Re: Problem with 2500 series PPTP vpdn configuration ?

From: Andrey Kostin (ankost@east.ru)
Date: Mon May 06 2002 - 10:59:32 EDT


Just migrate to another IOS, for example 12.2(3) and later. For 12.2.1 PPTP
doesn't work. Also in all versions there was a bug with tracebacks in PPTP
Mgmt process. Now I serve PPTP with 12.2(6) IOS and I have no tracebacks for
some time. There is bug ID for this, but it is hidden in Bug toolkit, so I
don't know is it fixed or not.

---------------
Andrey Kostin
East Connection ISP, Moscow, Russia. http://www.east.ru

----- Original Message -----
From: "Steve Monkhouse" <steve.monkhouse@ethertech.com.au>
To: <kouji.baba@equant.com>
Cc: <cisco-nsp@puck.nether.net>
Sent: 1 ΝΑΡ 2002 Η. 7:15
Subject: RE: Problem with 2500 series PPTP vpdn configuration ?

> kouji... Thanks for your reply.. but unfortunately Yes, I have tried with
> and without encryption...
> I have changed to pap authentication as well.. still no difference..
>
> Re: turning on extra logging... IT IS !!! :)
>
> router#term mon
> router#debug vpdn event
> VPDN events debugging is on
> router#debug vpdn error
> VPDN errors debugging is on
> router#debug vpdn packet
> VPDN packet debugging is on
> router#debug ppp auth
> PPP authentication debugging is on
> router#debug ppp neg
> PPP protocol negotiation debugging is on
> router#debug vtemplate
> Virtual Template debugging is on
> router#debug vpdn l2x-events
> L2X protocol events debugging is on
> router#debug vpdn l2x-errors
> L2X protocol errors debugging is on
> router#debug vpdn l2x-packets
> L2X control packets debugging is on
>
> and these are the still the ONLY error messages coming up at all ?!?!?
>
> *May 1 11:56:55.062 AEST: %LINK-3-UPDOWN: Interface Virtual-Access1,
> changed state to up
> *May 1 11:56:56.062 AEST: %LINEPROTO-5-UPDOWN: Line protocol on Interface
> Virtual-Access1, changed state to up
> *May 1 11:57:32.118 AEST: %LINK-3-UPDOWN: Interface Virtual-Access1,
> changed state to down
> *May 1 11:57:33.350 AEST: %LINEPROTO-5-UPDOWN: Line protocol on Interface
> Virtual-Access1, changed state to down
>
> I have a strange feeling that it has to have something to do with IOS ver
/
> Flash or mem requirements in the 2514 ??
>
> Steve
>
>
>
> -----Original Message-----
> From: kouji.baba@equant.com [mailto:kouji.baba@equant.com]
> Sent: Wednesday, May 01, 2002 12:00 PM
> To: Steve Monkhouse
> Cc: cisco-nsp@puck.nether.net
> Subject: Re: Problem with 2500 series PPTP vpdn configuration ?
>
>
>
> Steve,
>
> have you tried without 'ppp encrypt' or with 'ppp authentication pap' on
> int virtual-template1 ?
> i think pptp session is OK.
>
> and debug information will be helpful.
> debug vpdn event
> debug ppp negotication|error|authentication
>
> regards,
> -----
> kouji baba
>
>
>
> |--------+---------------------------------->
> | | "Steve Monkhouse" |
> | | <steve.monkhouse@etherte|
> | | ch.com.au> |
> | | |
> | | 2002/04/30 18:19 |
> | | |
> |--------+---------------------------------->
>
>
>---------------------------------------------------------------------------
> --------------------------------|
> |
> |
> | To: <cisco-nsp@puck.nether.net>
> |
> | cc:
> |
> | Subject: Problem with 2500 series PPTP vpdn configuration ?
> |
>
>
>---------------------------------------------------------------------------
> --------------------------------|
>
>
>
>
> Problem with 2500 series PPTP vpdn configuration ?
> Hello all..
> A quickie if I may..?
>
> Bit of background... trying to setup a PPTP/L2TP VPN from connected
> workstations to 2514 router..
>
> debug of connection shows :
> *May 2 04:15:37.928 AEST: %LINK-3-UPDOWN: Interface Virtual-Access1,
> changed state to up
> *May 2 04:15:38.928 AEST: %LINEPROTO-5-UPDOWN: Line protocol on Interface
> Virtual-Access1, changed state to up
> *May 2 04:16:15.044 AEST: %LINK-3-UPDOWN: Interface Virtual-Access1,
> changed state to down
> *May 2 04:16:16.052 AEST: %LINEPROTO-5-UPDOWN: Line protocol on Interface
> Virtual-Access1, changed state to down
>
> and terminal wont log in.. (terminal is always checking username and
> password ... which is correct)..
>
> (Background on my IOS)...
> --------------------------------
> Cisco Internetwork Operating System Software
> IOS (tm) 2500 Software (C2500-JK8OS-L), Version 12.2(1d), RELEASE SOFTWARE
> (fc1)
> Copyright (c) 1986-2002 by cisco Systems, Inc.
> Compiled Sun 03-Feb-02 22:01 by srani
> Image text-base: 0x0307EEE0, data-base: 0x00001000
>
> ROM: System Bootstrap, Version 11.0(10c)XB1, PLATFORM SPECIFIC RELEASE
> SOFTWARE (fc1)
> BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c)XB1,
> PLATFORM SPECIFIC RELEASE SOFTWARE (fc1)
>
> router uptime is 8 weeks, 5 days, 20 hours, 50 minutes
> System returned to ROM by reload
> System image file is "flash:c2500-jk8os-l.122-1d.bin"
>
> cisco 2500 (68030) processor (revision D) with 16384K/2048K bytes of
> memory.
> Processor board ID 02942259, with hardware revision 00000000
> Bridging software.
> X.25 software, Version 3.0.0.
> SuperLAT software (copyright 1990 by Meridian Technology Corp).
> TN3270 Emulation software.
> 2 Ethernet/IEEE 802.3 interface(s)
> 2 Serial network interface(s)
> 32K bytes of non-volatile configuration memory.
> 16384K bytes of processor board System flash (Read ONLY)
>
> Configuration register is 0x2102
> ------------------------------------------------
> current IOS config.. (with non-relevant parts removed)..
>
> router#sh run
> Building configuration...
>
> Current configuration : 2726 bytes
> !
> version 12.2
> no service single-slot-reload-enable
> service timestamps debug datetime msec localtime show-timezone
> service timestamps log datetime msec localtime show-timezone
> service password-encryption
> !
> hostname router
> !
> logging buffered 16384 debugging
> logging rate-limit console 10 except errors
> enable secret xxxxx
> enable password xxxx
> !
> username testuser password testpass
> clock timezone AEST 10
> ip subnet-zero
> no ip finger
> ip name-server xxx.xxx.xxx.xxx
> ip name-server xxx.xxx.xxx.xxx
> !
> ip multicast-routing
> ip address-pool local
> no ip dhcp-client network-discovery
> ipx routing xxx
> async-bootp dns-server xxx.xxx.xxx.xxx
> vpdn enable
> no vpdn logging
> !
> vpdn-group 1
> ! Default PPTP VPDN group
> accept-dialin
> protocol pptp
> virtual-template 1
> !
> !
> !
> !
> !
> interface Loopback0
> no ip address
> !
> interface Ethernet0
> ip address xxx.xxx.xxx.xxx 255.255.255.252
> no ip proxy-arp
> ip nat outside
> ip pim sparse-mode
> no ip route-cache
> no ip mroute-cache
> ipx network BBBBAD encapsulation SAP
> !
> interface Ethernet1
> ip address 10.0.0.20 255.255.255.0
> ip nat inside
> no ip route-cache
> no ip mroute-cache
> ipx network 3A759D encapsulation SAP
> !
> interface Virtual-Template1
> description Dial-in Interface for PPTP Clients
> mtu 1400
> ip unnumbered Ethernet1
> peer default ip address pool default
> ppp encrypt mppe 40 required
> ppp authentication chap ms-chap
> ppp timeout retry 20
> ppp timeout authentication 20
> multilink max-links 1
> !
> router ospf 1
> log-adjacency-changes
> network 10.0.0.0 0.0.0.255 area 1
> network xxx.xxx.xxx.xxx 0.0.0.255 area 0
> network xxx.xxx.xxx.xxx 0.0.0.255 area 0
> !
> router rip
> network 10.0.0.0
> network xxx.xxx.xxx.xxx
> network xxx.xxx.xxx.xxx
> !
> ip local pool default 10.0.0.210 10.0.0.240
> ip kerberos source-interface any
> ip nat inside source list nat-list interface Ethernet0 overload
> ip nat inside source static tcp 10.0.0.56 515 xxx.xxx.xxx.xxx 515
> extendable
> ip classless
> ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx
> no ip http server
> !
> !
> ip access-list standard nat-list
> remark Allow all Internal IP's to be NATable
> permit 10.0.0.0 0.0.0.255
> logging trap debugging
> logging facility local0
>
> Has anyone got any ideas why this wont work ????
>
> Thanks in Advance!
> Steve
>
>
>



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:11:56 EDT