Cisco Pix PPTP VPN Setup
This is a somewhat bare-bones description of how to setup a cisco Pix 515 to serve as a PPTP VPN endpoint for windows XP clients, without using any sort of authentication (RADIUS, etc) server.
These are the barebones commands that need to be entered into the Pix...
: : This IP Pool, of course, will vary... : ip local pool mypool 192.168.200.100-192.168.200.110 : : Alternatively to the sysopt commands, you can manually construct a list of all the allowed : ports and protocols via access lists : sysopt connection permit-ipsec sysopt connection permit-pptp : : This sets up the VPN itself and credentials for two users... user1 and user2 : vpdn group mygroup accept dialin pptp vpdn group mygroup ppp authentication mschap vpdn group mygroup ppp encryption mppe 128 required vpdn group mygroup client configuration address local mypool vpdn group mygroup pptp echo 60 vpdn group mygroup client authentication local vpdn username user1 password password-for-user-1 vpdn username user2 password password-for-user-2 vpdn enable outside
- The rest of the config file - This isn't a drop-in-and-watch-it-work config, its just the one I was using at the time. You will have to adjust the non-vpn-related portions to suit your needs.
Once the pix config is done, here are the steps to connect windows up to it...
- Guide to connecting to this PPTP config under Windows XP - (via the wizard)
- Guide to fixing the wizard's mess - if you don't want all traffic to route through the new tunnel
What the pix debugging reports during a successful connection...