Eli Fulkerson .com HomeArticlesCisco-pix-pptp-setupIndex

Cisco Pix PPTP VPN Setup

This is a somewhat bare-bones description of how to setup a cisco Pix 515 to serve as a PPTP VPN endpoint for windows XP clients, without using any sort of authentication (RADIUS, etc) server.

PIX Configuration:

These are the barebones commands that need to be entered into the Pix...

: This IP Pool, of course, will vary...
ip local pool mypool

: Alternatively to the sysopt commands, you can manually construct a list of all the allowed
: ports and protocols via access lists
sysopt connection permit-ipsec
sysopt connection permit-pptp

: This sets up the VPN itself and credentials for two users... user1 and user2
vpdn group mygroup accept dialin pptp
vpdn group mygroup ppp authentication mschap
vpdn group mygroup ppp encryption mppe 128 required
vpdn group mygroup client configuration address local mypool
vpdn group mygroup pptp echo 60
vpdn group mygroup client authentication local
vpdn username user1 password password-for-user-1
vpdn username user2 password password-for-user-2
vpdn enable outside

Windows Configuration:

Once the pix config is done, here are the steps to connect windows up to it...


What the pix debugging reports during a successful connection...