How can I setup the PPTP VPN in Cisco PIX?

Posted on 2005-04-06
Last Modified: 2013-11-16
I using the following command to create the PPTP VPN:
- ip local pool PPTP_POOL
- vpdn group HK_PPTP accept dialin pptp
- vpdn group HK_PPTP ppp authentication pap
- vpdn group HK_PPTP ppp authentication chap
- vpdn group HK_PPTP ppp authentication mschap
- vpdn group HK_PPTP ppp encryption mppe auto required
- vpdn group HK_PPTP client configuration address local PPTP_POOL
- vpdn group HK_PPTP pptp echo 60
- vpdn group HK_PPTP client authentication local
- vpdn username admin password *********
- vpdn enable outside

I can connect to PIX througth PPTP VPN but can't ping any internal address either the PIX inside interface. Is I need to enable some rule to permit PPTP IP pool to inside LAN?
Question by:kennycpu
    LVL 19

    Expert Comment

    If you are using your PIX to nat:

    access-list 101 permit ip X.X.X.X       (where X.X.X.X is ip range of local lan)

    nat (inside) 0 access-list 101

    sysopt connection permit-pptp

    That should get you in

    Author Comment

    How about the PPTP IP pool and the local lan network same as ?
    access-list 101 permit ip (I think that is unvalid!!)
    LVL 19

    Accepted Solution

    damn right!

    Cannot have the same ip range as the lan - it won't pass the traffic
    You should change the local ip pool range to something different - just use a or something similar

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Suggested Solutions

    Overview The Cisco PIX 501, PIX 506e, ASA 5505 and ASA 5510 (most if not all of this information will be relevant to the PIX 515e but I do not have a working configuration handy to verify the validity) are primarily used within small to medium busi…
    To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now