PPTP Security and Cisco PIX Firewall

Posted on 2005-03-23
Medium Priority
Last Modified: 2013-11-16
This is probably a simple question, but I need to know a little about PPTP and PIX firewall configs.

Currently, I've inherited a PIX firewall that is allowing incoming PPTP connections.  I know that is it not configured to support MPPE encryption. (Which I know how to configure on the PIX)

Now, when a remote user tries to connect to the PPTP VPN through their local machine, it will not connect unless the option 'Require Data Encryption' under the Security tab of the PPTP connection is UNCHECKED.  If the box is checked, the computer will disconnect from the VPN immediately.

Now, does this mean that our users are currently sending data in the clear through the Internet when they connect with their PPTP connections?  Or am I misunderstanding how this works.

Thanks guys!
Question by:sbaylis

Accepted Solution

pazmanpro earned 2000 total points
ID: 13618336
Yes. Without encryption, pptp is basically a GRE tunnel and someone sniffing the data can see it in clear text unless the data itself was encrypted before going over the tunnel (SSL for example).

My advice do away with the PPTP and use IPSEC instead; or at least use the 128 bit MPPE encryption.

Author Comment

ID: 13619349
That's what I was thinking.  Thanks for the response.

We can't use IPSEC since there are quite a few roaming people with then need for on demand remote access, so I'm going to enable MPPE (although it's not the greatest, it's better than nothing).

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
As managed cloud service providers, we often get asked to intervene when cloud deployments go awry. Attracted by apparent ease-of-use, flexibility and low computing costs, companies quickly adopt leading public cloud platforms such as Amazon Web Ser…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question