[cisco-nas] VPDN PPTP

Richard Greasley richardg at blue-stream.net
Sun Jan 25 07:25:21 EST 2004 

Thank you, I'll make changes and let you know how I fared.

regards,
Richardg;
----- Original Message ----- 
From: "Mark John" <markjohn20 at hotmail.com>
To: <richardg at blue-stream.net>
Cc: <cisco-nas at puck.nether.net>
Sent: Sunday, January 25, 2004 7:56 AM
Subject: RE: [cisco-nas] VPDN PPTP


> Few things to check:
>
> 1. You don't need the 'lcp renegotiation' command on the 5300- this is
only
> useful when using L2F and L2TP in compulsory tunnel mode. PPTP does
support
> compulsory tunnel mode, but not on Cisco boxes -on Cisco boxes only
> voluntary tunnel mode is supported (ie. a tunnel directly from the remote
> access client).
>
> 2. Try changing your authentication protocol - you are using PAP - I am
> guessing that the remote access XP client does not permit PAP. If the
remote
> access client is configured to encrypt PPTP traffic using MPPE then you'll
> also need to configure MPPE and MS-CHAP on the AS-5300.
>
> 3. Look for an access list blocking GRE. The control channel in PPTP uses
> TCP (port 1723) but the data channel uses (enhanced) GRE (IP prot 47). So,
> if TCP is permitted then the control channel comes up (and the virtual
> access i/f gets cloned), but the first data to cross the data channel is
the
> PPP neg sequence, and so symptoms that are shown in your debug can
sometimes
> result from an ACL blocking GRE. You can double check that GRE packets are
> being received from the remote access client using 'debug ip packet det
> <acl> BUT be very careful using this command.
>
> 4. Check the IOS version - I have comes across one or two that had
problems
> with PPTP :)
>
>
> Hope that helps,
>
> Mark
>
>
> >From: "Richard Greasley" <richardg at blue-stream.net>
> >To: <cisco-nas at puck.nether.net>
> >Subject: [cisco-nas] VPDN PPTP
> >Date: Sun, 25 Jan 2004 07:15:51 -0400
> >
> >Hello all,
> >hoping someone could help me understand why my pptp connection is failing
> >from a windows xp computer, to a cisco AS5300 (12.2(2)XA3).
> >Commands are as follows:
> >aaa authentication ppp default local
> >aaa authorization network default local
> >!
> >vpdn enable
> >!
> >vpdn-group pptptunnel
> >! Default PPTP VPDN group
> >  description L2tp incoming
> >  accept-dialin
> >   protocol pptp
> >   virtual-template 1
> >  local name Office
> >  lcp renegotiation always
> >!
> >interface Loopback2
> >  description PPTP loopback
> >  ip address 192.168.15.1 255.255.255.255
> >!
> >interface Virtual-Template1
> >  mtu 1492
> >  ip unnumbered Loopback2
> >  load-interval 30
> >  peer default ip address pool pppoE-pool
> >  ppp authentication pap
> >!
> >ip local pool pppoE-pool 192.168.15.5 192.168.15.30
> >!
> >
> >Needles to say, it fails, I've some debugging on and this is what I was
> >able
> >to capture.
> >Is there a reason why it is timing out during the authentication phase?
> >
> >Jan 25 11:12:49.851 UTC: Vi1 VPDN: Virtual interface created
> >Jan 25 11:12:49.851 UTC: Vi1 VPDN: Clone from Vtemplate 1
> >Jan 25 11:12:49.903 UTC: Vi1 VPDN: Bind interface direction=2
> >Jan 25 11:12:49.907 UTC: %LINK-3-UPDOWN: Interface Virtual-Access1,
changed
> >stat
> >e to up
> >Jan 25 11:12:49.907 UTC: Vi1 PPP: Treating connection as a dedicated line
> >Jan 25 11:12:49.907 UTC: Vi1 PPP: Phase is ESTABLISHING, Active Open [0
> >sess, 0
> >load]
> >Jan 25 11:12:49.907 UTC: Vi1 LCP: O CONFREQ [Closed] id 51 len 18
> >Jan 25 11:12:49.907 UTC: Vi1 LCP:    MRU 1492 (0x010405D4)
> >Jan 25 11:12:49.907 UTC: Vi1 LCP:    AuthProto PAP (0x0304C023)
> >Jan 25 11:12:49.907 UTC: Vi1 LCP:    MagicNumber 0x43712274
> >(0x050643712274)
> >Jan 25 11:12:51.907 UTC: Vi1 LCP: TIMEout: State REQsent
> >Jan 25 11:12:51.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 52 len 18
> >Jan 25 11:12:51.907 UTC: Vi1 LCP:    MRU 1492 (0x010405D4)
> >Jan 25 11:12:51.907 UTC: Vi1 LCP:    AuthProto PAP (0x0304C023)
> >Jan 25 11:12:51.907 UTC: Vi1 LCP:    MagicNumber 0x43712274
> >(0x050643712274)
> >Jan 25 11:12:53.907 UTC: Vi1 LCP: TIMEout: State REQsent
> >Jan 25 11:12:53.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 53 len 18
> >Jan 25 11:12:53.907 UTC: Vi1 LCP:    MRU 1492 (0x010405D4)
> >Jan 25 11:12:53.907 UTC: Vi1 LCP:    AuthProto PAP (0x0304C023)
> >Jan 25 11:12:53.907 UTC: Vi1 LCP:    MagicNumber 0x43712274
> >(0x050643712274)
> >Jan 25 11:12:55.907 UTC: Vi1 LCP: TIMEout: State REQsent
> >Jan 25 11:12:55.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 54 len 18
> >Jan 25 11:12:55.907 UTC: Vi1 LCP:    MRU 1492 (0x010405D4)
> >Jan 25 11:12:55.907 UTC: Vi1 LCP:    AuthProto PAP (0x0304C023)
> >Jan 25 11:12:55.907 UTC: Vi1 LCP:    MagicNumber 0x43712274
> >(0x050643712274)
> >Jan 25 11:12:57.907 UTC: Vi1 LCP: TIMEout: State REQsent
> >Jan 25 11:12:57.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 55 len 18
> >Jan 25 11:12:57.907 UTC: Vi1 LCP:    MRU 1492 (0x010405D4)
> >Jan 25 11:12:57.907 UTC: Vi1 LCP:    AuthProto PAP (0x0304C023)
> >Jan 25 11:12:57.907 UTC: Vi1 LCP:    MagicNumber 0x43712274
> >(0x050643712274)
> >Jan 25 11:12:59.907 UTC: Vi1 LCP: TIMEout: State REQsent
> >Jan 25 11:12:59.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 56 len 18
> >Jan 25 11:12:59.907 UTC: Vi1 LCP:    MRU 1492 (0x010405D4)
> >Jan 25 11:12:59.907 UTC: Vi1 LCP:    AuthProto PAP (0x0304C023)
> >Jan 25 11:12:59.907 UTC: Vi1 LCP:    MagicNumber 0x43712274
> >(0x050643712274)
> >Jan 25 11:13:01.907 UTC: Vi1 LCP: TIMEout: State REQsent
> >Jan 25 11:13:01.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 57 len 18
> >Jan 25 11:13:01.907 UTC: Vi1 LCP:    MRU 1492 (0x010405D4)
> >Jan 25 11:13:01.907 UTC: Vi1 LCP:    AuthProto PAP (0x0304C023)
> >Jan 25 11:13:01.907 UTC: Vi1 LCP:    MagicNumber 0x43712274
> >(0x050643712274)
> >Jan 25 11:13:03.907 UTC: Vi1 LCP: TIMEout: State REQsent
> >Jan 25 11:13:03.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 58 len 18
> >Jan 25 11:13:03.907 UTC: Vi1 LCP:    MRU 1492 (0x010405D4)
> >Jan 25 11:13:03.907 UTC: Vi1 LCP:    AuthProto PAP (0x0304C023)
> >Jan 25 11:13:03.907 UTC: Vi1 LCP:    MagicNumber 0x43712274
> >(0x050643712274)
> >Jan 25 11:13:05.907 UTC: Vi1 LCP: TIMEout: State REQsent
> >Jan 25 11:13:05.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 59 len 18
> >Jan 25 11:13:05.907 UTC: Vi1 LCP:    MRU 1492 (0x010405D4)
> >Jan 25 11:13:05.907 UTC: Vi1 LCP:    AuthProto PAP (0x0304C023)
> >Jan 25 11:13:05.907 UTC: Vi1 LCP:    MagicNumber 0x43712274
> >(0x050643712274)
> >Jan 25 11:13:07.907 UTC: Vi1 LCP: TIMEout: State REQsent
> >Jan 25 11:13:07.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 60 len 18
> >Jan 25 11:13:07.907 UTC: Vi1 LCP:    MRU 1492 (0x010405D4)
> >Jan 25 11:13:07.907 UTC: Vi1 LCP:    AuthProto PAP (0x0304C023)
> >Jan 25 11:13:07.907 UTC: Vi1 LCP:    MagicNumber 0x43712274
> >(0x050643712274)
> >Jan 25 11:13:09.907 UTC: Vi1 LCP: TIMEout: State REQsent
> >Jan 25 11:13:09.907 UTC: Vi1 VPDN: Reset
> >Jan 25 11:13:09.907 UTC: Vi1 VPDN: Reset
> >Jan 25 11:13:09.907 UTC: Vi1 VPDN: Unbind interface
> >Jan 25 11:13:09.907 UTC: Vi1 LCP: State is Listen
> >
> >
> >Thanks in advance,
> >Richardg;
> >
> >_______________________________________________
> >cisco-nas mailing list
> >cisco-nas at puck.nether.net
> >https://puck.nether.net/mailman/listinfo/cisco-nas
>
> _________________________________________________________________
> Stay in touch with absent friends - get MSN Messenger
> http://www.msn.co.uk/messenger
>
>

More information about the cisco-nas mailing list