[cisco-nas] pptp connection to 2600 with Windows VPN failing.

Mark Johnson (mljohnso) mljohnso at cisco.com
Thu Dec 13 02:00:56 EST 2012


You might take a look at the PPP packet negotiation at the client; based on the cisco debug, it looks as if the peer is not receiving our CONFREJ or CONFREQ.

What was the minor config change?

mark

From: Joseph Mays <mays at win.net<mailto:mays at win.net>>
Date: Wednesday, December 12, 2012 11:11 PM
To: "cisco-nas at puck.nether.net<mailto:cisco-nas at puck.nether.net>" <cisco-nas at puck.nether.net<mailto:cisco-nas at puck.nether.net>>
Subject: [cisco-nas] pptp connection to 2600 with Windows VPN failing.

Trying to make a vpdn setup work from a windows vpn client to a cisco 2600. I had this working for a while, but then after one minor config change by someone else it stopped working. That change shouldn't have broken anything, but I backed it out nonetheless and the connection is still not working again.

I think it's breaking during the LCP negotiation, before authentication even occurs. Here's what I get from PPP debugging. Notice that it never gets to the authentication phase. I will attach relevant portions of the config afterwards.

genisis#show debug
PPP:
  PPP detailed event debugging is on
  PPP authentication debugging is on
  PPP protocol errors debugging is on
  PPP protocol negotiation debugging is on



genisis#
genisis#term mon
genisis#
*Mar  1 02:26:32.559: Se0/0 PPP: Outbound cdp packet dropped, CDPCP state is Listen
*Mar  1 02:26:39.415:  EVT: Dynamic Bind 0 0x82C3989C
*Mar  1 02:26:39.415: ppp13 EVT: Cstate 4 0x00000000
*Mar  1 02:26:39.415: ppp13 PPP: Using vpn set call direction
*Mar  1 02:26:39.415: ppp13 PPP: Treating connection as a callin
*Mar  1 02:26:39.415: ppp13 PPP: Phase is ESTABLISHING, Passive Open
*Mar  1 02:26:39.415: ppp13 LCP: State is Listen
*Mar  1 02:26:39.439: ppp13 EVT: Packet 0 0x8332C29C
*Mar  1 02:26:39.439: ppp13 LCP: I CONFREQ [Listen] id 0 len 21
*Mar  1 02:26:39.439: ppp13 LCP:    MRU 1400 (0x01040578)
*Mar  1 02:26:39.439: ppp13 LCP:    MagicNumber 0x4FC8505D (0x05064FC8505D)
*Mar  1 02:26:39.439: ppp13 LCP:    PFC (0x0702)
*Mar  1 02:26:39.439: ppp13 LCP:    ACFC (0x0802)
*Mar  1 02:26:39.439: ppp13 LCP:    Callback 6  (0x0D0306)
*Mar  1 02:26:39.439: ppp13 PPP: Authorization required
*Mar  1 02:26:39.439: ppp13 LCP: O CONFREQ [Listen] id 1 len 15
*Mar  1 02:26:39.443: ppp13 LCP:    AuthProto MS-CHAP (0x0305C22380)
*Mar  1 02:26:39.443: ppp13 LCP:    MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar  1 02:26:39.443: ppp13 LCP: O CONFREJ [Listen] id 0 len 7
*Mar  1 02:26:39.443: ppp13 LCP:    Callback 6  (0x0D0306)
*Mar  1 02:26:41.431: ppp13 EVT: Packet 0 0x830D1F30
*Mar  1 02:26:41.431: ppp13 LCP: I CONFREQ [REQsent] id 1 len 21
*Mar  1 02:26:41.431: ppp13 LCP:    MRU 1400 (0x01040578)
*Mar  1 02:26:41.431: ppp13 LCP:    MagicNumber 0x4FC8505D (0x05064FC8505D)
*Mar  1 02:26:41.431: ppp13 LCP:    PFC (0x0702)
*Mar  1 02:26:41.431: ppp13 LCP:    ACFC (0x0802)
*Mar  1 02:26:41.431: ppp13 LCP:    Callback 6  (0x0D0306)
*Mar  1 02:26:41.431: ppp13 LCP: O CONFREJ [REQsent] id 1 len 7
*Mar  1 02:26:41.431: ppp13 LCP:    Callback 6  (0x0D0306)
*Mar  1 02:26:41.451: ppp13 LCP: TIMEout: State REQsent
*Mar  1 02:26:41.451: ppp13 LCP: O CONFREQ [REQsent] id 2 len 15
*Mar  1 02:26:41.451: ppp13 LCP:    AuthProto MS-CHAP (0x0305C22380)
*Mar  1 02:26:41.451: ppp13 LCP:    MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar  1 02:26:43.467: ppp13 LCP: TIMEout: State REQsent
*Mar  1 02:26:43.467: ppp13 LCP: O CONFREQ [REQsent] id 3 len 15
*Mar  1 02:26:43.467: ppp13 LCP:    AuthProto MS-CHAP (0x0305C22380)
*Mar  1 02:26:43.467: ppp13 LCP:    MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar  1 02:26:44.431: ppp13 EVT: Packet 0 0x830D2E1C
*Mar  1 02:26:44.435: ppp13 LCP: I CONFREQ [REQsent] id 2 len 21
*Mar  1 02:26:44.435: ppp13 LCP:    MRU 1400 (0x01040578)
*Mar  1 02:26:44.435: ppp13 LCP:    MagicNumber 0x4FC8505D (0x05064FC8505D)
*Mar  1 02:26:44.435: ppp13 LCP:    PFC (0x0702)
*Mar  1 02:26:44.435: ppp13 LCP:    ACFC (0x0802)
*Mar  1 02:26:44.435: ppp13 LCP:    Callback 6  (0x0D0306)
*Mar  1 02:26:44.435: ppp13 LCP: O CONFREJ [REQsent] id 2 len 7
*Mar  1 02:26:44.435: ppp13 LCP:    Callback 6  (0x0D0306)
*Mar  1 02:26:45.483: ppp13 LCP: TIMEout: State REQsent
*Mar  1 02:26:45.483: ppp13 LCP: O CONFREQ [REQsent] id 4 len 15
*Mar  1 02:26:45.483: ppp13 LCP:    AuthProto MS-CHAP (0x0305C22380)
*Mar  1 02:26:45.483: ppp13 LCP:    MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar  1 02:26:47.499: ppp13 LCP: TIMEout: State REQsent
*Mar  1 02:26:47.499: ppp13 LCP: O CONFREQ [REQsent] id 5 len 15
*Mar  1 02:26:47.499: ppp13 LCP:    AuthProto MS-CHAP (0x0305C22380)
*Mar  1 02:26:47.499: ppp13 LCP:    MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar  1 02:26:48.427: ppp13 EVT: Packet 0 0x830D3118
*Mar  1 02:26:48.431: ppp13 LCP: I CONFREQ [REQsent] id 3 len 21
*Mar  1 02:26:48.431: ppp13 LCP:    MRU 1400 (0x01040578)
*Mar  1 02:26:48.431: ppp13 LCP:    MagicNumber 0x4FC8505D (0x05064FC8505D)
*Mar  1 02:26:48.431: ppp13 LCP:    PFC (0x0702)
*Mar  1 02:26:48.431: ppp13 LCP:    ACFC (0x0802)
*Mar  1 02:26:48.431: ppp13 LCP:    Callback 6  (0x0D0306)
*Mar  1 02:26:48.431: ppp13 LCP: O CONFREJ [REQsent] id 3 len 7
*Mar  1 02:26:48.431: ppp13 LCP:    Callback 6  (0x0D0306)
*Mar  1 02:26:49.515: ppp13 LCP: TIMEout: State REQsent
*Mar  1 02:26:49.515: ppp13 LCP: O CONFREQ [REQsent] id 6 len 15
*Mar  1 02:26:49.515: ppp13 LCP:    AuthProto MS-CHAP (0x0305C22380)
*Mar  1 02:26:49.515: ppp13 LCP:    MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar  1 02:26:51.531: ppp13 LCP: TIMEout: State REQsent
*Mar  1 02:26:51.531: ppp13 LCP: O CONFREQ [REQsent] id 7 len 15
*Mar  1 02:26:51.531: ppp13 LCP:    AuthProto MS-CHAP (0x0305C22380)
*Mar  1 02:26:51.531: ppp13 LCP:    MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar  1 02:26:52.431: ppp13 EVT: Packet 0 0x830CFB60
*Mar  1 02:26:52.431: ppp13 LCP: I CONFREQ [REQsent] id 4 len 21
*Mar  1 02:26:52.431: ppp13 LCP:    MRU 1400 (0x01040578)
*Mar  1 02:26:52.431: ppp13 LCP:    MagicNumber 0x4FC8505D (0x05064FC8505D)
*Mar  1 02:26:52.435: ppp13 LCP:    PFC (0x0702)
*Mar  1 02:26:52.435: ppp13 LCP:    ACFC (0x0802)
*Mar  1 02:26:52.435: ppp13 LCP:    Callback 6  (0x0D0306)
*Mar  1 02:26:52.435: ppp13 LCP: O CONFREJ [REQsent] id 4 len 7
*Mar  1 02:26:52.435: ppp13 LCP:    Callback 6  (0x0D0306)
*Mar  1 02:26:53.547: ppp13 LCP: TIMEout: State REQsent
*Mar  1 02:26:53.547: ppp13 LCP: O CONFREQ [REQsent] id 8 len 15
*Mar  1 02:26:53.547: ppp13 LCP:    AuthProto MS-CHAP (0x0305C22380)
*Mar  1 02:26:53.547: ppp13 LCP:    MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar  1 02:26:55.563: ppp13 LCP: TIMEout: State REQsent
*Mar  1 02:26:55.563: ppp13 LCP: O CONFREQ [REQsent] id 9 len 15
*Mar  1 02:26:55.563: ppp13 LCP:    AuthProto MS-CHAP (0x0305C22380)
*Mar  1 02:26:55.563: ppp13 LCP:    MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar  1 02:26:56.431: ppp13 EVT: Packet 0 0x830D0D48
*Mar  1 02:26:56.431: ppp13 LCP: I CONFREQ [REQsent] id 5 len 21
*Mar  1 02:26:56.431: ppp13 LCP:    MRU 1400 (0x01040578)
*Mar  1 02:26:56.431: ppp13 LCP:    MagicNumber 0x4FC8505D (0x05064FC8505D)
*Mar  1 02:26:56.431: ppp13 LCP:    PFC (0x0702)
*Mar  1 02:26:56.431: ppp13 LCP:    ACFC (0x0802)
*Mar  1 02:26:56.431: ppp13 LCP:    Callback 6  (0x0D0306)
*Mar  1 02:26:56.431: ppp13 LCP: O CONFREJ [REQsent] id 5 len 7
*Mar  1 02:26:56.431: ppp13 LCP:    Callback 6  (0x0D0306)
*Mar  1 02:26:57.579: ppp13 LCP: TIMEout: State REQsent
*Mar  1 02:26:57.579: ppp13 LCP: O CONFREQ [REQsent] id 10 len 15
*Mar  1 02:26:57.579: ppp13 LCP:    AuthProto MS-CHAP (0x0305C22380)
*Mar  1 02:26:57.579: ppp13 LCP:    MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar  1 02:26:59.595: ppp13 LCP: TIMEout: State REQsent
*Mar  1 02:26:59.595: ppp13 LCP: O TERMREQ [REQsent] id 10 len 4
*Mar  1 02:26:59.595: ppp13 PPP: Phase is TERMINATING
*Mar  1 02:26:59.595: ppp13 LCP: State is Listen
*Mar  1 02:26:59.595: ppp13 EVT: Hard Disc 0 0x00000000
*Mar  1 02:26:59.595: ppp13 PPP: Sending Acct Event[Down] id[11]
*Mar  1 02:26:59.595: ppp13 LCP: State is Closed
*Mar  1 02:26:59.595: ppp13 PPP: Phase is DOWN
*Mar  1 02:26:59.599: ppp13 EVT: Free PPP 0 0x00000000

==========

genisis#show run
Building configuration...

Current configuration : 2791 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname genisis
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 informational
enable secret 5 xxxxxxxxxxxxxxxxxxxxxx.
enable password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxx
!
username johndoe password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxx
username angela password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
username admin privilege 15 password 7 xxxxxxxxxxxxxxxxxxxxxxxxxx
no network-clock-participate slot 1
no network-clock-participate wic 0
aaa new-model
!
!
aaa authentication ppp default local
aaa authorization network default if-authenticated
aaa session-id common
ip subnet-zero
no ip cef
!
!
ip ftp username launchpad
ip ftp password 7 045907071C3543480F
no ip domain lookup
no ip dhcp conflict logging
ip dhcp excluded-address 10.10.2.150 10.10.2.255
ip dhcp excluded-address 10.10.2.0 10.10.2.50
!
ip dhcp pool genesis-pc-dhcp-pool
   network 10.10.2.0 255.255.255.0
   dns-server 216.24.27.3
   default-router 10.10.2.1
!
no ip bootp server
ip audit po max-events 100
vpdn enable
!
vpdn-group 1
! Default PPTP VPDN group
 accept-dialin
  protocol pptp
  virtual-template 1
 local name gen-vpn
!
no ftp-server write-enable
!
!
!
voice call carrier capacity active
!
voice class codec 1
 codec preference 1 g711ulaw
 codec preference 2 g729r8
!
!
!
!
!
!
!
!
!
!
!
class-map match-all dscp-ef
  match ip dscp ef
!
!
policy-map queue-on-dscp
 description Prioritizes voice traffic first, signalling next.
  class dscp-ef
   priority percent 75
  class class-default
   fair-queue
   random-detect dscp-based
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 24.235.18.81 255.255.255.240 secondary
 ip address 10.10.2.1 255.255.255.0 secondary
 ip address 24.235.1.17 255.255.255.248
 no ip redirects
 ip nat inside
 service-policy output queue-on-dscp
 logging event subif-link-status
 duplex auto
 speed auto
!
interface Serial0/0
 description T1 to WinNET (UNE-DS1-003-004, HCFD.687777..NB)
 ip address 24.235.2.42 255.255.255.252
 no ip redirects
 ip nat outside
 service-policy output queue-on-dscp
 encapsulation ppp
 logging event subif-link-status
 auto qos voip trust
 service-module t1 timeslots 1-24
!
interface Virtual-Template1
 ip unnumbered FastEthernet0/0
 ip mroute-cache
 peer default ip address pool VPN-IN
 ppp encrypt mppe 40 required
 ppp authentication ms-chap
!
ip local pool VPN-IN 10.10.2.160 10.10.2.164
ip nat inside source list 50 interface Serial0/0 overload
no ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
!
!
access-list 50 permit 10.10.2.0 0.0.0.255
!
rmon event 33333 log trap AutoQoS description "AutoQoS SNMP traps for Voice Drops" owner AutoQo
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 password 7 1415425B18072B2634
!
!
end

genisis#
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-nas/attachments/20121213/75a8d01b/attachment-0001.html>


More information about the cisco-nas mailing list