[c-nsp] pptp connection to 2600 with Windows VPN failing.

Hitesh Vinzoda vinzoda.hitesh at gmail.com
Sat Dec 15 02:25:09 EST 2012


just remove the MPPE configuration under virtual-template and try...!

Thanks
Hitesh Vinzoda


On Fri, Dec 14, 2012 at 1:23 AM, Gert Doering <gert at greenie.muc.de> wrote:

> Hi,
>
> On Thu, Dec 13, 2012 at 04:59:10PM +0100, Christophe Lucas wrote:
> > interface Virtual-Template1
> >  ip unnumbered FastEthernet0/0
> >  autodetect encapsulation ppp
> >  peer default ip address pool vpn
> >  ppp encrypt mppe auto
> >  ppp authentication ms-chap-v2
>
> JFTR, I hope everybody on this list is aware that PPTP with MPPE/MS-CHAP-v2
> is about as secure as using PAP and no encryption.
>
> If someone is able to sniff your PPTP/MPPE-Session, all they need is to
> insert $200 into cloudcracker.com, and next morning they will have the
> NTLM HASH needed to authenticate against the server, impersonating the
> VPN client.
>
> See here for a detailed description:
>
>
> http://www.h-online.com/security/features/A-death-blow-for-PPTP-1716768.html
>
> Use IPSEC, SSL-VPN or OpenVPN.
>
> gert
> --
> USENET is *not* the non-clickable part of WWW!
>                                                            //
> www.muc.de/~gert/
> Gert Doering - Munich, Germany
> gert at greenie.muc.de
> fax: +49-89-35655025
> gert at net.informatik.tu-muenchen.de
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list