yyy.yyy.yyy.yyy is your inside address - ie real address - 192.168.xxx.xxx.
ASKER
Hmmm..I can use public address for my VPN server right?
As for the below 2 statement, does the xxx refer to my VPN Server IP address?
access-list outside permit gre any host xxx.xxx.xxx.xxx
access-list outside permit tcp any host xxx.xxx.xxx.xxx eq 1723
As for the below 2 statement, does the xxx refer to my VPN Server IP address?
access-list outside permit gre any host xxx.xxx.xxx.xxx
access-list outside permit tcp any host xxx.xxx.xxx.xxx eq 1723
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Erp... I'm getting confused here - do you want to:
a) Setup your PIX as a PPTP server
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080093f89.shtml
or
b) Setup your PIX to pass through PPTP traffic to your VPN Server ?
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094a5a.shtml
Both solutions are quite clearly detailed in the above links, so give them a go ! You won't break anything, I promise !
a) Setup your PIX as a PPTP server
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080093f89.shtml
or
b) Setup your PIX to pass through PPTP traffic to your VPN Server ?
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094a5a.shtml
Both solutions are quite clearly detailed in the above links, so give them a go ! You won't break anything, I promise !
ASKER
Tim,
Sent you an email. Pls check.
Thanks.
Sent you an email. Pls check.
Thanks.
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I will leave the following recommendation for this question in the Cleanup topic area:
Accept : tim_holman
Any objections should be posted here in the next 4 days. After that time, the question will be closed.
nodisco
EE Cleanup Volunteer
I will leave the following recommendation for this question in the Cleanup topic area:
Accept : tim_holman
Any objections should be posted here in the next 4 days. After that time, the question will be closed.
nodisco
EE Cleanup Volunteer
http://www.tech-recipes.com/modules.php?name=Recipes&rx_id=382
http://www.cisco.com/warp/public/471/pptp_faq.pdf
http://www.cisco.com/en/US/tech/tk827/tk369/technologies_q_and_a_item09186a00800946ef.shtml
http://www.chicagotech.net/vpn.htm