[c-nsp] pptp connection to 2600 with Windows VPN failing.

Christophe Lucas christophe at clucas.fr
Thu Dec 13 10:59:10 EST 2012


Le 12/12/2012 23:55, Joseph Mays a écrit :
> BTW, yes, I am aware that I left the passwords for ftp etc in the config. 
> They've already been changed.
> 

Hello,

Here is my config which works perfectly with the window native PPTP client :

vpdn enable
!
vpdn-group vpn
! Default PPTP VPDN group
 accept-dialin
  protocol pptp
  virtual-template 1

interface Virtual-Template1
 ip unnumbered FastEthernet0/0
 autodetect encapsulation ppp
 peer default ip address pool vpn
 ppp encrypt mppe auto
 ppp authentication ms-chap-v2


Best regards,

> ----- Original Message ----- 
> From: "Joseph Mays" <mays at win.net>
> To: <cisco-nsp at puck.nether.net>
> Sent: Wednesday, December 12, 2012 5:12 PM
> Subject: [c-nsp] pptp connection to 2600 with Windows VPN failing.
> 
> 
>> Trying to make a vpdn setup work from a windows vpn client to a cisco 
>> 2600. I had this working for a while, but then after one minor config 
>> change by someone else it stopped working. That change shouldn't have 
>> broken anything, but I backed it out nonetheless and the connection is 
>> still not working again.
>>
>> I think it's breaking during the LCP negotiation, before authentication 
>> even occurs. Here's what I get from PPP debugging. Notice that it never 
>> gets to the authentication phase. I will attach relevant portions of the 
>> config afterwards.
>>
>> genisis#show debug
>> PPP:
>>  PPP detailed event debugging is on
>>  PPP authentication debugging is on
>>  PPP protocol errors debugging is on
>>  PPP protocol negotiation debugging is on
>>
>>
>>
>> genisis#
>> genisis#term mon
>> genisis#
>> *Mar  1 02:26:32.559: Se0/0 PPP: Outbound cdp packet dropped, CDPCP state 
>> is Listen
>> *Mar  1 02:26:39.415:  EVT: Dynamic Bind 0 0x82C3989C
>> *Mar  1 02:26:39.415: ppp13 EVT: Cstate 4 0x00000000
>> *Mar  1 02:26:39.415: ppp13 PPP: Using vpn set call direction
>> *Mar  1 02:26:39.415: ppp13 PPP: Treating connection as a callin
>> *Mar  1 02:26:39.415: ppp13 PPP: Phase is ESTABLISHING, Passive Open
>> *Mar  1 02:26:39.415: ppp13 LCP: State is Listen
>> *Mar  1 02:26:39.439: ppp13 EVT: Packet 0 0x8332C29C
>> *Mar  1 02:26:39.439: ppp13 LCP: I CONFREQ [Listen] id 0 len 21
>> *Mar  1 02:26:39.439: ppp13 LCP:    MRU 1400 (0x01040578)
>> *Mar  1 02:26:39.439: ppp13 LCP:    MagicNumber 0x4FC8505D 
>> (0x05064FC8505D)
>> *Mar  1 02:26:39.439: ppp13 LCP:    PFC (0x0702)
>> *Mar  1 02:26:39.439: ppp13 LCP:    ACFC (0x0802)
>> *Mar  1 02:26:39.439: ppp13 LCP:    Callback 6  (0x0D0306)
>> *Mar  1 02:26:39.439: ppp13 PPP: Authorization required
>> *Mar  1 02:26:39.439: ppp13 LCP: O CONFREQ [Listen] id 1 len 15
>> *Mar  1 02:26:39.443: ppp13 LCP:    AuthProto MS-CHAP (0x0305C22380)
>> *Mar  1 02:26:39.443: ppp13 LCP:    MagicNumber 0x0F0968D2 
>> (0x05060F0968D2)
>> *Mar  1 02:26:39.443: ppp13 LCP: O CONFREJ [Listen] id 0 len 7
>> *Mar  1 02:26:39.443: ppp13 LCP:    Callback 6  (0x0D0306)
>> *Mar  1 02:26:41.431: ppp13 EVT: Packet 0 0x830D1F30
>> *Mar  1 02:26:41.431: ppp13 LCP: I CONFREQ [REQsent] id 1 len 21
>> *Mar  1 02:26:41.431: ppp13 LCP:    MRU 1400 (0x01040578)
>> *Mar  1 02:26:41.431: ppp13 LCP:    MagicNumber 0x4FC8505D 
>> (0x05064FC8505D)
>> *Mar  1 02:26:41.431: ppp13 LCP:    PFC (0x0702)
>> *Mar  1 02:26:41.431: ppp13 LCP:    ACFC (0x0802)
>> *Mar  1 02:26:41.431: ppp13 LCP:    Callback 6  (0x0D0306)
>> *Mar  1 02:26:41.431: ppp13 LCP: O CONFREJ [REQsent] id 1 len 7
>> *Mar  1 02:26:41.431: ppp13 LCP:    Callback 6  (0x0D0306)
>> *Mar  1 02:26:41.451: ppp13 LCP: TIMEout: State REQsent
>> *Mar  1 02:26:41.451: ppp13 LCP: O CONFREQ [REQsent] id 2 len 15
>> *Mar  1 02:26:41.451: ppp13 LCP:    AuthProto MS-CHAP (0x0305C22380)
>> *Mar  1 02:26:41.451: ppp13 LCP:    MagicNumber 0x0F0968D2 
>> (0x05060F0968D2)
>> *Mar  1 02:26:43.467: ppp13 LCP: TIMEout: State REQsent
>> *Mar  1 02:26:43.467: ppp13 LCP: O CONFREQ [REQsent] id 3 len 15
>> *Mar  1 02:26:43.467: ppp13 LCP:    AuthProto MS-CHAP (0x0305C22380)
>> *Mar  1 02:26:43.467: ppp13 LCP:    MagicNumber 0x0F0968D2 
>> (0x05060F0968D2)
>> *Mar  1 02:26:44.431: ppp13 EVT: Packet 0 0x830D2E1C
>> *Mar  1 02:26:44.435: ppp13 LCP: I CONFREQ [REQsent] id 2 len 21
>> *Mar  1 02:26:44.435: ppp13 LCP:    MRU 1400 (0x01040578)
>> *Mar  1 02:26:44.435: ppp13 LCP:    MagicNumber 0x4FC8505D 
>> (0x05064FC8505D)
>> *Mar  1 02:26:44.435: ppp13 LCP:    PFC (0x0702)
>> *Mar  1 02:26:44.435: ppp13 LCP:    ACFC (0x0802)
>> *Mar  1 02:26:44.435: ppp13 LCP:    Callback 6  (0x0D0306)
>> *Mar  1 02:26:44.435: ppp13 LCP: O CONFREJ [REQsent] id 2 len 7
>> *Mar  1 02:26:44.435: ppp13 LCP:    Callback 6  (0x0D0306)
>> *Mar  1 02:26:45.483: ppp13 LCP: TIMEout: State REQsent
>> *Mar  1 02:26:45.483: ppp13 LCP: O CONFREQ [REQsent] id 4 len 15
>> *Mar  1 02:26:45.483: ppp13 LCP:    AuthProto MS-CHAP (0x0305C22380)
>> *Mar  1 02:26:45.483: ppp13 LCP:    MagicNumber 0x0F0968D2 
>> (0x05060F0968D2)
>> *Mar  1 02:26:47.499: ppp13 LCP: TIMEout: State REQsent
>> *Mar  1 02:26:47.499: ppp13 LCP: O CONFREQ [REQsent] id 5 len 15
>> *Mar  1 02:26:47.499: ppp13 LCP:    AuthProto MS-CHAP (0x0305C22380)
>> *Mar  1 02:26:47.499: ppp13 LCP:    MagicNumber 0x0F0968D2 
>> (0x05060F0968D2)
>> *Mar  1 02:26:48.427: ppp13 EVT: Packet 0 0x830D3118
>> *Mar  1 02:26:48.431: ppp13 LCP: I CONFREQ [REQsent] id 3 len 21
>> *Mar  1 02:26:48.431: ppp13 LCP:    MRU 1400 (0x01040578)
>> *Mar  1 02:26:48.431: ppp13 LCP:    MagicNumber 0x4FC8505D 
>> (0x05064FC8505D)
>> *Mar  1 02:26:48.431: ppp13 LCP:    PFC (0x0702)
>> *Mar  1 02:26:48.431: ppp13 LCP:    ACFC (0x0802)
>> *Mar  1 02:26:48.431: ppp13 LCP:    Callback 6  (0x0D0306)
>> *Mar  1 02:26:48.431: ppp13 LCP: O CONFREJ [REQsent] id 3 len 7
>> *Mar  1 02:26:48.431: ppp13 LCP:    Callback 6  (0x0D0306)
>> *Mar  1 02:26:49.515: ppp13 LCP: TIMEout: State REQsent
>> *Mar  1 02:26:49.515: ppp13 LCP: O CONFREQ [REQsent] id 6 len 15
>> *Mar  1 02:26:49.515: ppp13 LCP:    AuthProto MS-CHAP (0x0305C22380)
>> *Mar  1 02:26:49.515: ppp13 LCP:    MagicNumber 0x0F0968D2 
>> (0x05060F0968D2)
>> *Mar  1 02:26:51.531: ppp13 LCP: TIMEout: State REQsent
>> *Mar  1 02:26:51.531: ppp13 LCP: O CONFREQ [REQsent] id 7 len 15
>> *Mar  1 02:26:51.531: ppp13 LCP:    AuthProto MS-CHAP (0x0305C22380)
>> *Mar  1 02:26:51.531: ppp13 LCP:    MagicNumber 0x0F0968D2 
>> (0x05060F0968D2)
>> *Mar  1 02:26:52.431: ppp13 EVT: Packet 0 0x830CFB60
>> *Mar  1 02:26:52.431: ppp13 LCP: I CONFREQ [REQsent] id 4 len 21
>> *Mar  1 02:26:52.431: ppp13 LCP:    MRU 1400 (0x01040578)
>> *Mar  1 02:26:52.431: ppp13 LCP:    MagicNumber 0x4FC8505D 
>> (0x05064FC8505D)
>> *Mar  1 02:26:52.435: ppp13 LCP:    PFC (0x0702)
>> *Mar  1 02:26:52.435: ppp13 LCP:    ACFC (0x0802)
>> *Mar  1 02:26:52.435: ppp13 LCP:    Callback 6  (0x0D0306)
>> *Mar  1 02:26:52.435: ppp13 LCP: O CONFREJ [REQsent] id 4 len 7
>> *Mar  1 02:26:52.435: ppp13 LCP:    Callback 6  (0x0D0306)
>> *Mar  1 02:26:53.547: ppp13 LCP: TIMEout: State REQsent
>> *Mar  1 02:26:53.547: ppp13 LCP: O CONFREQ [REQsent] id 8 len 15
>> *Mar  1 02:26:53.547: ppp13 LCP:    AuthProto MS-CHAP (0x0305C22380)
>> *Mar  1 02:26:53.547: ppp13 LCP:    MagicNumber 0x0F0968D2 
>> (0x05060F0968D2)
>> *Mar  1 02:26:55.563: ppp13 LCP: TIMEout: State REQsent
>> *Mar  1 02:26:55.563: ppp13 LCP: O CONFREQ [REQsent] id 9 len 15
>> *Mar  1 02:26:55.563: ppp13 LCP:    AuthProto MS-CHAP (0x0305C22380)
>> *Mar  1 02:26:55.563: ppp13 LCP:    MagicNumber 0x0F0968D2 
>> (0x05060F0968D2)
>> *Mar  1 02:26:56.431: ppp13 EVT: Packet 0 0x830D0D48
>> *Mar  1 02:26:56.431: ppp13 LCP: I CONFREQ [REQsent] id 5 len 21
>> *Mar  1 02:26:56.431: ppp13 LCP:    MRU 1400 (0x01040578)
>> *Mar  1 02:26:56.431: ppp13 LCP:    MagicNumber 0x4FC8505D 
>> (0x05064FC8505D)
>> *Mar  1 02:26:56.431: ppp13 LCP:    PFC (0x0702)
>> *Mar  1 02:26:56.431: ppp13 LCP:    ACFC (0x0802)
>> *Mar  1 02:26:56.431: ppp13 LCP:    Callback 6  (0x0D0306)
>> *Mar  1 02:26:56.431: ppp13 LCP: O CONFREJ [REQsent] id 5 len 7
>> *Mar  1 02:26:56.431: ppp13 LCP:    Callback 6  (0x0D0306)
>> *Mar  1 02:26:57.579: ppp13 LCP: TIMEout: State REQsent
>> *Mar  1 02:26:57.579: ppp13 LCP: O CONFREQ [REQsent] id 10 len 15
>> *Mar  1 02:26:57.579: ppp13 LCP:    AuthProto MS-CHAP (0x0305C22380)
>> *Mar  1 02:26:57.579: ppp13 LCP:    MagicNumber 0x0F0968D2 
>> (0x05060F0968D2)
>> *Mar  1 02:26:59.595: ppp13 LCP: TIMEout: State REQsent
>> *Mar  1 02:26:59.595: ppp13 LCP: O TERMREQ [REQsent] id 10 len 4
>> *Mar  1 02:26:59.595: ppp13 PPP: Phase is TERMINATING
>> *Mar  1 02:26:59.595: ppp13 LCP: State is Listen
>> *Mar  1 02:26:59.595: ppp13 EVT: Hard Disc 0 0x00000000
>> *Mar  1 02:26:59.595: ppp13 PPP: Sending Acct Event[Down] id[11]
>> *Mar  1 02:26:59.595: ppp13 LCP: State is Closed
>> *Mar  1 02:26:59.595: ppp13 PPP: Phase is DOWN
>> *Mar  1 02:26:59.599: ppp13 EVT: Free PPP 0 0x00000000
>>
>>
>> ==========
>>
>> genisis#show run
>> Building configuration...
>>
>> Current configuration : 2791 bytes
>> !
>> version 12.3
>> service timestamps debug datetime msec
>> service timestamps log datetime msec
>> service password-encryption
>> !
>> hostname genisis
>> !
>> boot-start-marker
>> boot-end-marker
>> !
>> logging buffered 4096 informational
>> enable secret 5 xxxxxxxxxxxxxxxxxxxxxx.
>> enable password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxx
>> !
>> username johndoe password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxx
>> username angela password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>> username admin privilege 15 password 7 xxxxxxxxxxxxxxxxxxxxxxxxxx
>> no network-clock-participate slot 1
>> no network-clock-participate wic 0
>> aaa new-model
>> !
>> !
>> aaa authentication ppp default local
>> aaa authorization network default if-authenticated
>> aaa session-id common
>> ip subnet-zero
>> no ip cef
>> !
>> !
>> ip ftp username launchpad
>> ip ftp password 7 045907071C3543480F
>> no ip domain lookup
>> no ip dhcp conflict logging
>> ip dhcp excluded-address 10.10.2.150 10.10.2.255
>> ip dhcp excluded-address 10.10.2.0 10.10.2.50
>> !
>> ip dhcp pool genesis-pc-dhcp-pool
>>   network 10.10.2.0 255.255.255.0
>>   dns-server 216.24.27.3
>>   default-router 10.10.2.1
>> !
>> no ip bootp server
>> ip audit po max-events 100
>> vpdn enable
>> !
>> vpdn-group 1
>> ! Default PPTP VPDN group
>> accept-dialin
>>  protocol pptp
>>  virtual-template 1
>> local name gen-vpn
>> !
>> no ftp-server write-enable
>> !
>> !
>> !
>> voice call carrier capacity active
>> !
>> voice class codec 1
>> codec preference 1 g711ulaw
>> codec preference 2 g729r8
>> !
>> !
>> !
>> !
>> !
>> !
>> !
>> !
>> !
>> !
>> !
>> class-map match-all dscp-ef
>>  match ip dscp ef
>> !
>> !
>> policy-map queue-on-dscp
>> description Prioritizes voice traffic first, signalling next.
>>  class dscp-ef
>>   priority percent 75
>>  class class-default
>>   fair-queue
>>   random-detect dscp-based
>> !
>> !
>> !
>> !
>> !
>> !
>> interface FastEthernet0/0
>> ip address 24.235.18.81 255.255.255.240 secondary
>> ip address 10.10.2.1 255.255.255.0 secondary
>> ip address 24.235.1.17 255.255.255.248
>> no ip redirects
>> ip nat inside
>> service-policy output queue-on-dscp
>> logging event subif-link-status
>> duplex auto
>> speed auto
>> !
>> interface Serial0/0
>> description T1 to WinNET (UNE-DS1-003-004, HCFD.687777..NB)
>> ip address 24.235.2.42 255.255.255.252
>> no ip redirects
>> ip nat outside
>> service-policy output queue-on-dscp
>> encapsulation ppp
>> logging event subif-link-status
>> auto qos voip trust
>> service-module t1 timeslots 1-24
>> !
>> interface Virtual-Template1
>> ip unnumbered FastEthernet0/0
>> ip mroute-cache
>> peer default ip address pool VPN-IN
>> ppp encrypt mppe 40 required
>> ppp authentication ms-chap
>> !
>> ip local pool VPN-IN 10.10.2.160 10.10.2.164
>> ip nat inside source list 50 interface Serial0/0 overload
>> no ip http server
>> no ip http secure-server
>> ip classless
>> ip route 0.0.0.0 0.0.0.0 Serial0/0
>> !
>> !
>> access-list 50 permit 10.10.2.0 0.0.0.255
>> !
>> rmon event 33333 log trap AutoQoS description "AutoQoS SNMP traps for 
>> Voice Drops" owner AutoQo
>> !
>> !
>> !
>> !
>> !
>> !
>> !
>> line con 0
>> line aux 0
>> line vty 0 4
>> password 7 1415425B18072B2634
>> !
>> !
>> end
>>
>> genisis#
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/ 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 


-- 
Christophe Lucas
http://www.clucas.fr/blog/


More information about the cisco-nsp mailing list