Configuring PPTP (VPDN) Server On A Cisco Router

Configuring PPTP (VPDN) Server On A Cisco Router
1 de 7
http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/329...
(http://www.firewall.cx)
FIREWALL.CX TEAM
NEWS
ALTERNATIVE MENU
RECOMMENDED SITES
CONTACT US - FEEDBACK
(/MEET-THE-TEAM.HTML)
(/NEWS.HTML)
(/SITE-MAP.HTML)
(/RECOMMENDED-SITES.HTML)
(/CONTACT-US.HTML)
(/)
(/networking-topics.html)
HOME
NETWORKING
CISCO
(/microsoft-knowledgebase.html)
MICROSOFT
(/linux-knowledgebase-tutorials.html)
LINUX
(/downloads.html)
DOWNLOADS
Home (/)
(/cisco-technical-knowledgebase.html)
(/general-topics-reviews.html)
MORE CONTENT
(/forums.html)
FORUM
THURSDAY, 28 JANUARY 2016
Cisco (/cisco-technical-knowledgebase.html)
Cisco Routers (/cisco-technical-knowledgebase/cisco-routers.html)

HOT DOWNLOADS
(http://clixtrac.com/goto/?99230)
NETWORK FORENSIC
ANALYSIS
(HTTP://CLIXTRAC.COM
NETWORK
VULNERABILITY SCANNER
NETWORK SECURITY
SCANNER
(/component/banners/click/1.html)
CONFIGURING PPTP (VPDN) SERVER ON A CISCO ROUTER

WRITTEN BY ADMINISTRATOR. POSTED IN CISCO ROUTERS - CONFIGURING CISCO ROUTERS (/CISCO-TECHNICAL-KNOWLEDGEBASE/CISCOROUTERS.HTML)
Rating 4.38 (13 Votes)
Share
Tweet
The Point to Point Tunneling Protocol (PPTP) is a network protocol used to create VPN tunnels between public networks. These VPN
tunnels are encrypted from one end to the other and allow the secure transfer of data between them. PPTP is usually implemented
between a server and a client, the server belonging to the enterprise network and the client being a remote workstation.
While PPTP's encryption algorithms do offer a certain level of security and privacy, they aren't the best encryption technologies available
today. PPTP does have its weaknesses and therefore is not used for long term transactions. PPTP uses the Password Authentication
Protocol and the Challenge Handshake Authentication Protocol encryption algorithms. It can offer encryption options of 40, 56 and 128 bit,
depending on your needs.
PPTP is an excellent quick VPN solution for short-term transactions and is natively supported by all current Windows platforms without the
need for additional drivers or programs.
Cisco routers can be set up to act as PPTP servers, alternatively known as a Virtual Private Dialup Network (VPDN) servers. PPTP has
been supported by Cisco routers since IOS release 12.1(5)T.
We should point out that Windows Servers are also capable of handing PPTP connections by configuring their RAS services, however, we
feel that being able to provide this service from a Cisco router makes it more flexible and easier to implement in any environment.
Note: You can read our article on Windows VPDN setup (/cisco-technical-knowledgebase/cisco-routers/330-cisco-router-win-pptp.html) to
get all the information on how to set up a remote teleworker to connect to the VPDN configured on your Cisco router.
EXAMPLE SCENARIO
In this example, we need to set up our Cisco router so that it accepts VPDN requests, allow our remote clients to connect to the internal
network, assign them an internal IP address and provide them access to all network resources:
27/01/2016 02:57 p.m.
2 de 7
The remote VPN user will have to create a VPDN dialup from its operating system (we assume Windows XP) in order to initiate the VPN
NETWORK SECURITY
SCANNER
connection and authenticate to the Cisco router.

First step is to enable VPDN and create the VPDN group parameters that will define various aspects of the PPTP connection:
R1# configure terminal

R1(config)# vpdn enable
R1(config)# vpdn-group 1
R1(config-vpdn)# accept-dialin
R1(config-vpdn-acc-in)# protocol pptp
R1(config-vpdn-acc-in)# virtual-template 1
(http://clixtrac.com
R1(config-vpdn-acc-in)# exit
/goto/?99232)
The above configuration enables the router to accept incoming PPTP connections and specifies the virtual interface to which the PPTP
tunnel is configured.
FREE HYPER-V &

VMWARE BACKUP
Next up, we need to bind the virtual interface to a real interface. This effectively binds the PPTP connections to the real interface. We'll
also need to create a pool of IP addresses that will be assigned to the VPDN users. This pool is named 'PPTP-Pool' and we'll later on
assign the addresses to be allocated to the VPN users.
R1(config)# interface Virtual-Template1

R1(config-if)# ip unnumbered FastEthernet 0/0
R1(config-if)# peer default ip address pool PPTP-Pool
R1(config-if)# no keepalive
/goto/?210273)
R1(config-if)# ppp encrypt mppe 128

R1(config-if)# ppp authentication ms-chap ms-chap-v2
RECOMMENDED
DOWNLOADS
The 'ppp encrypt' command specifies the encryption to be used - in our case, that's 128 bit. This can be set to 'auto' for maximum
compatibility. The authentication is set to ms-chap and ms-chap v2 so that we can offer the best possible authentication method for this
Web Security
case.
/goto/?99233)
The 'ip unnumbered <interface>' command is worth analysing a bit further.
Free Hyper-V & VMware

Backup (http://clixtrac.com
All VPDN clients will either obtain an IP address that is part of the existing internal network (as in our example), or they will be assigned
an IP address that is totally different from the internal network scheme e.g 192.168.5.20 - 192.168.5.25.
If you want to assign them an IP address that's part of the existing internal network (most cases), you need to use the 'ip unnumbered'
command to bind the virtual adapter to the real interface connected to the internal network - in our example, this is FastEthernet 0/0.
/goto/?210270)
Server AntiSpam
/goto/?99234)
Network Scanner
If on the other hand you wish to provide VPDN clients with a totally different IP address from that of your internal network, then you must
configure the Virtual-Template interface with an IP address belonging to that network e.g 192.168.5.1 and configure the VPDN pool with
/goto/?99235)
the appropriate range e.g 192.168.5.20 - 192.168.5.25.
IDS Security Manager

Older Cisco router models such as the 836 & 837 series had problems assigning the VPDN clients an IP address that belonged to the
existing internal network, so engineers didn't have much choice but to assign a different IP addressing scheme for the VPDN clients.
From the configuration and diagram provided so far, you can see that we'll be assigning the VPDN clients an IP address range that's part
/goto/?99236)
Web-Proxy Monitor
/goto/?99237)
of the existing internal network:
Network Analyzer - Sniffer

R1(config)# ip local pool PPTP-Pool 192.168.0.20 192.168.0.25
/goto/?195370)
Cisco VPN Client
(/downloads/cisco-tools-
Last step is to create the user accounts our VPDN clients will require to authenticate to the router and access internal resources.
This is a fairly simple task as you only need to add a username, followed by the password:
a-applications.html)
Network Fax Server
/goto/?100607)
R1(config)# username firewall password gfk$251!
Forensic Security Analysis

/goto/?195375)
The remote user will need the above username and password to successfully connect to the VPN.
Web Vulnerability Scanner

You can read our article on Windows VPDN setup (/cisco-technical-knowledgebase/cisco-routers/330-cisco-router-win-pptp.html) to get
/goto/?191594)
all the information on how to set up a remote teleworker to connect to the VPN.
WEBSITE SCANNER
ARTICLE SUMMARY
This article covered the configuration of a PPTP or VPDN server on a Cisco router. We saw all aspects of its configuration, plus
alternative configurations that will help you adjust the set up to your needs.
If you have found the article useful, we would really appreciate you sharing it with others by using the provided services on the top left
corner of this article. Sharing our articles takes only a minute of your time and helps Firewall.cx reach more people through such services.
Back to Cisco Routers Section (/cisco-technical-knowledgebase/cisco-routers.html)
/goto/?211418)
27/01/2016 02:57 p.m.
3 de 7
ARTICLES TO READ NEXT:

CISCO ROUTER MODES (/CISCOTECHNICAL-KNOWLEDGEBASE
/CISCO-ROUTERS/251-CISCOROUTER-MODES.HTML)
NETWORK ANALYZER
HOW TO CONFIGURE ROUTER ON A
STICK - 802.1Q TRUNK TO CI...
(/CISCO-TECHNICALKNOWLEDGEBASE/CISCO-ROUTERS
/336-CISCO-ROUTER-8021Q-ROUTERSTICK.HTML)
CISCO ROUTER PPP MULTILINK

SETUP AND CONFIGURATION
(/CISCO-TECHNICALKNOWLEDGEBASE/CISCO-ROUTERS
/822-CISCO-ROUTERPPP-MULTILINK.HTML)
/goto/?195373)
JOIN US:
(http://www.linkedin.com
(https://www.facebook.com
(http://twitter.com
(http://feeds.feedburner.co
/groups?home=&
/firewallcx)
/firewallcx)
/firewallcx)
gid=1037867)
FACEBOOK
- LIKE US!
POPULAR SECURITY
ARTICLES
Implications of Unsecure
Webservers & Websites
(/general-topics-reviews
/security-articles/1072implications-of-unsecurewebservers-and-websitesfor-oganizationscompanies.html)
The Importance of
Automating Web SecurityPenetration Testing
/security-articles/1074automationweb-application-securitytesting.html)
Choosing a Web
Application Security
Scanner (/general-topicsreviews/security-articles
/1083-choosingweb-application-securityscanner.html)
Statistics Highlight the State
of Security of Web
Applications (/generaltopics-reviews/securityarticles/1073-stateof-security-of-webapplications.html)
Comparing Netsparker
Cloud & Desktop based
Security Software
/cloud-based-solutions
/1079-cloud-basedvs-desktop-based-securitysolutions.html)
How to Protect your
Websites and Web Server
from Hackers (/generaltopics-reviews/securityarticles/1092-securitytips-how-to-protectyour-websitesand-webserversfrom-hackers.html)
CISCO PRESS REVIEW

PARTNER
(/site-news/316-firewall-
27/01/2016 02:57 p.m.
4 de 7
ciscopress.html)
Notify me of new articles
Subscribe
CISCO MENU
CISCO ROUTERS
(/cisco-technicalknowledgebase/ciscorouters.html)
CISCO SWITCHES
(/cisco-technicalknowledgebase/ciscoswitches.html)
CISCO VOIP/CCME CALLMANAGER
(/cisco-technicalknowledgebase/ciscovoice.html)
CISCO FIREWALLS
(/cisco-technicalknowledgebase/ciscofirewalls.html)
CISCO WIRELESS
(/cisco-technicalknowledgebase/ciscowireless.html)
CISCO SERVICES &
TECHNOLOGIES
(/cisco-technicalknowledgebase/ciscoservices-tech.html)
CISCO AUTHORS & CCIE
INTERVIEWS
(/cisco-technicalknowledgebase/ccieexperts.html)
POPULAR CISCO
ARTICLES
DMVPN Configuration (/ciscotechnical-knowledgebase
/cisco-routers/901-ciscorouter-dmvpnconfiguration.html)
Cisco IP SLA (/ciscotechnical-knowledgebase
/cisco-routers/813-ciscorouter-ipsla-basic.html)
VLAN Security (/ciscotechnical-knowledgebase
/cisco-switches/818-ciscoswitches-vlan-security.html)
4507R-E Installation (/ciscotechnical-knowledgebase
/cisco-switches/948-ciscoswitches-4507re-ws-x45sup7l-e-installation.html)
CallManager Express Intro
(/cisco-technicalknowledgebase/ciscovoice/371-cisco-ccme-part1.html)
Secure CME - SRTP & TLS
(/cisco-technicalknowledgebase/ciscovoice/956-cisco-voice-
27/01/2016 02:57 p.m.
5 de 7
cme-secure-voip.html)
Cisco Password Crack
(/cisco-technicalknowledgebase/cisco-routers
/358-cisco-type7-passwordcrack.html)
Site-to-Site VPN (/ciscotechnical-knowledgebase
/cisco-routers/867-ciscorouter-site-to-site-ipsecvpn.html)
FREE CISCO LAB

PARTNER
/goto/?99238)
POPULAR LINUX
ARTICLES
Linux Init & RunLevels (/linuxknowledgebase-tutorials/linuxadministration/845-linuxadministration-runlevels.html)
Linux Groups & Users (/linuxknowledgebase-tutorials/linuxadministration/842-linuxgroups-user-accounts.html)
Linux Performance Monitoring
(/linux-knowledgebasetutorials/linux-administration
/837-linux-system-resourcemonitoring.html)
Linux Vim Editor (/linuxknowledgebase-tutorials/linuxadministration/836-linuxvi.html)
Linux Samba (/linuxknowledgebase-tutorials
/system-and-network-services
/848-linux-servicessamba.html)
Linux DHCP Server (/linuxknowledgebase-tutorials
/system-and-network-services
/849-linux-servicesdhcp-server.html)
Linux Bind DNS (/generaltopics-reviews/linuxunixrelated/829-linuxbind-introduction.html)
Linux File & Folder
Permissions (/general-topicsreviews/linuxunix-related
/introduction-to-linux/299-linuxfile-folder-permissions.html)
Linux OpenMosix (/generaltopics-reviews/linuxunixrelated/openmosix-linuxsupercomputer.html)
Linux Network Config (/linuxknowledgebase-tutorials/linuxadministration/851-linuxservices-tcpip.html)
BANDWIDTH
MONITORING
/goto/?99758)
27/01/2016 02:57 p.m.
6 de 7
RSS SUBSCRIPTION
Subscribe to Firewall.cx RSS
Feed by Email
(http://feedburner.google.com
/fb/a/mailverify?uri=firewallcx&
loc=en_US)
27/01/2016 02:57 p.m.
7 de 7
CCENT/CCNA
CISCO ROUTERS
VPN SECURITY
CISCO HELP
WINDOWS 2012
LINUX
ROUTER BASICS (/CISCO-
SSL WEBVPN
UNDERSTAND DMVPN
VPN CLIENT WINDOWS 8
NEW FEATURES
FILE PERMISSIONS
TECHNICAL-
SECURING ROUTERS
GRE/IPSEC CONFIGURATION
VPN CLIENT WINDOWS 7
LICENSING
WEBMIN
KNOWLEDGEBASE/CISCO-
POLICY BASED ROUTING
SITE-TO-SITE IPSEC VPN
CCP DISPLAY PROBLEM
HYPER-V / VDI
GROUPS - USERS
ROUTERS/250-CISCO-
ROUTER ON-A-STICK
IPSEC MODES
CISCO SUPPORT APP.
INSTALL HYPER-V
SAMBA SETUP
ROUTER-BASICS.HTML)
SUBNETTING
OSI MODEL
IP PROTOCOL
FIREWALL.CX TEAM
(/MEET-THE-TEAM.HTML)
NEWS
(/NEWS.HTML)
ALTERNATIVE MENU
(/SITE-MAP.HTML)
RECOMMENDED SITES
(/RECOMMENDED-SITES.HTML)
CONTACT US - FEEDBACK
(/CONTACT-US.HTML)
Copyright 2000-2015 Firewall.cx - All Rights Reserved

Information and images contained on this site is copyrighted material.
Firewall.cx - Cisco Networking, VPN - IPSec, Security, Cisco Switching, Cisco Routers, Cisco VoIP- CallManager Express & UC500, Windows Server, Virtualization, Hyper-V, Web Security, Linux Administration
27/01/2016 02:57 p.m.

Configuring PPTP (VPDN) Server On A Cisco Router

Uploaded by

Copyright:

Available Formats

Configuring PPTP (VPDN) Server On A Cisco Router

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Configuring PPTP (VPDN) Server On A Cisco Router

Uploaded by

Copyright:

Available Formats

Configuring PPTP (VPDN) Server On A Cisco Router

Cisco Routers (/cisco-technical-knowledgebase/cisco-routers.html)