How can I setup the PPTP VPN in Cisco PIX?

I using the following command to create the PPTP VPN:
- ip local pool PPTP_POOL 10.128.2.220-10.128.2.240
- vpdn group HK_PPTP accept dialin pptp
- vpdn group HK_PPTP ppp authentication pap
- vpdn group HK_PPTP ppp authentication chap
- vpdn group HK_PPTP ppp authentication mschap
- vpdn group HK_PPTP ppp encryption mppe auto required
- vpdn group HK_PPTP client configuration address local PPTP_POOL
- vpdn group HK_PPTP pptp echo 60
- vpdn group HK_PPTP client authentication local
- vpdn username admin password *********
- vpdn enable outside

I can connect to PIX througth PPTP VPN but can't ping any internal address either the PIX inside interface. Is I need to enable some rule to permit PPTP IP pool to inside LAN?
kennycpuAsked:
Who is Participating?
 
nodiscoCommented:
damn right!

Cannot have the same ip range as the lan - it won't pass the traffic
You should change the local ip pool range to something different - just use a 192.168.1.10-192.168.1.40 or something similar
0
 
nodiscoCommented:
If you are using your PIX to nat:

access-list 101 permit ip X.X.X.X 255.255.255.0 10.128.2.0 255.255.255.0       (where X.X.X.X is ip range of local lan)

nat (inside) 0 access-list 101

sysopt connection permit-pptp

That should get you in
0
 
kennycpuAuthor Commented:
How about the PPTP IP pool and the local lan network same as 10.128.2.0 ?
e.g
access-list 101 permit ip 10.128.2.0 255.255.255.0 10.128.2.0 255.255.255.0 (I think that is unvalid!!)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.