PPTP woes

From: kevin graham (kgraham@dotnetdotcom.org)
Date: Wed Oct 03 2001 - 21:48:51 EDT


So I'm adding PPTP to a 3662 in hopes of being able to kill of an NT
machine. I only mention it as a disclaimer that I know perfectly well I
need to migrate users to IPSec or atleast L2TP.

When making hte connection, the vpdn comes up, and the virtual-access
interface is created. However, the conneciton is dying during PPP
negotiation:

14w2d: Vi1 VPDN: O out
14w2d: Vi1 LCP: TIMEout: State REQsent
14w2d: Vi1 LCP: O CONFREQ [REQsent] id 37 len 15
14w2d: Vi1 LCP: AuthProto MS-CHAP (0x0305C22380)
14w2d: Vi1 LCP: MagicNumber 0xB401B18C (0x0506B401B18C)
14w2d: Vi1 VPDN: O out
14w2d: Vi1 LCP: TIMEout: State REQsent
14w2d: Vi1 LCP: O CONFREQ [REQsent] id 38 len 15
14w2d: Vi1 LCP: AuthProto MS-CHAP (0x0305C22380)
14w2d: Vi1 LCP: MagicNumber 0xB401B18C (0x0506B401B18C)

It will loop on that for a number of times until the Win2k machine gives
up and drops. There is never a CONFACK or even CONFNAK. Looking at the
TAC, the only time I see this sited is when line speeds are munged or
other misconfiguration -- it all points ot the lower layer, which in this
case gives the pretense of working.

The router is currently running 12.2(1) w/ lots of bells and whistles
(c3660-jk9o3s-mz.122-1). All of the virtual access config is straight out
of the 'PPTP with MPPE' configuration guide.

#show vpdn

%No active L2TP tunnels

%No active L2F tunnels

PPTP Tunnel and Session Information Total tunnels 1 sessions 1

LocID Remote Name State Remote Address Port Sessions
110 estabd 192.168.9.165 2946 1

LocID RemID TunID Intf Username State Last Chg
109 16384 110 Vi1 estabd 00:00:02

%No active PPPoE tunnels

#show int VIrtual-Access 1
Virtual-Access1 is up, line protocol is up
  Hardware is Virtual Access interface
  Interface is unnumbered. Using address of Loopback0 (192.168.255.1)
  MTU 1500 bytes, BW 100 Kbit, DLY 100000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, loopback not set
  Keepalive not set
  DTR is pulsed for 5 seconds on reset
  LCP REQsent
  Closed: CCP
  Last input never, output never, output hang never
  Last clearing of "show interface" counters 00:06:01
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/75, 0 drops
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     7 packets output, 133 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions

.....

vpdn-group 1
! Default PPTP VPDN group
 accept-dialin
  protocol pptp
  virtual-template 1

interface Virtual-Template1
 ip unnumbered Loopback0
 ip mroute-cache
 no keepalive
 peer default ip address pool PPP
 ppp encrypt mppe auto
 ppp authentication ms-chap
ip local pool PPP 192.168.255.2 192.168.255.61

Any ideas where I should start looking? This has been a bit of a pet
project that I've been tripping up on the same thing everytime I go back
and revisit it (but haven't cared enough to really dig in). Have I just
been staring at it too long and am missing something foolish?

Thanks.
..kg..



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:19 EDT