Connecting to Cisco VPN concentrator

[Brett Glass]

Here's an interesting problem that I'm not sure how to solve. A user, 
whose machine runs Windows, connects to his ISP via PPTP (he can also use 
PPPoE, but there's no change in what happens). Once on the Internet, he 
wants to use the Cisco VPN client software to tunnel into a LAN at the office.

Trouble is, as soon as the Cisco VPN client fires up on his Windows 
machine, it blocks the PPTP or PPPoE connection. In short, it strangles 
itself by cutting off the link over which it must connect. With the 
machine no longer able to reach the Internet, the VPN connection can't 
work, and everything falls apart.

Cisco's literature hints that the Cisco VPN client contains a built-in 
firewall which downloads rules from the Cisco VPN router (which Cisco 
calls a "concentrator") as it connects. But I've explored the 
configuration of the concentrator, and the rules appear to allow pretty 
much everything through, including GRE and PPTP.

I've also tried to see if the user can connect to the VPN concentrator 
using the built-in VPN software in Windows rather than the special Cisco 
VPN client software. So far, the answer is "Yes, but not in a way that's 
useful." I can only connect to the VPN concentrator via PPTP when 
encryption is turned off, thus defeating the purpose of having a VPN in 
the first place. When I tell the Windows system to require encryption, 
the connection fails.

Does anyone have experience with connecting to Cisco VPN concentrators -- 
using either Cisco's VPN client software for Windows or a the PPTP or 
L2TP client software built into Windows?

--Brett