Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Cisco>
  3. NAS
VPDN PPTP
richardg at blue-stream
Jan 25, 2004, 4:15 AM
Post #1 of 11 (3181 views)
Permalink
Hello all,
hoping someone could help me understand why my pptp connection is failing
from a windows xp computer, to a cisco AS5300 (12.2(2)XA3).
Commands are as follows:
aaa authentication ppp default local
aaa authorization network default local
!
vpdn enable
!
vpdn-group pptptunnel
! Default PPTP VPDN group
description L2tp incoming
accept-dialin
protocol pptp
virtual-template 1
local name Office
lcp renegotiation always
!
interface Loopback2
description PPTP loopback
ip address 192.168.15.1 255.255.255.255
!
interface Virtual-Template1
mtu 1492
ip unnumbered Loopback2
load-interval 30
peer default ip address pool pppoE-pool
ppp authentication pap
!
ip local pool pppoE-pool 192.168.15.5 192.168.15.30
!

Needles to say, it fails, I've some debugging on and this is what I was able
to capture.
Is there a reason why it is timing out during the authentication phase?

Jan 25 11:12:49.851 UTC: Vi1 VPDN: Virtual interface created
Jan 25 11:12:49.851 UTC: Vi1 VPDN: Clone from Vtemplate 1
Jan 25 11:12:49.903 UTC: Vi1 VPDN: Bind interface direction=2
Jan 25 11:12:49.907 UTC: %LINK-3-UPDOWN: Interface Virtual-Access1, changed
stat
e to up
Jan 25 11:12:49.907 UTC: Vi1 PPP: Treating connection as a dedicated line
Jan 25 11:12:49.907 UTC: Vi1 PPP: Phase is ESTABLISHING, Active Open [0
sess, 0
load]
Jan 25 11:12:49.907 UTC: Vi1 LCP: O CONFREQ [Closed] id 51 len 18
Jan 25 11:12:49.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
Jan 25 11:12:49.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
Jan 25 11:12:49.907 UTC: Vi1 LCP: MagicNumber 0x43712274 (0x050643712274)
Jan 25 11:12:51.907 UTC: Vi1 LCP: TIMEout: State REQsent
Jan 25 11:12:51.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 52 len 18
Jan 25 11:12:51.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
Jan 25 11:12:51.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
Jan 25 11:12:51.907 UTC: Vi1 LCP: MagicNumber 0x43712274 (0x050643712274)
Jan 25 11:12:53.907 UTC: Vi1 LCP: TIMEout: State REQsent
Jan 25 11:12:53.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 53 len 18
Jan 25 11:12:53.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
Jan 25 11:12:53.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
Jan 25 11:12:53.907 UTC: Vi1 LCP: MagicNumber 0x43712274 (0x050643712274)
Jan 25 11:12:55.907 UTC: Vi1 LCP: TIMEout: State REQsent
Jan 25 11:12:55.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 54 len 18
Jan 25 11:12:55.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
Jan 25 11:12:55.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
Jan 25 11:12:55.907 UTC: Vi1 LCP: MagicNumber 0x43712274 (0x050643712274)
Jan 25 11:12:57.907 UTC: Vi1 LCP: TIMEout: State REQsent
Jan 25 11:12:57.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 55 len 18
Jan 25 11:12:57.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
Jan 25 11:12:57.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
Jan 25 11:12:57.907 UTC: Vi1 LCP: MagicNumber 0x43712274 (0x050643712274)
Jan 25 11:12:59.907 UTC: Vi1 LCP: TIMEout: State REQsent
Jan 25 11:12:59.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 56 len 18
Jan 25 11:12:59.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
Jan 25 11:12:59.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
Jan 25 11:12:59.907 UTC: Vi1 LCP: MagicNumber 0x43712274 (0x050643712274)
Jan 25 11:13:01.907 UTC: Vi1 LCP: TIMEout: State REQsent
Jan 25 11:13:01.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 57 len 18
Jan 25 11:13:01.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
Jan 25 11:13:01.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
Jan 25 11:13:01.907 UTC: Vi1 LCP: MagicNumber 0x43712274 (0x050643712274)
Jan 25 11:13:03.907 UTC: Vi1 LCP: TIMEout: State REQsent
Jan 25 11:13:03.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 58 len 18
Jan 25 11:13:03.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
Jan 25 11:13:03.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
Jan 25 11:13:03.907 UTC: Vi1 LCP: MagicNumber 0x43712274 (0x050643712274)
Jan 25 11:13:05.907 UTC: Vi1 LCP: TIMEout: State REQsent
Jan 25 11:13:05.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 59 len 18
Jan 25 11:13:05.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
Jan 25 11:13:05.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
Jan 25 11:13:05.907 UTC: Vi1 LCP: MagicNumber 0x43712274 (0x050643712274)
Jan 25 11:13:07.907 UTC: Vi1 LCP: TIMEout: State REQsent
Jan 25 11:13:07.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 60 len 18
Jan 25 11:13:07.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
Jan 25 11:13:07.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
Jan 25 11:13:07.907 UTC: Vi1 LCP: MagicNumber 0x43712274 (0x050643712274)
Jan 25 11:13:09.907 UTC: Vi1 LCP: TIMEout: State REQsent
Jan 25 11:13:09.907 UTC: Vi1 VPDN: Reset
Jan 25 11:13:09.907 UTC: Vi1 VPDN: Reset
Jan 25 11:13:09.907 UTC: Vi1 VPDN: Unbind interface
Jan 25 11:13:09.907 UTC: Vi1 LCP: State is Listen


Thanks in advance,
Richardg;
RE: VPDN PPTP [ In reply to ]
markjohn20 at hotmail
Jan 25, 2004, 4:56 AM
Post #2 of 11 (3109 views)
Permalink
Few things to check:

1. You don't need the 'lcp renegotiation' command on the 5300- this is only
useful when using L2F and L2TP in compulsory tunnel mode. PPTP does support
compulsory tunnel mode, but not on Cisco boxes -on Cisco boxes only
voluntary tunnel mode is supported (ie. a tunnel directly from the remote
access client).

2. Try changing your authentication protocol - you are using PAP - I am
guessing that the remote access XP client does not permit PAP. If the remote
access client is configured to encrypt PPTP traffic using MPPE then you'll
also need to configure MPPE and MS-CHAP on the AS-5300.

3. Look for an access list blocking GRE. The control channel in PPTP uses
TCP (port 1723) but the data channel uses (enhanced) GRE (IP prot 47). So,
if TCP is permitted then the control channel comes up (and the virtual
access i/f gets cloned), but the first data to cross the data channel is the
PPP neg sequence, and so symptoms that are shown in your debug can sometimes
result from an ACL blocking GRE. You can double check that GRE packets are
being received from the remote access client using 'debug ip packet det
<acl> BUT be very careful using this command.

4. Check the IOS version - I have comes across one or two that had problems
with PPTP :)


Hope that helps,

Mark


>From: "Richard Greasley" <richardg@blue-stream.net>
>To: <cisco-nas@puck.nether.net>
>Subject: [cisco-nas] VPDN PPTP
>Date: Sun, 25 Jan 2004 07:15:51 -0400
>
>Hello all,
>hoping someone could help me understand why my pptp connection is failing
>from a windows xp computer, to a cisco AS5300 (12.2(2)XA3).
>Commands are as follows:
>aaa authentication ppp default local
>aaa authorization network default local
>!
>vpdn enable
>!
>vpdn-group pptptunnel
>! Default PPTP VPDN group
> description L2tp incoming
> accept-dialin
> protocol pptp
> virtual-template 1
> local name Office
> lcp renegotiation always
>!
>interface Loopback2
> description PPTP loopback
> ip address 192.168.15.1 255.255.255.255
>!
>interface Virtual-Template1
> mtu 1492
> ip unnumbered Loopback2
> load-interval 30
> peer default ip address pool pppoE-pool
> ppp authentication pap
>!
>ip local pool pppoE-pool 192.168.15.5 192.168.15.30
>!
>
>Needles to say, it fails, I've some debugging on and this is what I was
>able
>to capture.
>Is there a reason why it is timing out during the authentication phase?
>
>Jan 25 11:12:49.851 UTC: Vi1 VPDN: Virtual interface created
>Jan 25 11:12:49.851 UTC: Vi1 VPDN: Clone from Vtemplate 1
>Jan 25 11:12:49.903 UTC: Vi1 VPDN: Bind interface direction=2
>Jan 25 11:12:49.907 UTC: %LINK-3-UPDOWN: Interface Virtual-Access1, changed
>stat
>e to up
>Jan 25 11:12:49.907 UTC: Vi1 PPP: Treating connection as a dedicated line
>Jan 25 11:12:49.907 UTC: Vi1 PPP: Phase is ESTABLISHING, Active Open [0
>sess, 0
>load]
>Jan 25 11:12:49.907 UTC: Vi1 LCP: O CONFREQ [Closed] id 51 len 18
>Jan 25 11:12:49.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
>Jan 25 11:12:49.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
>Jan 25 11:12:49.907 UTC: Vi1 LCP: MagicNumber 0x43712274
>(0x050643712274)
>Jan 25 11:12:51.907 UTC: Vi1 LCP: TIMEout: State REQsent
>Jan 25 11:12:51.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 52 len 18
>Jan 25 11:12:51.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
>Jan 25 11:12:51.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
>Jan 25 11:12:51.907 UTC: Vi1 LCP: MagicNumber 0x43712274
>(0x050643712274)
>Jan 25 11:12:53.907 UTC: Vi1 LCP: TIMEout: State REQsent
>Jan 25 11:12:53.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 53 len 18
>Jan 25 11:12:53.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
>Jan 25 11:12:53.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
>Jan 25 11:12:53.907 UTC: Vi1 LCP: MagicNumber 0x43712274
>(0x050643712274)
>Jan 25 11:12:55.907 UTC: Vi1 LCP: TIMEout: State REQsent
>Jan 25 11:12:55.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 54 len 18
>Jan 25 11:12:55.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
>Jan 25 11:12:55.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
>Jan 25 11:12:55.907 UTC: Vi1 LCP: MagicNumber 0x43712274
>(0x050643712274)
>Jan 25 11:12:57.907 UTC: Vi1 LCP: TIMEout: State REQsent
>Jan 25 11:12:57.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 55 len 18
>Jan 25 11:12:57.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
>Jan 25 11:12:57.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
>Jan 25 11:12:57.907 UTC: Vi1 LCP: MagicNumber 0x43712274
>(0x050643712274)
>Jan 25 11:12:59.907 UTC: Vi1 LCP: TIMEout: State REQsent
>Jan 25 11:12:59.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 56 len 18
>Jan 25 11:12:59.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
>Jan 25 11:12:59.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
>Jan 25 11:12:59.907 UTC: Vi1 LCP: MagicNumber 0x43712274
>(0x050643712274)
>Jan 25 11:13:01.907 UTC: Vi1 LCP: TIMEout: State REQsent
>Jan 25 11:13:01.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 57 len 18
>Jan 25 11:13:01.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
>Jan 25 11:13:01.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
>Jan 25 11:13:01.907 UTC: Vi1 LCP: MagicNumber 0x43712274
>(0x050643712274)
>Jan 25 11:13:03.907 UTC: Vi1 LCP: TIMEout: State REQsent
>Jan 25 11:13:03.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 58 len 18
>Jan 25 11:13:03.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
>Jan 25 11:13:03.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
>Jan 25 11:13:03.907 UTC: Vi1 LCP: MagicNumber 0x43712274
>(0x050643712274)
>Jan 25 11:13:05.907 UTC: Vi1 LCP: TIMEout: State REQsent
>Jan 25 11:13:05.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 59 len 18
>Jan 25 11:13:05.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
>Jan 25 11:13:05.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
>Jan 25 11:13:05.907 UTC: Vi1 LCP: MagicNumber 0x43712274
>(0x050643712274)
>Jan 25 11:13:07.907 UTC: Vi1 LCP: TIMEout: State REQsent
>Jan 25 11:13:07.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 60 len 18
>Jan 25 11:13:07.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
>Jan 25 11:13:07.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
>Jan 25 11:13:07.907 UTC: Vi1 LCP: MagicNumber 0x43712274
>(0x050643712274)
>Jan 25 11:13:09.907 UTC: Vi1 LCP: TIMEout: State REQsent
>Jan 25 11:13:09.907 UTC: Vi1 VPDN: Reset
>Jan 25 11:13:09.907 UTC: Vi1 VPDN: Reset
>Jan 25 11:13:09.907 UTC: Vi1 VPDN: Unbind interface
>Jan 25 11:13:09.907 UTC: Vi1 LCP: State is Listen
>
>
>Thanks in advance,
>Richardg;
>
>_______________________________________________
>cisco-nas mailing list
>cisco-nas@puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nas

_________________________________________________________________
Stay in touch with absent friends - get MSN Messenger
http://www.msn.co.uk/messenger
Re: VPDN PPTP [ In reply to ]
richardg at blue-stream
Jan 25, 2004, 5:25 AM
Post #3 of 11 (3092 views)
Permalink
Thank you, I'll make changes and let you know how I fared.

regards,
Richardg;
----- Original Message -----
From: "Mark John" <markjohn20@hotmail.com>
To: <richardg@blue-stream.net>
Cc: <cisco-nas@puck.nether.net>
Sent: Sunday, January 25, 2004 7:56 AM
Subject: RE: [cisco-nas] VPDN PPTP


> Few things to check:
>
> 1. You don't need the 'lcp renegotiation' command on the 5300- this is
only
> useful when using L2F and L2TP in compulsory tunnel mode. PPTP does
support
> compulsory tunnel mode, but not on Cisco boxes -on Cisco boxes only
> voluntary tunnel mode is supported (ie. a tunnel directly from the remote
> access client).
>
> 2. Try changing your authentication protocol - you are using PAP - I am
> guessing that the remote access XP client does not permit PAP. If the
remote
> access client is configured to encrypt PPTP traffic using MPPE then you'll
> also need to configure MPPE and MS-CHAP on the AS-5300.
>
> 3. Look for an access list blocking GRE. The control channel in PPTP uses
> TCP (port 1723) but the data channel uses (enhanced) GRE (IP prot 47). So,
> if TCP is permitted then the control channel comes up (and the virtual
> access i/f gets cloned), but the first data to cross the data channel is
the
> PPP neg sequence, and so symptoms that are shown in your debug can
sometimes
> result from an ACL blocking GRE. You can double check that GRE packets are
> being received from the remote access client using 'debug ip packet det
> <acl> BUT be very careful using this command.
>
> 4. Check the IOS version - I have comes across one or two that had
problems
> with PPTP :)
>
>
> Hope that helps,
>
> Mark
>
>
> >From: "Richard Greasley" <richardg@blue-stream.net>
> >To: <cisco-nas@puck.nether.net>
> >Subject: [cisco-nas] VPDN PPTP
> >Date: Sun, 25 Jan 2004 07:15:51 -0400
> >
> >Hello all,
> >hoping someone could help me understand why my pptp connection is failing
> >from a windows xp computer, to a cisco AS5300 (12.2(2)XA3).
> >Commands are as follows:
> >aaa authentication ppp default local
> >aaa authorization network default local
> >!
> >vpdn enable
> >!
> >vpdn-group pptptunnel
> >! Default PPTP VPDN group
> > description L2tp incoming
> > accept-dialin
> > protocol pptp
> > virtual-template 1
> > local name Office
> > lcp renegotiation always
> >!
> >interface Loopback2
> > description PPTP loopback
> > ip address 192.168.15.1 255.255.255.255
> >!
> >interface Virtual-Template1
> > mtu 1492
> > ip unnumbered Loopback2
> > load-interval 30
> > peer default ip address pool pppoE-pool
> > ppp authentication pap
> >!
> >ip local pool pppoE-pool 192.168.15.5 192.168.15.30
> >!
> >
> >Needles to say, it fails, I've some debugging on and this is what I was
> >able
> >to capture.
> >Is there a reason why it is timing out during the authentication phase?
> >
> >Jan 25 11:12:49.851 UTC: Vi1 VPDN: Virtual interface created
> >Jan 25 11:12:49.851 UTC: Vi1 VPDN: Clone from Vtemplate 1
> >Jan 25 11:12:49.903 UTC: Vi1 VPDN: Bind interface direction=2
> >Jan 25 11:12:49.907 UTC: %LINK-3-UPDOWN: Interface Virtual-Access1,
changed
> >stat
> >e to up
> >Jan 25 11:12:49.907 UTC: Vi1 PPP: Treating connection as a dedicated line
> >Jan 25 11:12:49.907 UTC: Vi1 PPP: Phase is ESTABLISHING, Active Open [0
> >sess, 0
> >load]
> >Jan 25 11:12:49.907 UTC: Vi1 LCP: O CONFREQ [Closed] id 51 len 18
> >Jan 25 11:12:49.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
> >Jan 25 11:12:49.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
> >Jan 25 11:12:49.907 UTC: Vi1 LCP: MagicNumber 0x43712274
> >(0x050643712274)
> >Jan 25 11:12:51.907 UTC: Vi1 LCP: TIMEout: State REQsent
> >Jan 25 11:12:51.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 52 len 18
> >Jan 25 11:12:51.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
> >Jan 25 11:12:51.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
> >Jan 25 11:12:51.907 UTC: Vi1 LCP: MagicNumber 0x43712274
> >(0x050643712274)
> >Jan 25 11:12:53.907 UTC: Vi1 LCP: TIMEout: State REQsent
> >Jan 25 11:12:53.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 53 len 18
> >Jan 25 11:12:53.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
> >Jan 25 11:12:53.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
> >Jan 25 11:12:53.907 UTC: Vi1 LCP: MagicNumber 0x43712274
> >(0x050643712274)
> >Jan 25 11:12:55.907 UTC: Vi1 LCP: TIMEout: State REQsent
> >Jan 25 11:12:55.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 54 len 18
> >Jan 25 11:12:55.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
> >Jan 25 11:12:55.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
> >Jan 25 11:12:55.907 UTC: Vi1 LCP: MagicNumber 0x43712274
> >(0x050643712274)
> >Jan 25 11:12:57.907 UTC: Vi1 LCP: TIMEout: State REQsent
> >Jan 25 11:12:57.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 55 len 18
> >Jan 25 11:12:57.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
> >Jan 25 11:12:57.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
> >Jan 25 11:12:57.907 UTC: Vi1 LCP: MagicNumber 0x43712274
> >(0x050643712274)
> >Jan 25 11:12:59.907 UTC: Vi1 LCP: TIMEout: State REQsent
> >Jan 25 11:12:59.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 56 len 18
> >Jan 25 11:12:59.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
> >Jan 25 11:12:59.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
> >Jan 25 11:12:59.907 UTC: Vi1 LCP: MagicNumber 0x43712274
> >(0x050643712274)
> >Jan 25 11:13:01.907 UTC: Vi1 LCP: TIMEout: State REQsent
> >Jan 25 11:13:01.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 57 len 18
> >Jan 25 11:13:01.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
> >Jan 25 11:13:01.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
> >Jan 25 11:13:01.907 UTC: Vi1 LCP: MagicNumber 0x43712274
> >(0x050643712274)
> >Jan 25 11:13:03.907 UTC: Vi1 LCP: TIMEout: State REQsent
> >Jan 25 11:13:03.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 58 len 18
> >Jan 25 11:13:03.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
> >Jan 25 11:13:03.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
> >Jan 25 11:13:03.907 UTC: Vi1 LCP: MagicNumber 0x43712274
> >(0x050643712274)
> >Jan 25 11:13:05.907 UTC: Vi1 LCP: TIMEout: State REQsent
> >Jan 25 11:13:05.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 59 len 18
> >Jan 25 11:13:05.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
> >Jan 25 11:13:05.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
> >Jan 25 11:13:05.907 UTC: Vi1 LCP: MagicNumber 0x43712274
> >(0x050643712274)
> >Jan 25 11:13:07.907 UTC: Vi1 LCP: TIMEout: State REQsent
> >Jan 25 11:13:07.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 60 len 18
> >Jan 25 11:13:07.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
> >Jan 25 11:13:07.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
> >Jan 25 11:13:07.907 UTC: Vi1 LCP: MagicNumber 0x43712274
> >(0x050643712274)
> >Jan 25 11:13:09.907 UTC: Vi1 LCP: TIMEout: State REQsent
> >Jan 25 11:13:09.907 UTC: Vi1 VPDN: Reset
> >Jan 25 11:13:09.907 UTC: Vi1 VPDN: Reset
> >Jan 25 11:13:09.907 UTC: Vi1 VPDN: Unbind interface
> >Jan 25 11:13:09.907 UTC: Vi1 LCP: State is Listen
> >
> >
> >Thanks in advance,
> >Richardg;
> >
> >_______________________________________________
> >cisco-nas mailing list
> >cisco-nas@puck.nether.net
> >https://puck.nether.net/mailman/listinfo/cisco-nas
>
> _________________________________________________________________
> Stay in touch with absent friends - get MSN Messenger
> http://www.msn.co.uk/messenger
>
>
Re: VPDN PPTP [ In reply to ]
richardg at blue-stream
Jan 25, 2004, 6:24 AM
Post #4 of 11 (3094 views)
Permalink
Using CHAP,
Similar errors, except CHAP is now there were PAP was.
I'm not using any encryption at the moment, what I'm firstly working on is
creating an authenticated tunnel.
There aren't any ACLs which would prohibit this traffic from passing
through the network.
One thing I would also like to add, the XP client is behind a NAT, no ACL to
block this type of traffic.
I did a show vpdn while I was attempting the connection, and this is what I
was seeing.

as5300-5#show vpdn

%No active L2TP tunnels

%No active L2F tunnels

PPTP Tunnel and Session Information Total tunnels 1 sessions 1

LocID Remote Name State Remote Address Port Sessions
23 estabd 216.110.114.102 3554 1

LocID RemID TunID Intf Username State Last Chg
23 32768 23 Vi1 estabd 00:00:12

regards,
Richardg
----- Original Message -----
From: "Richard Greasley" <richardg@blue-stream.net>
To: "Mark John" <markjohn20@hotmail.com>
Cc: <cisco-nas@puck.nether.net>
Sent: Sunday, January 25, 2004 8:25 AM
Subject: Re: [cisco-nas] VPDN PPTP


> Thank you, I'll make changes and let you know how I fared.
>
> regards,
> Richardg;
> ----- Original Message -----
> From: "Mark John" <markjohn20@hotmail.com>
> To: <richardg@blue-stream.net>
> Cc: <cisco-nas@puck.nether.net>
> Sent: Sunday, January 25, 2004 7:56 AM
> Subject: RE: [cisco-nas] VPDN PPTP
>
>
> > Few things to check:
> >
> > 1. You don't need the 'lcp renegotiation' command on the 5300- this is
> only
> > useful when using L2F and L2TP in compulsory tunnel mode. PPTP does
> support
> > compulsory tunnel mode, but not on Cisco boxes -on Cisco boxes only
> > voluntary tunnel mode is supported (ie. a tunnel directly from the
remote
> > access client).
> >
> > 2. Try changing your authentication protocol - you are using PAP - I am
> > guessing that the remote access XP client does not permit PAP. If the
> remote
> > access client is configured to encrypt PPTP traffic using MPPE then
you'll
> > also need to configure MPPE and MS-CHAP on the AS-5300.
> >
> > 3. Look for an access list blocking GRE. The control channel in PPTP
uses
> > TCP (port 1723) but the data channel uses (enhanced) GRE (IP prot 47).
So,
> > if TCP is permitted then the control channel comes up (and the virtual
> > access i/f gets cloned), but the first data to cross the data channel is
> the
> > PPP neg sequence, and so symptoms that are shown in your debug can
> sometimes
> > result from an ACL blocking GRE. You can double check that GRE packets
are
> > being received from the remote access client using 'debug ip packet det
> > <acl> BUT be very careful using this command.
> >
> > 4. Check the IOS version - I have comes across one or two that had
> problems
> > with PPTP :)
> >
> >
> > Hope that helps,
> >
> > Mark
> >
> >
> > >From: "Richard Greasley" <richardg@blue-stream.net>
> > >To: <cisco-nas@puck.nether.net>
> > >Subject: [cisco-nas] VPDN PPTP
> > >Date: Sun, 25 Jan 2004 07:15:51 -0400
> > >
> > >Hello all,
> > >hoping someone could help me understand why my pptp connection is
failing
> > >from a windows xp computer, to a cisco AS5300 (12.2(2)XA3).
> > >Commands are as follows:
> > >aaa authentication ppp default local
> > >aaa authorization network default local
> > >!
> > >vpdn enable
> > >!
> > >vpdn-group pptptunnel
> > >! Default PPTP VPDN group
> > > description L2tp incoming
> > > accept-dialin
> > > protocol pptp
> > > virtual-template 1
> > > local name Office
> > > lcp renegotiation always
> > >!
> > >interface Loopback2
> > > description PPTP loopback
> > > ip address 192.168.15.1 255.255.255.255
> > >!
> > >interface Virtual-Template1
> > > mtu 1492
> > > ip unnumbered Loopback2
> > > load-interval 30
> > > peer default ip address pool pppoE-pool
> > > ppp authentication pap
> > >!
> > >ip local pool pppoE-pool 192.168.15.5 192.168.15.30
> > >!
> > >
> > >Needles to say, it fails, I've some debugging on and this is what I was
> > >able
> > >to capture.
> > >Is there a reason why it is timing out during the authentication phase?
> > >
> > >Jan 25 11:12:49.851 UTC: Vi1 VPDN: Virtual interface created
> > >Jan 25 11:12:49.851 UTC: Vi1 VPDN: Clone from Vtemplate 1
> > >Jan 25 11:12:49.903 UTC: Vi1 VPDN: Bind interface direction=2
> > >Jan 25 11:12:49.907 UTC: %LINK-3-UPDOWN: Interface Virtual-Access1,
> changed
> > >stat
> > >e to up
> > >Jan 25 11:12:49.907 UTC: Vi1 PPP: Treating connection as a dedicated
line
> > >Jan 25 11:12:49.907 UTC: Vi1 PPP: Phase is ESTABLISHING, Active Open [0
> > >sess, 0
> > >load]
> > >Jan 25 11:12:49.907 UTC: Vi1 LCP: O CONFREQ [Closed] id 51 len 18
> > >Jan 25 11:12:49.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
> > >Jan 25 11:12:49.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
> > >Jan 25 11:12:49.907 UTC: Vi1 LCP: MagicNumber 0x43712274
> > >(0x050643712274)
> > >Jan 25 11:12:51.907 UTC: Vi1 LCP: TIMEout: State REQsent
> > >Jan 25 11:12:51.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 52 len 18
> > >Jan 25 11:12:51.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
> > >Jan 25 11:12:51.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
> > >Jan 25 11:12:51.907 UTC: Vi1 LCP: MagicNumber 0x43712274
> > >(0x050643712274)
> > >Jan 25 11:12:53.907 UTC: Vi1 LCP: TIMEout: State REQsent
> > >Jan 25 11:12:53.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 53 len 18
> > >Jan 25 11:12:53.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
> > >Jan 25 11:12:53.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
> > >Jan 25 11:12:53.907 UTC: Vi1 LCP: MagicNumber 0x43712274
> > >(0x050643712274)
> > >Jan 25 11:12:55.907 UTC: Vi1 LCP: TIMEout: State REQsent
> > >Jan 25 11:12:55.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 54 len 18
> > >Jan 25 11:12:55.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
> > >Jan 25 11:12:55.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
> > >Jan 25 11:12:55.907 UTC: Vi1 LCP: MagicNumber 0x43712274
> > >(0x050643712274)
> > >Jan 25 11:12:57.907 UTC: Vi1 LCP: TIMEout: State REQsent
> > >Jan 25 11:12:57.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 55 len 18
> > >Jan 25 11:12:57.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
> > >Jan 25 11:12:57.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
> > >Jan 25 11:12:57.907 UTC: Vi1 LCP: MagicNumber 0x43712274
> > >(0x050643712274)
> > >Jan 25 11:12:59.907 UTC: Vi1 LCP: TIMEout: State REQsent
> > >Jan 25 11:12:59.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 56 len 18
> > >Jan 25 11:12:59.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
> > >Jan 25 11:12:59.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
> > >Jan 25 11:12:59.907 UTC: Vi1 LCP: MagicNumber 0x43712274
> > >(0x050643712274)
> > >Jan 25 11:13:01.907 UTC: Vi1 LCP: TIMEout: State REQsent
> > >Jan 25 11:13:01.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 57 len 18
> > >Jan 25 11:13:01.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
> > >Jan 25 11:13:01.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
> > >Jan 25 11:13:01.907 UTC: Vi1 LCP: MagicNumber 0x43712274
> > >(0x050643712274)
> > >Jan 25 11:13:03.907 UTC: Vi1 LCP: TIMEout: State REQsent
> > >Jan 25 11:13:03.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 58 len 18
> > >Jan 25 11:13:03.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
> > >Jan 25 11:13:03.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
> > >Jan 25 11:13:03.907 UTC: Vi1 LCP: MagicNumber 0x43712274
> > >(0x050643712274)
> > >Jan 25 11:13:05.907 UTC: Vi1 LCP: TIMEout: State REQsent
> > >Jan 25 11:13:05.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 59 len 18
> > >Jan 25 11:13:05.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
> > >Jan 25 11:13:05.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
> > >Jan 25 11:13:05.907 UTC: Vi1 LCP: MagicNumber 0x43712274
> > >(0x050643712274)
> > >Jan 25 11:13:07.907 UTC: Vi1 LCP: TIMEout: State REQsent
> > >Jan 25 11:13:07.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 60 len 18
> > >Jan 25 11:13:07.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
> > >Jan 25 11:13:07.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
> > >Jan 25 11:13:07.907 UTC: Vi1 LCP: MagicNumber 0x43712274
> > >(0x050643712274)
> > >Jan 25 11:13:09.907 UTC: Vi1 LCP: TIMEout: State REQsent
> > >Jan 25 11:13:09.907 UTC: Vi1 VPDN: Reset
> > >Jan 25 11:13:09.907 UTC: Vi1 VPDN: Reset
> > >Jan 25 11:13:09.907 UTC: Vi1 VPDN: Unbind interface
> > >Jan 25 11:13:09.907 UTC: Vi1 LCP: State is Listen
> > >
> > >
> > >Thanks in advance,
> > >Richardg;
> > >
> > >_______________________________________________
> > >cisco-nas mailing list
> > >cisco-nas@puck.nether.net
> > >https://puck.nether.net/mailman/listinfo/cisco-nas
> >
> > _________________________________________________________________
> > Stay in touch with absent friends - get MSN Messenger
> > http://www.msn.co.uk/messenger
> >
> >
>
> _______________________________________________
> cisco-nas mailing list
> cisco-nas@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas
>
Re: VPDN PPTP [ In reply to ]
wdehouwer at be
Jan 25, 2004, 7:59 AM
Post #5 of 11 (3103 views)
Permalink
Hey All,

As you might or might not know, GRE or pptp in that matter is not supported by all nat implementations.

Because GRE connects back to the initiator, it's considered a security hazard.

I know that Cisco implemented a special nat function in IOS (on PIX this function is NOT supported) which allows for doing a pptp tunnel trough nat.

I suggest you try to look at the nat part of this setup ... One thing you can do is to forward all ports (as the data part of this connection uses dynamic ports) to the internal host that's trying to initiate the tunnel.

Hope this helps,

Cheers,

Wim

> Using CHAP,
> Similar errors, except CHAP is now there were PAP was.
> I'm not using any encryption at the moment, what I'm firstly working on is
> creating an authenticated tunnel.
> There aren't any ACLs which would prohibit this traffic from passing
> through the network.
> One thing I would also like to add, the XP client is behind a NAT, no ACL
> to
> block this type of traffic.
> I did a show vpdn while I was attempting the connection, and this is what
> I
> was seeing.

> as5300-5#show vpdn

> %No active L2TP tunnels

> %No active L2F tunnels

> PPTP Tunnel and Session Information Total tunnels 1 sessions 1

> LocID Remote Name State Remote Address Port Sessions
> 23 estabd 216.110.114.102 3554 1

> LocID RemID TunID Intf Username State Last Chg
> 23 32768 23 Vi1 estabd 00:00:12

> regards,
> Richardg
> ----- Original Message -----
> From: "Richard Greasley" <richardg@blue-stream.net>
> To: "Mark John" <markjohn20@hotmail.com>
> Cc: <cisco-nas@puck.nether.net>
> Sent: Sunday, January 25, 2004 8:25 AM
> Subject: Re: [cisco-nas] VPDN PPTP


>> Thank you, I'll make changes and let you know how I fared.
>>
>> regards,
>> Richardg;
>> ----- Original Message -----
>> From: "Mark John" <markjohn20@hotmail.com>
>> To: <richardg@blue-stream.net>
>> Cc: <cisco-nas@puck.nether.net>
>> Sent: Sunday, January 25, 2004 7:56 AM
>> Subject: RE: [cisco-nas] VPDN PPTP
>>
>>
>> > Few things to check:
>> >
>> > 1. You don't need the 'lcp renegotiation' command on the 5300- this is
>> only
>> > useful when using L2F and L2TP in compulsory tunnel mode. PPTP does
>> support
>> > compulsory tunnel mode, but not on Cisco boxes -on Cisco boxes only
>> > voluntary tunnel mode is supported (ie. a tunnel directly from the
> remote
>> > access client).
>> >
>> > 2. Try changing your authentication protocol - you are using PAP - I am
>> > guessing that the remote access XP client does not permit PAP. If the
>> remote
>> > access client is configured to encrypt PPTP traffic using MPPE then
> you'll
>> > also need to configure MPPE and MS-CHAP on the AS-5300.
>> >
>> > 3. Look for an access list blocking GRE. The control channel in PPTP
> uses
>> > TCP (port 1723) but the data channel uses (enhanced) GRE (IP prot 47).
> So,
>> > if TCP is permitted then the control channel comes up (and the virtual
>> > access i/f gets cloned), but the first data to cross the data channel
>> > is
>> the
>> > PPP neg sequence, and so symptoms that are shown in your debug can
>> sometimes
>> > result from an ACL blocking GRE. You can double check that GRE packets
> are
>> > being received from the remote access client using 'debug ip packet det
>> > <acl> BUT be very careful using this command.
>> >
>> > 4. Check the IOS version - I have comes across one or two that had
>> problems
>> > with PPTP :)
>> >
>> >
>> > Hope that helps,
>> >
>> > Mark
>> >
>> >
>> > >From: "Richard Greasley" <richardg@blue-stream.net>
>> > >To: <cisco-nas@puck.nether.net>
>> > >Subject: [cisco-nas] VPDN PPTP
>> > >Date: Sun, 25 Jan 2004 07:15:51 -0400
>> > >
>> > >Hello all,
>> > >hoping someone could help me understand why my pptp connection is
> failing
>> > >from a windows xp computer, to a cisco AS5300 (12.2(2)XA3).
>> > >Commands are as follows:
>> > >aaa authentication ppp default local
>> > >aaa authorization network default local
>> > >!
>> > >vpdn enable
>> > >!
>> > >vpdn-group pptptunnel
>> > >! Default PPTP VPDN group
>> > > description L2tp incoming
>> > > accept-dialin
>> > > protocol pptp
>> > > virtual-template 1
>> > > local name Office
>> > > lcp renegotiation always
>> > >!
>> > >interface Loopback2
>> > > description PPTP loopback
>> > > ip address 192.168.15.1 255.255.255.255
>> > >!
>> > >interface Virtual-Template1
>> > > mtu 1492
>> > > ip unnumbered Loopback2
>> > > load-interval 30
>> > > peer default ip address pool pppoE-pool
>> > > ppp authentication pap
>> > >!
>> > >ip local pool pppoE-pool 192.168.15.5 192.168.15.30
>> > >!
>> > >
>> > >Needles to say, it fails, I've some debugging on and this is what I
>> > >was
>> > >able
>> > >to capture.
>> > >Is there a reason why it is timing out during the authentication
>> > >phase?
>> > >
>> > >Jan 25 11:12:49.851 UTC: Vi1 VPDN: Virtual interface created
>> > >Jan 25 11:12:49.851 UTC: Vi1 VPDN: Clone from Vtemplate 1
>> > >Jan 25 11:12:49.903 UTC: Vi1 VPDN: Bind interface direction=2
>> > >Jan 25 11:12:49.907 UTC: %LINK-3-UPDOWN: Interface Virtual-Access1,
>> changed
>> > >stat
>> > >e to up
>> > >Jan 25 11:12:49.907 UTC: Vi1 PPP: Treating connection as a dedicated
> line
>> > >Jan 25 11:12:49.907 UTC: Vi1 PPP: Phase is ESTABLISHING, Active Open
>> > >[0
>> > >sess, 0
>> > >load]
>> > >Jan 25 11:12:49.907 UTC: Vi1 LCP: O CONFREQ [Closed] id 51 len 18
>> > >Jan 25 11:12:49.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
>> > >Jan 25 11:12:49.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
>> > >Jan 25 11:12:49.907 UTC: Vi1 LCP: MagicNumber 0x43712274
>> > >(0x050643712274)
>> > >Jan 25 11:12:51.907 UTC: Vi1 LCP: TIMEout: State REQsent
>> > >Jan 25 11:12:51.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 52 len 18
>> > >Jan 25 11:12:51.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
>> > >Jan 25 11:12:51.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
>> > >Jan 25 11:12:51.907 UTC: Vi1 LCP: MagicNumber 0x43712274
>> > >(0x050643712274)
>> > >Jan 25 11:12:53.907 UTC: Vi1 LCP: TIMEout: State REQsent
>> > >Jan 25 11:12:53.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 53 len 18
>> > >Jan 25 11:12:53.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
>> > >Jan 25 11:12:53.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
>> > >Jan 25 11:12:53.907 UTC: Vi1 LCP: MagicNumber 0x43712274
>> > >(0x050643712274)
>> > >Jan 25 11:12:55.907 UTC: Vi1 LCP: TIMEout: State REQsent
>> > >Jan 25 11:12:55.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 54 len 18
>> > >Jan 25 11:12:55.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
>> > >Jan 25 11:12:55.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
>> > >Jan 25 11:12:55.907 UTC: Vi1 LCP: MagicNumber 0x43712274
>> > >(0x050643712274)
>> > >Jan 25 11:12:57.907 UTC: Vi1 LCP: TIMEout: State REQsent
>> > >Jan 25 11:12:57.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 55 len 18
>> > >Jan 25 11:12:57.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
>> > >Jan 25 11:12:57.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
>> > >Jan 25 11:12:57.907 UTC: Vi1 LCP: MagicNumber 0x43712274
>> > >(0x050643712274)
>> > >Jan 25 11:12:59.907 UTC: Vi1 LCP: TIMEout: State REQsent
>> > >Jan 25 11:12:59.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 56 len 18
>> > >Jan 25 11:12:59.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
>> > >Jan 25 11:12:59.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
>> > >Jan 25 11:12:59.907 UTC: Vi1 LCP: MagicNumber 0x43712274
>> > >(0x050643712274)
>> > >Jan 25 11:13:01.907 UTC: Vi1 LCP: TIMEout: State REQsent
>> > >Jan 25 11:13:01.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 57 len 18
>> > >Jan 25 11:13:01.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
>> > >Jan 25 11:13:01.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
>> > >Jan 25 11:13:01.907 UTC: Vi1 LCP: MagicNumber 0x43712274
>> > >(0x050643712274)
>> > >Jan 25 11:13:03.907 UTC: Vi1 LCP: TIMEout: State REQsent
>> > >Jan 25 11:13:03.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 58 len 18
>> > >Jan 25 11:13:03.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
>> > >Jan 25 11:13:03.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
>> > >Jan 25 11:13:03.907 UTC: Vi1 LCP: MagicNumber 0x43712274
>> > >(0x050643712274)
>> > >Jan 25 11:13:05.907 UTC: Vi1 LCP: TIMEout: State REQsent
>> > >Jan 25 11:13:05.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 59 len 18
>> > >Jan 25 11:13:05.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
>> > >Jan 25 11:13:05.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
>> > >Jan 25 11:13:05.907 UTC: Vi1 LCP: MagicNumber 0x43712274
>> > >(0x050643712274)
>> > >Jan 25 11:13:07.907 UTC: Vi1 LCP: TIMEout: State REQsent
>> > >Jan 25 11:13:07.907 UTC: Vi1 LCP: O CONFREQ [REQsent] id 60 len 18
>> > >Jan 25 11:13:07.907 UTC: Vi1 LCP: MRU 1492 (0x010405D4)
>> > >Jan 25 11:13:07.907 UTC: Vi1 LCP: AuthProto PAP (0x0304C023)
>> > >Jan 25 11:13:07.907 UTC: Vi1 LCP: MagicNumber 0x43712274
>> > >(0x050643712274)
>> > >Jan 25 11:13:09.907 UTC: Vi1 LCP: TIMEout: State REQsent
>> > >Jan 25 11:13:09.907 UTC: Vi1 VPDN: Reset
>> > >Jan 25 11:13:09.907 UTC: Vi1 VPDN: Reset
>> > >Jan 25 11:13:09.907 UTC: Vi1 VPDN: Unbind interface
>> > >Jan 25 11:13:09.907 UTC: Vi1 LCP: State is Listen
>> > >
>> > >
>> > >Thanks in advance,
>> > >Richardg;
>> > >
>> > >_______________________________________________
>> > >cisco-nas mailing list
>> > >cisco-nas@puck.nether.net
>> > >https://puck.nether.net/mailman/listinfo/cisco-nas
>> >
>> > _________________________________________________________________
>> > Stay in touch with absent friends - get MSN Messenger
>> > http://www.msn.co.uk/messenger
>> >
>> >
>>
>> _______________________________________________
>> cisco-nas mailing list
>> cisco-nas@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nas
>>

> _______________________________________________
> cisco-nas mailing list
> cisco-nas@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas
Re: VPDN PPTP [ In reply to ]
gert at greenie
Jan 25, 2004, 8:52 AM
Post #6 of 11 (3107 views)
Permalink
Hi,

On Sun, Jan 25, 2004 at 03:59:21PM +0100, Wim De Houwer wrote:
> I know that Cisco implemented a special nat function in IOS (on PIX this function is NOT supported) which allows for doing a pptp tunnel trough nat.

IOS NAT supports pptp, but it's a fairly recent addition.

I'm not sure whether it was added in 12.1T or 12.2T, but somewhere along
that line (searching on CCO for "PPTP NAT" should find it).

gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert@greenie.muc.de
fax: +49-89-35655025 gert@net.informatik.tu-muenchen.de
Re: VPDN PPTP [ In reply to ]
markjohn20 at hotmail
Jan 25, 2004, 9:03 AM
Post #7 of 11 (3108 views)
Permalink
It was 12.1(4)T. More info:

http://www.cisco.com/en/US/partner/tech/tk827/tk369/technologies_configuration_example09186a00800949c0.shtml

Mark


>From: Gert Doering <gert@greenie.muc.de>
>To: Wim De Houwer <wdehouwer@be.tiscali.com>
>CC: cisco-nas@puck.nether.net
>Subject: Re: [cisco-nas] VPDN PPTP
>Date: Sun, 25 Jan 2004 16:52:10 +0100
>
>Hi,
>
>On Sun, Jan 25, 2004 at 03:59:21PM +0100, Wim De Houwer wrote:
> > I know that Cisco implemented a special nat function in IOS (on PIX this
>function is NOT supported) which allows for doing a pptp tunnel trough nat.
>
>IOS NAT supports pptp, but it's a fairly recent addition.
>
>I'm not sure whether it was added in 12.1T or 12.2T, but somewhere along
>that line (searching on CCO for "PPTP NAT" should find it).
>
>gert
>--
>USENET is *not* the non-clickable part of WWW!
>
>//www.muc.de/~gert/
>Gert Doering - Munich, Germany
>gert@greenie.muc.de
>fax: +49-89-35655025
>gert@net.informatik.tu-muenchen.de
>_______________________________________________
>cisco-nas mailing list
>cisco-nas@puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nas

_________________________________________________________________
It's fast, it's easy and it's free. Get MSN Messenger today!
http://www.msn.co.uk/messenger
Re: VPDN PPTP [ In reply to ]
richardg at blue-stream
Jan 25, 2004, 3:13 PM
Post #8 of 11 (3087 views)
Permalink
Ok, can someone please direct me on something I want to do then...
The machine that does the Natting is a cisco 2611 with an adsl card.
Is it possible that I can create a dialer interface on this to create the
pptp tunnel?

regards,
Richardg;
----- Original Message -----
From: "Mark John" <markjohn20@hotmail.com>
To: <gert@greenie.muc.de>
Cc: <cisco-nas@puck.nether.net>
Sent: Sunday, January 25, 2004 12:03 PM
Subject: Re: [cisco-nas] VPDN PPTP


> It was 12.1(4)T. More info:
>
>
http://www.cisco.com/en/US/partner/tech/tk827/tk369/technologies_configuration_example09186a00800949c0.shtml
>
> Mark
>
>
> >From: Gert Doering <gert@greenie.muc.de>
> >To: Wim De Houwer <wdehouwer@be.tiscali.com>
> >CC: cisco-nas@puck.nether.net
> >Subject: Re: [cisco-nas] VPDN PPTP
> >Date: Sun, 25 Jan 2004 16:52:10 +0100
> >
> >Hi,
> >
> >On Sun, Jan 25, 2004 at 03:59:21PM +0100, Wim De Houwer wrote:
> > > I know that Cisco implemented a special nat function in IOS (on PIX
this
> >function is NOT supported) which allows for doing a pptp tunnel trough
nat.
> >
> >IOS NAT supports pptp, but it's a fairly recent addition.
> >
> >I'm not sure whether it was added in 12.1T or 12.2T, but somewhere along
> >that line (searching on CCO for "PPTP NAT" should find it).
> >
> >gert
> >--
> >USENET is *not* the non-clickable part of WWW!
> >
> >//www.muc.de/~gert/
> >Gert Doering - Munich, Germany
> >gert@greenie.muc.de
> >fax: +49-89-35655025
> >gert@net.informatik.tu-muenchen.de
> >_______________________________________________
> >cisco-nas mailing list
> >cisco-nas@puck.nether.net
> >https://puck.nether.net/mailman/listinfo/cisco-nas
>
> _________________________________________________________________
> It's fast, it's easy and it's free. Get MSN Messenger today!
> http://www.msn.co.uk/messenger
>
> _______________________________________________
> cisco-nas mailing list
> cisco-nas@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas
>
Re: VPDN PPTP [ In reply to ]
dpeng at cisco
Jan 26, 2004, 10:51 AM
Post #9 of 11 (3097 views)
Permalink
Richard Greasley [richardg@blue-stream.net] wrote:
> Ok, can someone please direct me on something I want to do then...
> The machine that does the Natting is a cisco 2611 with an adsl card.
> Is it possible that I can create a dialer interface on this to create the
> pptp tunnel?

No. What version is the 2611 running? Do you have the NAT support for
PPTP feature that Mark mentions below?

Dennis

> regards,
> Richardg;
> ----- Original Message -----
> From: "Mark John" <markjohn20@hotmail.com>
> To: <gert@greenie.muc.de>
> Cc: <cisco-nas@puck.nether.net>
> Sent: Sunday, January 25, 2004 12:03 PM
> Subject: Re: [cisco-nas] VPDN PPTP
>
>
> > It was 12.1(4)T. More info:
> >
> >
> http://www.cisco.com/en/US/partner/tech/tk827/tk369/technologies_configuration_example09186a00800949c0.shtml
> >
> > Mark
> >
> >
> > >From: Gert Doering <gert@greenie.muc.de>
> > >To: Wim De Houwer <wdehouwer@be.tiscali.com>
> > >CC: cisco-nas@puck.nether.net
> > >Subject: Re: [cisco-nas] VPDN PPTP
> > >Date: Sun, 25 Jan 2004 16:52:10 +0100
> > >
> > >Hi,
> > >
> > >On Sun, Jan 25, 2004 at 03:59:21PM +0100, Wim De Houwer wrote:
> > > > I know that Cisco implemented a special nat function in IOS (on PIX
> this
> > >function is NOT supported) which allows for doing a pptp tunnel trough
> nat.
> > >
> > >IOS NAT supports pptp, but it's a fairly recent addition.
> > >
> > >I'm not sure whether it was added in 12.1T or 12.2T, but somewhere along
> > >that line (searching on CCO for "PPTP NAT" should find it).
> > >
> > >gert
> > >--
> > >USENET is *not* the non-clickable part of WWW!
> > >
> > >//www.muc.de/~gert/
> > >Gert Doering - Munich, Germany
> > >gert@greenie.muc.de
> > >fax: +49-89-35655025
> > >gert@net.informatik.tu-muenchen.de
> > >_______________________________________________
> > >cisco-nas mailing list
> > >cisco-nas@puck.nether.net
> > >https://puck.nether.net/mailman/listinfo/cisco-nas
> >
> > _________________________________________________________________
> > It's fast, it's easy and it's free. Get MSN Messenger today!
> > http://www.msn.co.uk/messenger
> >
> > _______________________________________________
> > cisco-nas mailing list
> > cisco-nas@puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nas
> >
>
> _______________________________________________
> cisco-nas mailing list
> cisco-nas@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas
Re: VPDN PPTP [ In reply to ]
richardg at blue-stream
Jan 26, 2004, 6:25 PM
Post #10 of 11 (3101 views)
Permalink
(IK9O3S3-M) Version 12.3(5)
I've tried logging on to the page with my SMARTNet username and pass, but I
got authorisation failed.
Should that be?

Regards,
Richardg;
----- Original Message -----
From: "Dennis Peng" <dpeng@cisco.com>
To: "Richard Greasley" <richardg@blue-stream.net>
Cc: "Mark John" <markjohn20@hotmail.com>; <gert@greenie.muc.de>;
<cisco-nas@puck.nether.net>
Sent: Monday, January 26, 2004 1:51 PM
Subject: Re: [cisco-nas] VPDN PPTP


> Richard Greasley [richardg@blue-stream.net] wrote:
> > Ok, can someone please direct me on something I want to do then...
> > The machine that does the Natting is a cisco 2611 with an adsl card.
> > Is it possible that I can create a dialer interface on this to create
the
> > pptp tunnel?
>
> No. What version is the 2611 running? Do you have the NAT support for
> PPTP feature that Mark mentions below?
>
> Dennis
>
> > regards,
> > Richardg;
> > ----- Original Message -----
> > From: "Mark John" <markjohn20@hotmail.com>
> > To: <gert@greenie.muc.de>
> > Cc: <cisco-nas@puck.nether.net>
> > Sent: Sunday, January 25, 2004 12:03 PM
> > Subject: Re: [cisco-nas] VPDN PPTP
> >
> >
> > > It was 12.1(4)T. More info:
> > >
> > >
> >
http://www.cisco.com/en/US/partner/tech/tk827/tk369/technologies_configuration_example09186a00800949c0.shtml
> > >
> > > Mark
> > >
> > >
> > > >From: Gert Doering <gert@greenie.muc.de>
> > > >To: Wim De Houwer <wdehouwer@be.tiscali.com>
> > > >CC: cisco-nas@puck.nether.net
> > > >Subject: Re: [cisco-nas] VPDN PPTP
> > > >Date: Sun, 25 Jan 2004 16:52:10 +0100
> > > >
> > > >Hi,
> > > >
> > > >On Sun, Jan 25, 2004 at 03:59:21PM +0100, Wim De Houwer wrote:
> > > > > I know that Cisco implemented a special nat function in IOS (on
PIX
> > this
> > > >function is NOT supported) which allows for doing a pptp tunnel
trough
> > nat.
> > > >
> > > >IOS NAT supports pptp, but it's a fairly recent addition.
> > > >
> > > >I'm not sure whether it was added in 12.1T or 12.2T, but somewhere
along
> > > >that line (searching on CCO for "PPTP NAT" should find it).
> > > >
> > > >gert
> > > >--
> > > >USENET is *not* the non-clickable part of WWW!
> > > >
> > > >//www.muc.de/~gert/
> > > >Gert Doering - Munich, Germany
> > > >gert@greenie.muc.de
> > > >fax: +49-89-35655025
> > > >gert@net.informatik.tu-muenchen.de
> > > >_______________________________________________
> > > >cisco-nas mailing list
> > > >cisco-nas@puck.nether.net
> > > >https://puck.nether.net/mailman/listinfo/cisco-nas
> > >
> > > _________________________________________________________________
> > > It's fast, it's easy and it's free. Get MSN Messenger today!
> > > http://www.msn.co.uk/messenger
> > >
> > > _______________________________________________
> > > cisco-nas mailing list
> > > cisco-nas@puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-nas
> > >
> >
> > _______________________________________________
> > cisco-nas mailing list
> > cisco-nas@puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nas
>
Re: VPDN PPTP [ In reply to ]
dpeng at cisco
Jan 27, 2004, 12:32 PM
Post #11 of 11 (3102 views)
Permalink
You should be able to see that page. Open up a case with the CCO folks
to get them to fix your permissions. I'll send you the PDF under
separate cover.

Dennis

Richard Greasley [richardg@blue-stream.net] wrote:
> (IK9O3S3-M) Version 12.3(5)
> I've tried logging on to the page with my SMARTNet username and pass, but I
> got authorisation failed.
> Should that be?
>
> Regards,
> Richardg;
> ----- Original Message -----
> From: "Dennis Peng" <dpeng@cisco.com>
> To: "Richard Greasley" <richardg@blue-stream.net>
> Cc: "Mark John" <markjohn20@hotmail.com>; <gert@greenie.muc.de>;
> <cisco-nas@puck.nether.net>
> Sent: Monday, January 26, 2004 1:51 PM
> Subject: Re: [cisco-nas] VPDN PPTP
>
>
> > Richard Greasley [richardg@blue-stream.net] wrote:
> > > Ok, can someone please direct me on something I want to do then...
> > > The machine that does the Natting is a cisco 2611 with an adsl card.
> > > Is it possible that I can create a dialer interface on this to create
> the
> > > pptp tunnel?
> >
> > No. What version is the 2611 running? Do you have the NAT support for
> > PPTP feature that Mark mentions below?
> >
> > Dennis
> >
> > > regards,
> > > Richardg;
> > > ----- Original Message -----
> > > From: "Mark John" <markjohn20@hotmail.com>
> > > To: <gert@greenie.muc.de>
> > > Cc: <cisco-nas@puck.nether.net>
> > > Sent: Sunday, January 25, 2004 12:03 PM
> > > Subject: Re: [cisco-nas] VPDN PPTP
> > >
> > >
> > > > It was 12.1(4)T. More info:
> > > >
> > > >
> > >
> http://www.cisco.com/en/US/partner/tech/tk827/tk369/technologies_configuration_example09186a00800949c0.shtml
> > > >
> > > > Mark
> > > >
> > > >
> > > > >From: Gert Doering <gert@greenie.muc.de>
> > > > >To: Wim De Houwer <wdehouwer@be.tiscali.com>
> > > > >CC: cisco-nas@puck.nether.net
> > > > >Subject: Re: [cisco-nas] VPDN PPTP
> > > > >Date: Sun, 25 Jan 2004 16:52:10 +0100
> > > > >
> > > > >Hi,
> > > > >
> > > > >On Sun, Jan 25, 2004 at 03:59:21PM +0100, Wim De Houwer wrote:
> > > > > > I know that Cisco implemented a special nat function in IOS (on
> PIX
> > > this
> > > > >function is NOT supported) which allows for doing a pptp tunnel
> trough
> > > nat.
> > > > >
> > > > >IOS NAT supports pptp, but it's a fairly recent addition.
> > > > >
> > > > >I'm not sure whether it was added in 12.1T or 12.2T, but somewhere
> along
> > > > >that line (searching on CCO for "PPTP NAT" should find it).
> > > > >
> > > > >gert
> > > > >--
> > > > >USENET is *not* the non-clickable part of WWW!
> > > > >
> > > > >//www.muc.de/~gert/
> > > > >Gert Doering - Munich, Germany
> > > > >gert@greenie.muc.de
> > > > >fax: +49-89-35655025
> > > > >gert@net.informatik.tu-muenchen.de
> > > > >_______________________________________________
> > > > >cisco-nas mailing list
> > > > >cisco-nas@puck.nether.net
> > > > >https://puck.nether.net/mailman/listinfo/cisco-nas
> > > >
> > > > _________________________________________________________________
> > > > It's fast, it's easy and it's free. Get MSN Messenger today!
> > > > http://www.msn.co.uk/messenger
> > > >
> > > > _______________________________________________
> > > > cisco-nas mailing list
> > > > cisco-nas@puck.nether.net
> > > > https://puck.nether.net/mailman/listinfo/cisco-nas
> > > >
> > >
> > > _______________________________________________
> > > cisco-nas mailing list
> > > cisco-nas@puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-nas
> >

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal