[cisco-nas] VPDN PPTP

Mark John markjohn20 at hotmail.com
Sun Jan 25 06:56:25 EST 2004


Few things to check:

1. You don't need the 'lcp renegotiation' command on the 5300- this is only 
useful when using L2F and L2TP in compulsory tunnel mode. PPTP does support 
compulsory tunnel mode, but not on Cisco boxes -on Cisco boxes only 
voluntary tunnel mode is supported (ie. a tunnel directly from the remote 
access client).

2. Try changing your authentication protocol - you are using PAP - I am 
guessing that the remote access XP client does not permit PAP. If the remote 
access client is configured to encrypt PPTP traffic using MPPE then you'll 
also need to configure MPPE and MS-CHAP on the AS-5300.

3. Look for an access list blocking GRE. The control channel in PPTP uses 
TCP (port 1723) but the data channel uses (enhanced) GRE (IP prot 47). So, 
if TCP is permitted then the control channel comes up (and the virtual 
access i/f gets cloned), but the first data to cross the data channel is the 
PPP neg sequence, and so symptoms that are shown in your debug can sometimes 
result from an ACL blocking GRE. You can double check that GRE packets are 
being received from the remote access client using 'debug ip packet det 
<acl> BUT be very careful using this command.

4. Check the IOS version - I have comes across one or two that had problems 
with PPTP :)


Hope that helps,

Mark


>From: "Richard Greasley" <richardg at blue-stream.net>
>To: <cisco-nas at puck.nether.net>
>Subject: [cisco-nas] VPDN PPTP
>Date: Sun, 25 Jan 2004 07:15:51 -0400
>
>Hello all,
>hoping someone could help me understand why my pptp connection is failing
>from a windows xp computer, to a cisco AS5300 (12.2(2)XA3).
>Commands are as follows:
>aaa authentication ppp default local
>aaa authorization network default local
>!
>vpdn enable
>!
>vpdn-group pptptunnel
>! Default PPTP VPDN group
>  description L2tp incoming
>  accept-dialin
>   protocol pptp
>   virtual-template 1
>  local name Office
>  lcp renegotiation always
>!
>interface Loopback2
>  description PPTP loopback
>  ip address 192.168.15.1 255.255.255.255
>!
>interface Virtual-Template1
>  mtu 1492
>  ip unnumbered Loopback2
>  load-interval 30
>  peer default ip address pool pppoE-pool
>  ppp authentication pap
>!
>ip local pool pppoE-pool 192.168.15.5 192.168.15.30
>!
>
>Needles to say, it fails, I've some debugging on and this is what I was 
>able
>to capture.
>Is there a reason why it is timing out during the authentication phase?
>
>Jan 25 11:12:49.851 UTC: Vi1 VPDN: Virtual interface created
>Jan 25 11:12:49.851 UTC: Vi1 VPDN: Clone from Vtemplate 1
>Jan 25 11:12:49.903 UTC: Vi1 VPDN: Bind interface direction=2
>Jan 25 11:12:49.907 UTC: %LINK-3-UPDOWN: Interface Virtual-Access1, changed
>stat
>e to up
>Jan 25 11:12:49.907 UTC: Vi1 PPP: Treating connection as a dedicated line
>Jan 25 11:12:49.907 UTC: Vi1 PPP: Phase is ESTABLISHING, Active Open [0
>sess, 0
>load]
>Jan 25 11:12:49.907 UTC: Vi1 LCP: O CONFREQ [Closed] id 51 len 18
>Jan 25 11:12:49.907 UTC: Vi1 LCP:    MRU 1492 (0x010405D4)
>Jan 25 11:12:49.907 UTC: Vi1 LCP:    AuthProto PAP (0x0304C023)
>Jan 25 11:12:49.907 UTC: Vi1 LCP:    MagicNumber 0x43712274 
>(0x050643712274)
>Jan 25 11:12:51.907 UTC: Vi1 LCP: TIMEout: State REQsent
>Jan 25 11:12:51.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 52 len 18
>Jan 25 11:12:51.907 UTC: Vi1 LCP:    MRU 1492 (0x010405D4)
>Jan 25 11:12:51.907 UTC: Vi1 LCP:    AuthProto PAP (0x0304C023)
>Jan 25 11:12:51.907 UTC: Vi1 LCP:    MagicNumber 0x43712274 
>(0x050643712274)
>Jan 25 11:12:53.907 UTC: Vi1 LCP: TIMEout: State REQsent
>Jan 25 11:12:53.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 53 len 18
>Jan 25 11:12:53.907 UTC: Vi1 LCP:    MRU 1492 (0x010405D4)
>Jan 25 11:12:53.907 UTC: Vi1 LCP:    AuthProto PAP (0x0304C023)
>Jan 25 11:12:53.907 UTC: Vi1 LCP:    MagicNumber 0x43712274 
>(0x050643712274)
>Jan 25 11:12:55.907 UTC: Vi1 LCP: TIMEout: State REQsent
>Jan 25 11:12:55.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 54 len 18
>Jan 25 11:12:55.907 UTC: Vi1 LCP:    MRU 1492 (0x010405D4)
>Jan 25 11:12:55.907 UTC: Vi1 LCP:    AuthProto PAP (0x0304C023)
>Jan 25 11:12:55.907 UTC: Vi1 LCP:    MagicNumber 0x43712274 
>(0x050643712274)
>Jan 25 11:12:57.907 UTC: Vi1 LCP: TIMEout: State REQsent
>Jan 25 11:12:57.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 55 len 18
>Jan 25 11:12:57.907 UTC: Vi1 LCP:    MRU 1492 (0x010405D4)
>Jan 25 11:12:57.907 UTC: Vi1 LCP:    AuthProto PAP (0x0304C023)
>Jan 25 11:12:57.907 UTC: Vi1 LCP:    MagicNumber 0x43712274 
>(0x050643712274)
>Jan 25 11:12:59.907 UTC: Vi1 LCP: TIMEout: State REQsent
>Jan 25 11:12:59.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 56 len 18
>Jan 25 11:12:59.907 UTC: Vi1 LCP:    MRU 1492 (0x010405D4)
>Jan 25 11:12:59.907 UTC: Vi1 LCP:    AuthProto PAP (0x0304C023)
>Jan 25 11:12:59.907 UTC: Vi1 LCP:    MagicNumber 0x43712274 
>(0x050643712274)
>Jan 25 11:13:01.907 UTC: Vi1 LCP: TIMEout: State REQsent
>Jan 25 11:13:01.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 57 len 18
>Jan 25 11:13:01.907 UTC: Vi1 LCP:    MRU 1492 (0x010405D4)
>Jan 25 11:13:01.907 UTC: Vi1 LCP:    AuthProto PAP (0x0304C023)
>Jan 25 11:13:01.907 UTC: Vi1 LCP:    MagicNumber 0x43712274 
>(0x050643712274)
>Jan 25 11:13:03.907 UTC: Vi1 LCP: TIMEout: State REQsent
>Jan 25 11:13:03.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 58 len 18
>Jan 25 11:13:03.907 UTC: Vi1 LCP:    MRU 1492 (0x010405D4)
>Jan 25 11:13:03.907 UTC: Vi1 LCP:    AuthProto PAP (0x0304C023)
>Jan 25 11:13:03.907 UTC: Vi1 LCP:    MagicNumber 0x43712274 
>(0x050643712274)
>Jan 25 11:13:05.907 UTC: Vi1 LCP: TIMEout: State REQsent
>Jan 25 11:13:05.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 59 len 18
>Jan 25 11:13:05.907 UTC: Vi1 LCP:    MRU 1492 (0x010405D4)
>Jan 25 11:13:05.907 UTC: Vi1 LCP:    AuthProto PAP (0x0304C023)
>Jan 25 11:13:05.907 UTC: Vi1 LCP:    MagicNumber 0x43712274 
>(0x050643712274)
>Jan 25 11:13:07.907 UTC: Vi1 LCP: TIMEout: State REQsent
>Jan 25 11:13:07.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 60 len 18
>Jan 25 11:13:07.907 UTC: Vi1 LCP:    MRU 1492 (0x010405D4)
>Jan 25 11:13:07.907 UTC: Vi1 LCP:    AuthProto PAP (0x0304C023)
>Jan 25 11:13:07.907 UTC: Vi1 LCP:    MagicNumber 0x43712274 
>(0x050643712274)
>Jan 25 11:13:09.907 UTC: Vi1 LCP: TIMEout: State REQsent
>Jan 25 11:13:09.907 UTC: Vi1 VPDN: Reset
>Jan 25 11:13:09.907 UTC: Vi1 VPDN: Reset
>Jan 25 11:13:09.907 UTC: Vi1 VPDN: Unbind interface
>Jan 25 11:13:09.907 UTC: Vi1 LCP: State is Listen
>
>
>Thanks in advance,
>Richardg;
>
>_______________________________________________
>cisco-nas mailing list
>cisco-nas at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nas

_________________________________________________________________
Stay in touch with absent friends - get MSN Messenger 
http://www.msn.co.uk/messenger



More information about the cisco-nas mailing list