Mailing List Archive

pptp connection to 2600 with Windows VPN failing.
Trying to make a vpdn setup work from a windows vpn client to a cisco 2600. I had this working for a while, but then after one minor config change by someone else it stopped working. That change shouldn't have broken anything, but I backed it out nonetheless and the connection is still not working again.

I think it's breaking during the LCP negotiation, before authentication even occurs. Here's what I get from PPP debugging. Notice that it never gets to the authentication phase. I will attach relevant portions of the config afterwards.

genisis#show debug
PPP:
PPP detailed event debugging is on
PPP authentication debugging is on
PPP protocol errors debugging is on
PPP protocol negotiation debugging is on



genisis#
genisis#term mon
genisis#
*Mar 1 02:26:32.559: Se0/0 PPP: Outbound cdp packet dropped, CDPCP state is Listen
*Mar 1 02:26:39.415: EVT: Dynamic Bind 0 0x82C3989C
*Mar 1 02:26:39.415: ppp13 EVT: Cstate 4 0x00000000
*Mar 1 02:26:39.415: ppp13 PPP: Using vpn set call direction
*Mar 1 02:26:39.415: ppp13 PPP: Treating connection as a callin
*Mar 1 02:26:39.415: ppp13 PPP: Phase is ESTABLISHING, Passive Open
*Mar 1 02:26:39.415: ppp13 LCP: State is Listen
*Mar 1 02:26:39.439: ppp13 EVT: Packet 0 0x8332C29C
*Mar 1 02:26:39.439: ppp13 LCP: I CONFREQ [Listen] id 0 len 21
*Mar 1 02:26:39.439: ppp13 LCP: MRU 1400 (0x01040578)
*Mar 1 02:26:39.439: ppp13 LCP: MagicNumber 0x4FC8505D (0x05064FC8505D)
*Mar 1 02:26:39.439: ppp13 LCP: PFC (0x0702)
*Mar 1 02:26:39.439: ppp13 LCP: ACFC (0x0802)
*Mar 1 02:26:39.439: ppp13 LCP: Callback 6 (0x0D0306)
*Mar 1 02:26:39.439: ppp13 PPP: Authorization required
*Mar 1 02:26:39.439: ppp13 LCP: O CONFREQ [Listen] id 1 len 15
*Mar 1 02:26:39.443: ppp13 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 02:26:39.443: ppp13 LCP: MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar 1 02:26:39.443: ppp13 LCP: O CONFREJ [Listen] id 0 len 7
*Mar 1 02:26:39.443: ppp13 LCP: Callback 6 (0x0D0306)
*Mar 1 02:26:41.431: ppp13 EVT: Packet 0 0x830D1F30
*Mar 1 02:26:41.431: ppp13 LCP: I CONFREQ [REQsent] id 1 len 21
*Mar 1 02:26:41.431: ppp13 LCP: MRU 1400 (0x01040578)
*Mar 1 02:26:41.431: ppp13 LCP: MagicNumber 0x4FC8505D (0x05064FC8505D)
*Mar 1 02:26:41.431: ppp13 LCP: PFC (0x0702)
*Mar 1 02:26:41.431: ppp13 LCP: ACFC (0x0802)
*Mar 1 02:26:41.431: ppp13 LCP: Callback 6 (0x0D0306)
*Mar 1 02:26:41.431: ppp13 LCP: O CONFREJ [REQsent] id 1 len 7
*Mar 1 02:26:41.431: ppp13 LCP: Callback 6 (0x0D0306)
*Mar 1 02:26:41.451: ppp13 LCP: TIMEout: State REQsent
*Mar 1 02:26:41.451: ppp13 LCP: O CONFREQ [REQsent] id 2 len 15
*Mar 1 02:26:41.451: ppp13 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 02:26:41.451: ppp13 LCP: MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar 1 02:26:43.467: ppp13 LCP: TIMEout: State REQsent
*Mar 1 02:26:43.467: ppp13 LCP: O CONFREQ [REQsent] id 3 len 15
*Mar 1 02:26:43.467: ppp13 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 02:26:43.467: ppp13 LCP: MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar 1 02:26:44.431: ppp13 EVT: Packet 0 0x830D2E1C
*Mar 1 02:26:44.435: ppp13 LCP: I CONFREQ [REQsent] id 2 len 21
*Mar 1 02:26:44.435: ppp13 LCP: MRU 1400 (0x01040578)
*Mar 1 02:26:44.435: ppp13 LCP: MagicNumber 0x4FC8505D (0x05064FC8505D)
*Mar 1 02:26:44.435: ppp13 LCP: PFC (0x0702)
*Mar 1 02:26:44.435: ppp13 LCP: ACFC (0x0802)
*Mar 1 02:26:44.435: ppp13 LCP: Callback 6 (0x0D0306)
*Mar 1 02:26:44.435: ppp13 LCP: O CONFREJ [REQsent] id 2 len 7
*Mar 1 02:26:44.435: ppp13 LCP: Callback 6 (0x0D0306)
*Mar 1 02:26:45.483: ppp13 LCP: TIMEout: State REQsent
*Mar 1 02:26:45.483: ppp13 LCP: O CONFREQ [REQsent] id 4 len 15
*Mar 1 02:26:45.483: ppp13 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 02:26:45.483: ppp13 LCP: MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar 1 02:26:47.499: ppp13 LCP: TIMEout: State REQsent
*Mar 1 02:26:47.499: ppp13 LCP: O CONFREQ [REQsent] id 5 len 15
*Mar 1 02:26:47.499: ppp13 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 02:26:47.499: ppp13 LCP: MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar 1 02:26:48.427: ppp13 EVT: Packet 0 0x830D3118
*Mar 1 02:26:48.431: ppp13 LCP: I CONFREQ [REQsent] id 3 len 21
*Mar 1 02:26:48.431: ppp13 LCP: MRU 1400 (0x01040578)
*Mar 1 02:26:48.431: ppp13 LCP: MagicNumber 0x4FC8505D (0x05064FC8505D)
*Mar 1 02:26:48.431: ppp13 LCP: PFC (0x0702)
*Mar 1 02:26:48.431: ppp13 LCP: ACFC (0x0802)
*Mar 1 02:26:48.431: ppp13 LCP: Callback 6 (0x0D0306)
*Mar 1 02:26:48.431: ppp13 LCP: O CONFREJ [REQsent] id 3 len 7
*Mar 1 02:26:48.431: ppp13 LCP: Callback 6 (0x0D0306)
*Mar 1 02:26:49.515: ppp13 LCP: TIMEout: State REQsent
*Mar 1 02:26:49.515: ppp13 LCP: O CONFREQ [REQsent] id 6 len 15
*Mar 1 02:26:49.515: ppp13 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 02:26:49.515: ppp13 LCP: MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar 1 02:26:51.531: ppp13 LCP: TIMEout: State REQsent
*Mar 1 02:26:51.531: ppp13 LCP: O CONFREQ [REQsent] id 7 len 15
*Mar 1 02:26:51.531: ppp13 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 02:26:51.531: ppp13 LCP: MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar 1 02:26:52.431: ppp13 EVT: Packet 0 0x830CFB60
*Mar 1 02:26:52.431: ppp13 LCP: I CONFREQ [REQsent] id 4 len 21
*Mar 1 02:26:52.431: ppp13 LCP: MRU 1400 (0x01040578)
*Mar 1 02:26:52.431: ppp13 LCP: MagicNumber 0x4FC8505D (0x05064FC8505D)
*Mar 1 02:26:52.435: ppp13 LCP: PFC (0x0702)
*Mar 1 02:26:52.435: ppp13 LCP: ACFC (0x0802)
*Mar 1 02:26:52.435: ppp13 LCP: Callback 6 (0x0D0306)
*Mar 1 02:26:52.435: ppp13 LCP: O CONFREJ [REQsent] id 4 len 7
*Mar 1 02:26:52.435: ppp13 LCP: Callback 6 (0x0D0306)
*Mar 1 02:26:53.547: ppp13 LCP: TIMEout: State REQsent
*Mar 1 02:26:53.547: ppp13 LCP: O CONFREQ [REQsent] id 8 len 15
*Mar 1 02:26:53.547: ppp13 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 02:26:53.547: ppp13 LCP: MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar 1 02:26:55.563: ppp13 LCP: TIMEout: State REQsent
*Mar 1 02:26:55.563: ppp13 LCP: O CONFREQ [REQsent] id 9 len 15
*Mar 1 02:26:55.563: ppp13 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 02:26:55.563: ppp13 LCP: MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar 1 02:26:56.431: ppp13 EVT: Packet 0 0x830D0D48
*Mar 1 02:26:56.431: ppp13 LCP: I CONFREQ [REQsent] id 5 len 21
*Mar 1 02:26:56.431: ppp13 LCP: MRU 1400 (0x01040578)
*Mar 1 02:26:56.431: ppp13 LCP: MagicNumber 0x4FC8505D (0x05064FC8505D)
*Mar 1 02:26:56.431: ppp13 LCP: PFC (0x0702)
*Mar 1 02:26:56.431: ppp13 LCP: ACFC (0x0802)
*Mar 1 02:26:56.431: ppp13 LCP: Callback 6 (0x0D0306)
*Mar 1 02:26:56.431: ppp13 LCP: O CONFREJ [REQsent] id 5 len 7
*Mar 1 02:26:56.431: ppp13 LCP: Callback 6 (0x0D0306)
*Mar 1 02:26:57.579: ppp13 LCP: TIMEout: State REQsent
*Mar 1 02:26:57.579: ppp13 LCP: O CONFREQ [REQsent] id 10 len 15
*Mar 1 02:26:57.579: ppp13 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 02:26:57.579: ppp13 LCP: MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar 1 02:26:59.595: ppp13 LCP: TIMEout: State REQsent
*Mar 1 02:26:59.595: ppp13 LCP: O TERMREQ [REQsent] id 10 len 4
*Mar 1 02:26:59.595: ppp13 PPP: Phase is TERMINATING
*Mar 1 02:26:59.595: ppp13 LCP: State is Listen
*Mar 1 02:26:59.595: ppp13 EVT: Hard Disc 0 0x00000000
*Mar 1 02:26:59.595: ppp13 PPP: Sending Acct Event[Down] id[11]
*Mar 1 02:26:59.595: ppp13 LCP: State is Closed
*Mar 1 02:26:59.595: ppp13 PPP: Phase is DOWN
*Mar 1 02:26:59.599: ppp13 EVT: Free PPP 0 0x00000000


==========

genisis#show run
Building configuration...

Current configuration : 2791 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname genisis
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 informational
enable secret 5 xxxxxxxxxxxxxxxxxxxxxx.
enable password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxx
!
username johndoe password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxx
username angela password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
username admin privilege 15 password 7 xxxxxxxxxxxxxxxxxxxxxxxxxx
no network-clock-participate slot 1
no network-clock-participate wic 0
aaa new-model
!
!
aaa authentication ppp default local
aaa authorization network default if-authenticated
aaa session-id common
ip subnet-zero
no ip cef
!
!
ip ftp username launchpad
ip ftp password 7 045907071C3543480F
no ip domain lookup
no ip dhcp conflict logging
ip dhcp excluded-address 10.10.2.150 10.10.2.255
ip dhcp excluded-address 10.10.2.0 10.10.2.50
!
ip dhcp pool genesis-pc-dhcp-pool
network 10.10.2.0 255.255.255.0
dns-server 216.24.27.3
default-router 10.10.2.1
!
no ip bootp server
ip audit po max-events 100
vpdn enable
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
local name gen-vpn
!
no ftp-server write-enable
!
!
!
voice call carrier capacity active
!
voice class codec 1
codec preference 1 g711ulaw
codec preference 2 g729r8
!
!
!
!
!
!
!
!
!
!
!
class-map match-all dscp-ef
match ip dscp ef
!
!
policy-map queue-on-dscp
description Prioritizes voice traffic first, signalling next.
class dscp-ef
priority percent 75
class class-default
fair-queue
random-detect dscp-based
!
!
!
!
!
!
interface FastEthernet0/0
ip address 24.235.18.81 255.255.255.240 secondary
ip address 10.10.2.1 255.255.255.0 secondary
ip address 24.235.1.17 255.255.255.248
no ip redirects
ip nat inside
service-policy output queue-on-dscp
logging event subif-link-status
duplex auto
speed auto
!
interface Serial0/0
description T1 to WinNET (UNE-DS1-003-004, HCFD.687777..NB)
ip address 24.235.2.42 255.255.255.252
no ip redirects
ip nat outside
service-policy output queue-on-dscp
encapsulation ppp
logging event subif-link-status
auto qos voip trust
service-module t1 timeslots 1-24
!
interface Virtual-Template1
ip unnumbered FastEthernet0/0
ip mroute-cache
peer default ip address pool VPN-IN
ppp encrypt mppe 40 required
ppp authentication ms-chap
!
ip local pool VPN-IN 10.10.2.160 10.10.2.164
ip nat inside source list 50 interface Serial0/0 overload
no ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
!
!
access-list 50 permit 10.10.2.0 0.0.0.255
!
rmon event 33333 log trap AutoQoS description "AutoQoS SNMP traps for Voice Drops" owner AutoQo
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password 7 1415425B18072B2634
!
!
end

genisis#
Re: pptp connection to 2600 with Windows VPN failing. [ In reply to ]
BTW, yes, I am aware that I left the passwords for ftp etc in the config. They've already been changed.

----- Original Message -----
From: Joseph Mays
To: cisco-nas@puck.nether.net
Sent: Wednesday, December 12, 2012 5:11 PM
Subject: [cisco-nas] pptp connection to 2600 with Windows VPN failing.


Trying to make a vpdn setup work from a windows vpn client to a cisco 2600. I had this working for a while, but then after one minor config change by someone else it stopped working. That change shouldn't have broken anything, but I backed it out nonetheless and the connection is still not working again.

I think it's breaking during the LCP negotiation, before authentication even occurs. Here's what I get from PPP debugging. Notice that it never gets to the authentication phase. I will attach relevant portions of the config afterwards.

genisis#show debug
PPP:
PPP detailed event debugging is on
PPP authentication debugging is on
PPP protocol errors debugging is on
PPP protocol negotiation debugging is on



genisis#
genisis#term mon
genisis#
*Mar 1 02:26:32.559: Se0/0 PPP: Outbound cdp packet dropped, CDPCP state is Listen
*Mar 1 02:26:39.415: EVT: Dynamic Bind 0 0x82C3989C
*Mar 1 02:26:39.415: ppp13 EVT: Cstate 4 0x00000000
*Mar 1 02:26:39.415: ppp13 PPP: Using vpn set call direction
*Mar 1 02:26:39.415: ppp13 PPP: Treating connection as a callin
*Mar 1 02:26:39.415: ppp13 PPP: Phase is ESTABLISHING, Passive Open
*Mar 1 02:26:39.415: ppp13 LCP: State is Listen
*Mar 1 02:26:39.439: ppp13 EVT: Packet 0 0x8332C29C
*Mar 1 02:26:39.439: ppp13 LCP: I CONFREQ [Listen] id 0 len 21
*Mar 1 02:26:39.439: ppp13 LCP: MRU 1400 (0x01040578)
*Mar 1 02:26:39.439: ppp13 LCP: MagicNumber 0x4FC8505D (0x05064FC8505D)
*Mar 1 02:26:39.439: ppp13 LCP: PFC (0x0702)
*Mar 1 02:26:39.439: ppp13 LCP: ACFC (0x0802)
*Mar 1 02:26:39.439: ppp13 LCP: Callback 6 (0x0D0306)
*Mar 1 02:26:39.439: ppp13 PPP: Authorization required
*Mar 1 02:26:39.439: ppp13 LCP: O CONFREQ [Listen] id 1 len 15
*Mar 1 02:26:39.443: ppp13 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 02:26:39.443: ppp13 LCP: MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar 1 02:26:39.443: ppp13 LCP: O CONFREJ [Listen] id 0 len 7
*Mar 1 02:26:39.443: ppp13 LCP: Callback 6 (0x0D0306)
*Mar 1 02:26:41.431: ppp13 EVT: Packet 0 0x830D1F30
*Mar 1 02:26:41.431: ppp13 LCP: I CONFREQ [REQsent] id 1 len 21
*Mar 1 02:26:41.431: ppp13 LCP: MRU 1400 (0x01040578)
*Mar 1 02:26:41.431: ppp13 LCP: MagicNumber 0x4FC8505D (0x05064FC8505D)
*Mar 1 02:26:41.431: ppp13 LCP: PFC (0x0702)
*Mar 1 02:26:41.431: ppp13 LCP: ACFC (0x0802)
*Mar 1 02:26:41.431: ppp13 LCP: Callback 6 (0x0D0306)
*Mar 1 02:26:41.431: ppp13 LCP: O CONFREJ [REQsent] id 1 len 7
*Mar 1 02:26:41.431: ppp13 LCP: Callback 6 (0x0D0306)
*Mar 1 02:26:41.451: ppp13 LCP: TIMEout: State REQsent
*Mar 1 02:26:41.451: ppp13 LCP: O CONFREQ [REQsent] id 2 len 15
*Mar 1 02:26:41.451: ppp13 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 02:26:41.451: ppp13 LCP: MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar 1 02:26:43.467: ppp13 LCP: TIMEout: State REQsent
*Mar 1 02:26:43.467: ppp13 LCP: O CONFREQ [REQsent] id 3 len 15
*Mar 1 02:26:43.467: ppp13 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 02:26:43.467: ppp13 LCP: MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar 1 02:26:44.431: ppp13 EVT: Packet 0 0x830D2E1C
*Mar 1 02:26:44.435: ppp13 LCP: I CONFREQ [REQsent] id 2 len 21
*Mar 1 02:26:44.435: ppp13 LCP: MRU 1400 (0x01040578)
*Mar 1 02:26:44.435: ppp13 LCP: MagicNumber 0x4FC8505D (0x05064FC8505D)
*Mar 1 02:26:44.435: ppp13 LCP: PFC (0x0702)
*Mar 1 02:26:44.435: ppp13 LCP: ACFC (0x0802)
*Mar 1 02:26:44.435: ppp13 LCP: Callback 6 (0x0D0306)
*Mar 1 02:26:44.435: ppp13 LCP: O CONFREJ [REQsent] id 2 len 7
*Mar 1 02:26:44.435: ppp13 LCP: Callback 6 (0x0D0306)
*Mar 1 02:26:45.483: ppp13 LCP: TIMEout: State REQsent
*Mar 1 02:26:45.483: ppp13 LCP: O CONFREQ [REQsent] id 4 len 15
*Mar 1 02:26:45.483: ppp13 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 02:26:45.483: ppp13 LCP: MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar 1 02:26:47.499: ppp13 LCP: TIMEout: State REQsent
*Mar 1 02:26:47.499: ppp13 LCP: O CONFREQ [REQsent] id 5 len 15
*Mar 1 02:26:47.499: ppp13 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 02:26:47.499: ppp13 LCP: MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar 1 02:26:48.427: ppp13 EVT: Packet 0 0x830D3118
*Mar 1 02:26:48.431: ppp13 LCP: I CONFREQ [REQsent] id 3 len 21
*Mar 1 02:26:48.431: ppp13 LCP: MRU 1400 (0x01040578)
*Mar 1 02:26:48.431: ppp13 LCP: MagicNumber 0x4FC8505D (0x05064FC8505D)
*Mar 1 02:26:48.431: ppp13 LCP: PFC (0x0702)
*Mar 1 02:26:48.431: ppp13 LCP: ACFC (0x0802)
*Mar 1 02:26:48.431: ppp13 LCP: Callback 6 (0x0D0306)
*Mar 1 02:26:48.431: ppp13 LCP: O CONFREJ [REQsent] id 3 len 7
*Mar 1 02:26:48.431: ppp13 LCP: Callback 6 (0x0D0306)
*Mar 1 02:26:49.515: ppp13 LCP: TIMEout: State REQsent
*Mar 1 02:26:49.515: ppp13 LCP: O CONFREQ [REQsent] id 6 len 15
*Mar 1 02:26:49.515: ppp13 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 02:26:49.515: ppp13 LCP: MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar 1 02:26:51.531: ppp13 LCP: TIMEout: State REQsent
*Mar 1 02:26:51.531: ppp13 LCP: O CONFREQ [REQsent] id 7 len 15
*Mar 1 02:26:51.531: ppp13 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 02:26:51.531: ppp13 LCP: MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar 1 02:26:52.431: ppp13 EVT: Packet 0 0x830CFB60
*Mar 1 02:26:52.431: ppp13 LCP: I CONFREQ [REQsent] id 4 len 21
*Mar 1 02:26:52.431: ppp13 LCP: MRU 1400 (0x01040578)
*Mar 1 02:26:52.431: ppp13 LCP: MagicNumber 0x4FC8505D (0x05064FC8505D)
*Mar 1 02:26:52.435: ppp13 LCP: PFC (0x0702)
*Mar 1 02:26:52.435: ppp13 LCP: ACFC (0x0802)
*Mar 1 02:26:52.435: ppp13 LCP: Callback 6 (0x0D0306)
*Mar 1 02:26:52.435: ppp13 LCP: O CONFREJ [REQsent] id 4 len 7
*Mar 1 02:26:52.435: ppp13 LCP: Callback 6 (0x0D0306)
*Mar 1 02:26:53.547: ppp13 LCP: TIMEout: State REQsent
*Mar 1 02:26:53.547: ppp13 LCP: O CONFREQ [REQsent] id 8 len 15
*Mar 1 02:26:53.547: ppp13 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 02:26:53.547: ppp13 LCP: MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar 1 02:26:55.563: ppp13 LCP: TIMEout: State REQsent
*Mar 1 02:26:55.563: ppp13 LCP: O CONFREQ [REQsent] id 9 len 15
*Mar 1 02:26:55.563: ppp13 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 02:26:55.563: ppp13 LCP: MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar 1 02:26:56.431: ppp13 EVT: Packet 0 0x830D0D48
*Mar 1 02:26:56.431: ppp13 LCP: I CONFREQ [REQsent] id 5 len 21
*Mar 1 02:26:56.431: ppp13 LCP: MRU 1400 (0x01040578)
*Mar 1 02:26:56.431: ppp13 LCP: MagicNumber 0x4FC8505D (0x05064FC8505D)
*Mar 1 02:26:56.431: ppp13 LCP: PFC (0x0702)
*Mar 1 02:26:56.431: ppp13 LCP: ACFC (0x0802)
*Mar 1 02:26:56.431: ppp13 LCP: Callback 6 (0x0D0306)
*Mar 1 02:26:56.431: ppp13 LCP: O CONFREJ [REQsent] id 5 len 7
*Mar 1 02:26:56.431: ppp13 LCP: Callback 6 (0x0D0306)
*Mar 1 02:26:57.579: ppp13 LCP: TIMEout: State REQsent
*Mar 1 02:26:57.579: ppp13 LCP: O CONFREQ [REQsent] id 10 len 15
*Mar 1 02:26:57.579: ppp13 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 02:26:57.579: ppp13 LCP: MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar 1 02:26:59.595: ppp13 LCP: TIMEout: State REQsent
*Mar 1 02:26:59.595: ppp13 LCP: O TERMREQ [REQsent] id 10 len 4
*Mar 1 02:26:59.595: ppp13 PPP: Phase is TERMINATING
*Mar 1 02:26:59.595: ppp13 LCP: State is Listen
*Mar 1 02:26:59.595: ppp13 EVT: Hard Disc 0 0x00000000
*Mar 1 02:26:59.595: ppp13 PPP: Sending Acct Event[Down] id[11]
*Mar 1 02:26:59.595: ppp13 LCP: State is Closed
*Mar 1 02:26:59.595: ppp13 PPP: Phase is DOWN
*Mar 1 02:26:59.599: ppp13 EVT: Free PPP 0 0x00000000


==========

genisis#show run
Building configuration...

Current configuration : 2791 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname genisis
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 informational
enable secret 5 xxxxxxxxxxxxxxxxxxxxxx.
enable password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxx
!
username johndoe password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxx
username angela password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
username admin privilege 15 password 7 xxxxxxxxxxxxxxxxxxxxxxxxxx
no network-clock-participate slot 1
no network-clock-participate wic 0
aaa new-model
!
!
aaa authentication ppp default local
aaa authorization network default if-authenticated
aaa session-id common
ip subnet-zero
no ip cef
!
!
ip ftp username launchpad
ip ftp password 7 045907071C3543480F
no ip domain lookup
no ip dhcp conflict logging
ip dhcp excluded-address 10.10.2.150 10.10.2.255
ip dhcp excluded-address 10.10.2.0 10.10.2.50
!
ip dhcp pool genesis-pc-dhcp-pool
network 10.10.2.0 255.255.255.0
dns-server 216.24.27.3
default-router 10.10.2.1
!
no ip bootp server
ip audit po max-events 100
vpdn enable
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
local name gen-vpn
!
no ftp-server write-enable
!
!
!
voice call carrier capacity active
!
voice class codec 1
codec preference 1 g711ulaw
codec preference 2 g729r8
!
!
!
!
!
!
!
!
!
!
!
class-map match-all dscp-ef
match ip dscp ef
!
!
policy-map queue-on-dscp
description Prioritizes voice traffic first, signalling next.
class dscp-ef
priority percent 75
class class-default
fair-queue
random-detect dscp-based
!
!
!
!
!
!
interface FastEthernet0/0
ip address 24.235.18.81 255.255.255.240 secondary
ip address 10.10.2.1 255.255.255.0 secondary
ip address 24.235.1.17 255.255.255.248
no ip redirects
ip nat inside
service-policy output queue-on-dscp
logging event subif-link-status
duplex auto
speed auto
!
interface Serial0/0
description T1 to WinNET (UNE-DS1-003-004, HCFD.687777..NB)
ip address 24.235.2.42 255.255.255.252
no ip redirects
ip nat outside
service-policy output queue-on-dscp
encapsulation ppp
logging event subif-link-status
auto qos voip trust
service-module t1 timeslots 1-24
!
interface Virtual-Template1
ip unnumbered FastEthernet0/0
ip mroute-cache
peer default ip address pool VPN-IN
ppp encrypt mppe 40 required
ppp authentication ms-chap
!
ip local pool VPN-IN 10.10.2.160 10.10.2.164
ip nat inside source list 50 interface Serial0/0 overload
no ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
!
!
access-list 50 permit 10.10.2.0 0.0.0.255
!
rmon event 33333 log trap AutoQoS description "AutoQoS SNMP traps for Voice Drops" owner AutoQo
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password 7 1415425B18072B2634
!
!
end

genisis#



------------------------------------------------------------------------------


_______________________________________________
cisco-nas mailing list
cisco-nas@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nas
Re: pptp connection to 2600 with Windows VPN failing. [ In reply to ]
You might take a look at the PPP packet negotiation at the client; based on the cisco debug, it looks as if the peer is not receiving our CONFREJ or CONFREQ.

What was the minor config change?

mark

From: Joseph Mays <mays@win.net<mailto:mays@win.net>>
Date: Wednesday, December 12, 2012 11:11 PM
To: "cisco-nas@puck.nether.net<mailto:cisco-nas@puck.nether.net>" <cisco-nas@puck.nether.net<mailto:cisco-nas@puck.nether.net>>
Subject: [cisco-nas] pptp connection to 2600 with Windows VPN failing.

Trying to make a vpdn setup work from a windows vpn client to a cisco 2600. I had this working for a while, but then after one minor config change by someone else it stopped working. That change shouldn't have broken anything, but I backed it out nonetheless and the connection is still not working again.

I think it's breaking during the LCP negotiation, before authentication even occurs. Here's what I get from PPP debugging. Notice that it never gets to the authentication phase. I will attach relevant portions of the config afterwards.

genisis#show debug
PPP:
PPP detailed event debugging is on
PPP authentication debugging is on
PPP protocol errors debugging is on
PPP protocol negotiation debugging is on



genisis#
genisis#term mon
genisis#
*Mar 1 02:26:32.559: Se0/0 PPP: Outbound cdp packet dropped, CDPCP state is Listen
*Mar 1 02:26:39.415: EVT: Dynamic Bind 0 0x82C3989C
*Mar 1 02:26:39.415: ppp13 EVT: Cstate 4 0x00000000
*Mar 1 02:26:39.415: ppp13 PPP: Using vpn set call direction
*Mar 1 02:26:39.415: ppp13 PPP: Treating connection as a callin
*Mar 1 02:26:39.415: ppp13 PPP: Phase is ESTABLISHING, Passive Open
*Mar 1 02:26:39.415: ppp13 LCP: State is Listen
*Mar 1 02:26:39.439: ppp13 EVT: Packet 0 0x8332C29C
*Mar 1 02:26:39.439: ppp13 LCP: I CONFREQ [Listen] id 0 len 21
*Mar 1 02:26:39.439: ppp13 LCP: MRU 1400 (0x01040578)
*Mar 1 02:26:39.439: ppp13 LCP: MagicNumber 0x4FC8505D (0x05064FC8505D)
*Mar 1 02:26:39.439: ppp13 LCP: PFC (0x0702)
*Mar 1 02:26:39.439: ppp13 LCP: ACFC (0x0802)
*Mar 1 02:26:39.439: ppp13 LCP: Callback 6 (0x0D0306)
*Mar 1 02:26:39.439: ppp13 PPP: Authorization required
*Mar 1 02:26:39.439: ppp13 LCP: O CONFREQ [Listen] id 1 len 15
*Mar 1 02:26:39.443: ppp13 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 02:26:39.443: ppp13 LCP: MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar 1 02:26:39.443: ppp13 LCP: O CONFREJ [Listen] id 0 len 7
*Mar 1 02:26:39.443: ppp13 LCP: Callback 6 (0x0D0306)
*Mar 1 02:26:41.431: ppp13 EVT: Packet 0 0x830D1F30
*Mar 1 02:26:41.431: ppp13 LCP: I CONFREQ [REQsent] id 1 len 21
*Mar 1 02:26:41.431: ppp13 LCP: MRU 1400 (0x01040578)
*Mar 1 02:26:41.431: ppp13 LCP: MagicNumber 0x4FC8505D (0x05064FC8505D)
*Mar 1 02:26:41.431: ppp13 LCP: PFC (0x0702)
*Mar 1 02:26:41.431: ppp13 LCP: ACFC (0x0802)
*Mar 1 02:26:41.431: ppp13 LCP: Callback 6 (0x0D0306)
*Mar 1 02:26:41.431: ppp13 LCP: O CONFREJ [REQsent] id 1 len 7
*Mar 1 02:26:41.431: ppp13 LCP: Callback 6 (0x0D0306)
*Mar 1 02:26:41.451: ppp13 LCP: TIMEout: State REQsent
*Mar 1 02:26:41.451: ppp13 LCP: O CONFREQ [REQsent] id 2 len 15
*Mar 1 02:26:41.451: ppp13 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 02:26:41.451: ppp13 LCP: MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar 1 02:26:43.467: ppp13 LCP: TIMEout: State REQsent
*Mar 1 02:26:43.467: ppp13 LCP: O CONFREQ [REQsent] id 3 len 15
*Mar 1 02:26:43.467: ppp13 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 02:26:43.467: ppp13 LCP: MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar 1 02:26:44.431: ppp13 EVT: Packet 0 0x830D2E1C
*Mar 1 02:26:44.435: ppp13 LCP: I CONFREQ [REQsent] id 2 len 21
*Mar 1 02:26:44.435: ppp13 LCP: MRU 1400 (0x01040578)
*Mar 1 02:26:44.435: ppp13 LCP: MagicNumber 0x4FC8505D (0x05064FC8505D)
*Mar 1 02:26:44.435: ppp13 LCP: PFC (0x0702)
*Mar 1 02:26:44.435: ppp13 LCP: ACFC (0x0802)
*Mar 1 02:26:44.435: ppp13 LCP: Callback 6 (0x0D0306)
*Mar 1 02:26:44.435: ppp13 LCP: O CONFREJ [REQsent] id 2 len 7
*Mar 1 02:26:44.435: ppp13 LCP: Callback 6 (0x0D0306)
*Mar 1 02:26:45.483: ppp13 LCP: TIMEout: State REQsent
*Mar 1 02:26:45.483: ppp13 LCP: O CONFREQ [REQsent] id 4 len 15
*Mar 1 02:26:45.483: ppp13 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 02:26:45.483: ppp13 LCP: MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar 1 02:26:47.499: ppp13 LCP: TIMEout: State REQsent
*Mar 1 02:26:47.499: ppp13 LCP: O CONFREQ [REQsent] id 5 len 15
*Mar 1 02:26:47.499: ppp13 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 02:26:47.499: ppp13 LCP: MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar 1 02:26:48.427: ppp13 EVT: Packet 0 0x830D3118
*Mar 1 02:26:48.431: ppp13 LCP: I CONFREQ [REQsent] id 3 len 21
*Mar 1 02:26:48.431: ppp13 LCP: MRU 1400 (0x01040578)
*Mar 1 02:26:48.431: ppp13 LCP: MagicNumber 0x4FC8505D (0x05064FC8505D)
*Mar 1 02:26:48.431: ppp13 LCP: PFC (0x0702)
*Mar 1 02:26:48.431: ppp13 LCP: ACFC (0x0802)
*Mar 1 02:26:48.431: ppp13 LCP: Callback 6 (0x0D0306)
*Mar 1 02:26:48.431: ppp13 LCP: O CONFREJ [REQsent] id 3 len 7
*Mar 1 02:26:48.431: ppp13 LCP: Callback 6 (0x0D0306)
*Mar 1 02:26:49.515: ppp13 LCP: TIMEout: State REQsent
*Mar 1 02:26:49.515: ppp13 LCP: O CONFREQ [REQsent] id 6 len 15
*Mar 1 02:26:49.515: ppp13 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 02:26:49.515: ppp13 LCP: MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar 1 02:26:51.531: ppp13 LCP: TIMEout: State REQsent
*Mar 1 02:26:51.531: ppp13 LCP: O CONFREQ [REQsent] id 7 len 15
*Mar 1 02:26:51.531: ppp13 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 02:26:51.531: ppp13 LCP: MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar 1 02:26:52.431: ppp13 EVT: Packet 0 0x830CFB60
*Mar 1 02:26:52.431: ppp13 LCP: I CONFREQ [REQsent] id 4 len 21
*Mar 1 02:26:52.431: ppp13 LCP: MRU 1400 (0x01040578)
*Mar 1 02:26:52.431: ppp13 LCP: MagicNumber 0x4FC8505D (0x05064FC8505D)
*Mar 1 02:26:52.435: ppp13 LCP: PFC (0x0702)
*Mar 1 02:26:52.435: ppp13 LCP: ACFC (0x0802)
*Mar 1 02:26:52.435: ppp13 LCP: Callback 6 (0x0D0306)
*Mar 1 02:26:52.435: ppp13 LCP: O CONFREJ [REQsent] id 4 len 7
*Mar 1 02:26:52.435: ppp13 LCP: Callback 6 (0x0D0306)
*Mar 1 02:26:53.547: ppp13 LCP: TIMEout: State REQsent
*Mar 1 02:26:53.547: ppp13 LCP: O CONFREQ [REQsent] id 8 len 15
*Mar 1 02:26:53.547: ppp13 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 02:26:53.547: ppp13 LCP: MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar 1 02:26:55.563: ppp13 LCP: TIMEout: State REQsent
*Mar 1 02:26:55.563: ppp13 LCP: O CONFREQ [REQsent] id 9 len 15
*Mar 1 02:26:55.563: ppp13 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 02:26:55.563: ppp13 LCP: MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar 1 02:26:56.431: ppp13 EVT: Packet 0 0x830D0D48
*Mar 1 02:26:56.431: ppp13 LCP: I CONFREQ [REQsent] id 5 len 21
*Mar 1 02:26:56.431: ppp13 LCP: MRU 1400 (0x01040578)
*Mar 1 02:26:56.431: ppp13 LCP: MagicNumber 0x4FC8505D (0x05064FC8505D)
*Mar 1 02:26:56.431: ppp13 LCP: PFC (0x0702)
*Mar 1 02:26:56.431: ppp13 LCP: ACFC (0x0802)
*Mar 1 02:26:56.431: ppp13 LCP: Callback 6 (0x0D0306)
*Mar 1 02:26:56.431: ppp13 LCP: O CONFREJ [REQsent] id 5 len 7
*Mar 1 02:26:56.431: ppp13 LCP: Callback 6 (0x0D0306)
*Mar 1 02:26:57.579: ppp13 LCP: TIMEout: State REQsent
*Mar 1 02:26:57.579: ppp13 LCP: O CONFREQ [REQsent] id 10 len 15
*Mar 1 02:26:57.579: ppp13 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 02:26:57.579: ppp13 LCP: MagicNumber 0x0F0968D2 (0x05060F0968D2)
*Mar 1 02:26:59.595: ppp13 LCP: TIMEout: State REQsent
*Mar 1 02:26:59.595: ppp13 LCP: O TERMREQ [REQsent] id 10 len 4
*Mar 1 02:26:59.595: ppp13 PPP: Phase is TERMINATING
*Mar 1 02:26:59.595: ppp13 LCP: State is Listen
*Mar 1 02:26:59.595: ppp13 EVT: Hard Disc 0 0x00000000
*Mar 1 02:26:59.595: ppp13 PPP: Sending Acct Event[Down] id[11]
*Mar 1 02:26:59.595: ppp13 LCP: State is Closed
*Mar 1 02:26:59.595: ppp13 PPP: Phase is DOWN
*Mar 1 02:26:59.599: ppp13 EVT: Free PPP 0 0x00000000

==========

genisis#show run
Building configuration...

Current configuration : 2791 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname genisis
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 informational
enable secret 5 xxxxxxxxxxxxxxxxxxxxxx.
enable password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxx
!
username johndoe password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxx
username angela password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
username admin privilege 15 password 7 xxxxxxxxxxxxxxxxxxxxxxxxxx
no network-clock-participate slot 1
no network-clock-participate wic 0
aaa new-model
!
!
aaa authentication ppp default local
aaa authorization network default if-authenticated
aaa session-id common
ip subnet-zero
no ip cef
!
!
ip ftp username launchpad
ip ftp password 7 045907071C3543480F
no ip domain lookup
no ip dhcp conflict logging
ip dhcp excluded-address 10.10.2.150 10.10.2.255
ip dhcp excluded-address 10.10.2.0 10.10.2.50
!
ip dhcp pool genesis-pc-dhcp-pool
network 10.10.2.0 255.255.255.0
dns-server 216.24.27.3
default-router 10.10.2.1
!
no ip bootp server
ip audit po max-events 100
vpdn enable
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
local name gen-vpn
!
no ftp-server write-enable
!
!
!
voice call carrier capacity active
!
voice class codec 1
codec preference 1 g711ulaw
codec preference 2 g729r8
!
!
!
!
!
!
!
!
!
!
!
class-map match-all dscp-ef
match ip dscp ef
!
!
policy-map queue-on-dscp
description Prioritizes voice traffic first, signalling next.
class dscp-ef
priority percent 75
class class-default
fair-queue
random-detect dscp-based
!
!
!
!
!
!
interface FastEthernet0/0
ip address 24.235.18.81 255.255.255.240 secondary
ip address 10.10.2.1 255.255.255.0 secondary
ip address 24.235.1.17 255.255.255.248
no ip redirects
ip nat inside
service-policy output queue-on-dscp
logging event subif-link-status
duplex auto
speed auto
!
interface Serial0/0
description T1 to WinNET (UNE-DS1-003-004, HCFD.687777..NB)
ip address 24.235.2.42 255.255.255.252
no ip redirects
ip nat outside
service-policy output queue-on-dscp
encapsulation ppp
logging event subif-link-status
auto qos voip trust
service-module t1 timeslots 1-24
!
interface Virtual-Template1
ip unnumbered FastEthernet0/0
ip mroute-cache
peer default ip address pool VPN-IN
ppp encrypt mppe 40 required
ppp authentication ms-chap
!
ip local pool VPN-IN 10.10.2.160 10.10.2.164
ip nat inside source list 50 interface Serial0/0 overload
no ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
!
!
access-list 50 permit 10.10.2.0 0.0.0.255
!
rmon event 33333 log trap AutoQoS description "AutoQoS SNMP traps for Voice Drops" owner AutoQo
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password 7 1415425B18072B2634
!
!
end

genisis#
Re: pptp connection to 2600 with Windows VPN failing. [ In reply to ]
Hi,

On Wed, Dec 12, 2012 at 05:11:23PM -0500, Joseph Mays wrote:
> Trying to make a vpdn setup work from a windows vpn client to a cisco 2600. I had this working for a while, but then after one minor config change by someone else it stopped working. That change shouldn't have broken anything, but I backed it out nonetheless and the connection is still not working again.

Your windows system is requesting a PPP callback...

> *Mar 1 02:26:44.435: ppp13 LCP: I CONFREQ [REQsent] id 2 len 21
> *Mar 1 02:26:44.435: ppp13 LCP: MRU 1400 (0x01040578)
> *Mar 1 02:26:44.435: ppp13 LCP: MagicNumber 0x4FC8505D (0x05064FC8505D)
> *Mar 1 02:26:44.435: ppp13 LCP: PFC (0x0702)
> *Mar 1 02:26:44.435: ppp13 LCP: ACFC (0x0802)
> *Mar 1 02:26:44.435: ppp13 LCP: Callback 6 (0x0D0306)

... which your Cisco is refusing:

> *Mar 1 02:26:44.435: ppp13 LCP: O CONFREJ [REQsent] id 2 len 7
> *Mar 1 02:26:44.435: ppp13 LCP: Callback 6 (0x0D0306)

... and that goes on until the Cisco has seen enough and TERMREQs the
client.

Now, why windows would request a callback on a VPDN session escapes me.

gert

--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert@greenie.muc.de
fax: +49-89-35655025 gert@net.informatik.tu-muenchen.de
Re: pptp connection to 2600 with Windows VPN failing. [ In reply to ]
> What was the minor config change?

Addition of the second username, "angela".