Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco IOS PPTP Server

Status
Not open for further replies.

Perq

Technical User
Sep 23, 2002
5
AU
G'day folks,

Anyone have a working config for a Cisco IOS PPTP server?

I've got a client with an 827 router running 12.2.8YN.

I'm currently testing with the VPN on ethernet, but once that's working will switch it to the Dialer interface for the ADSL.

Relevant config snippets follow:

username testvpn password 7 051F031C355A5E07
aaa authentication login default local-case
aaa authentication ppp default local-case
aaa authentication ppp VPN local-case
!
vpdn enable
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
local name CiscoPPTP
!
!
!
interface Ethernet0
ip address 192.168.0.65 255.255.255.0 secondary
ip address 192.168.1.65 255.255.255.0
ip nat inside
no cdp enable
hold-queue 100 out
!
interface Virtual-Template1
ip unnumbered Ethernet0
ip mroute-cache
peer default ip address pool vpn
ppp encrypt mppe auto
ppp authentication ms-chap ms-chap-v2 VPN
ppp multilink
!
!
ip local pool vpn 192.168.0.10 192.168.0.20

The client PC is a win2k laptop on 192.168.1.6 - I'm connecting to 192.68.1.65, and will hopefully get a connection and allocated an IP in the 192.168.0 range - as per the address pool. I should then be able to ping 192.168.0.65, I hope.

When I try and connect via VPN to 192.168.1.65, the client sits there on verifying username and password for 30 seconds or so and then reports Error 718 - connection timeout waiting for a valid response from the remote computer.

Whilst it's sitting on verifying however, the router is seeing the session:

Cisco-PRK#who
Line User Host(s) Idle Location
* 0 con 0 idle 00:00:00

Interface User Mode Idle Peer Address
Vi5 testvpn PPPoVPDN 00:00:02
Vi6 testvpn MLP Bundle never

Cisco-PRK#show vpd
Cisco-PRK#show vpdn ses
Cisco-PRK#show vpdn session

%No active L2TP tunnels

%No active L2F tunnels

PPTP Session Information Total tunnels 1 sessions 1

LocID RemID TunID Intf Username State Last Chg
3 32768 3 Vi5 testvpn estabd 00:00:11

%No active PPPoE tunnels
Cisco-PRK#show vpdn tun

%No active L2TP tunnels

%No active L2F tunnels

PPTP Tunnel Information Total tunnels 1 sessions 1

LocID Remote Name State Remote Address Port Sessions VPDN Group
3 estabd 192.168.1.6 1169 1 1

%No active PPPoE tunnels
Cisco-PRK#

If I turn on ppp negotiation debugging, I see:

Cisco-PRK#
*Mar 1 08:12:45: EVT: Dynamic Bind 0 0x815C69A0
*Mar 1 08:12:45: ppp17 EVT: Cstate 4 0x0
*Mar 1 08:12:45: ppp17 PPP: Using set call direction
*Mar 1 08:12:45: ppp17 PPP: Treating connection as a callin
*Mar 1 08:12:45: ppp17 PPP: Phase is ESTABLISHING, Active Open
*Mar 1 08:12:45: ppp17 LCP: O CONFREQ [Closed] id 1 len 31
*Mar 1 08:12:45: ppp17 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 08:12:45: ppp17 LCP: MagicNumber 0x094F2DBB (0x0506094F2DBB)
*Mar 1 08:12:45: ppp17 LCP: MRRU 1524 (0x110405F4)
*Mar 1 08:12:45: ppp17 LCP: EndpointDisc 1 Cisco-PRK (0x130C01436973636F2D50524B)
*Mar 1 08:12:45: ppp17 EVT: Packet 0 0x8110D708
*Mar 1 08:12:45: ppp17 LCP: I CONFACK [REQsent] id 1 len 31
*Mar 1 08:12:45: ppp17 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 08:12:45: ppp17 LCP: MagicNumber 0x094F2DBB (0x0506094F2DBB)
*Mar 1 08:12:45: ppp17 LCP: MRRU 1524 (0x110405F4)
*Mar 1 08:12:45: ppp17 LCP: EndpointDisc 1 Cisco-PRK (0x130C01436973636F2D50524B)
*Mar 1 08:12:47: ppp17 LCP: TIMEout: State ACKrcvd
*Mar 1 08:12:47: ppp17 LCP: O CONFREQ [ACKrcvd] id 2 len 31
*Mar 1 08:12:47: ppp17 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 08:12:47: ppp17 LCP: MagicNumber 0x094F2DBB (0x0506094F2DBB)
*Mar 1 08:12:47: ppp17 LCP: MRRU 1524 (0x110405F4)
*Mar 1 08:12:47: ppp17 LCP: EndpointDisc 1 Cisco-PRK (0x130C01436973636F2D50524B)
*Mar 1 08:12:47: ppp17 EVT: Packet 0 0x8110DFCC
*Mar 1 08:12:47: ppp17 LCP: I CONFACK [REQsent] id 2 len 31
*Mar 1 08:12:47: ppp17 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 08:12:47: ppp17 LCP: MagicNumber 0x094F2DBB (0x0506094F2DBB)
*Mar 1 08:12:47: ppp17 LCP: MRRU 1524 (0x110405F4)
*Mar 1 08:12:47: ppp17 LCP: EndpointDisc 1 Cisco-PRK (0x130C01436973636F2D50524B)
*Mar 1 08:12:47: ppp17 EVT: Packet 0 0x8110D130
*Mar 1 08:12:47: ppp17 LCP: I CONFREQ [ACKrcvd] id 1 len 44
*Mar 1 08:12:47: ppp17 LCP: MagicNumber 0x20425878 (0x050620425878)
*Mar 1 08:12:47: ppp17 LCP: PFC (0x0702)
*Mar 1 08:12:47: ppp17 LCP: ACFC (0x0802)
*Mar 1 08:12:47: ppp17 LCP: Callback 6 (0x0D0306)
*Mar 1 08:12:47: ppp17 LCP: MRRU 1614 (0x1104064E)
*Mar 1 08:12:47: ppp17 LCP: EndpointDisc 1 Local
*Mar 1 08:12:47: ppp17 LCP: (0x131701E41EA956731945DCB21EF11AC7)
*Mar 1 08:12:47: ppp17 LCP: (0x112F3E00000006)
*Mar 1 08:12:47: ppp17 LCP: O CONFREJ [ACKrcvd] id 1 len 7
*Mar 1 08:12:47: ppp17 LCP: Callback 6 (0x0D0306)
*Mar 1 08:12:47: ppp17 EVT: Packet 0 0x8110DFCC
*Mar 1 08:12:47: ppp17 LCP: I CONFREQ [ACKrcvd] id 2 len 41
*Mar 1 08:12:47: ppp17 LCP: MagicNumber 0x20425878 (0x050620425878)
*Mar 1 08:12:47: ppp17 LCP: PFC (0x0702)
*Mar 1 08:12:47: ppp17 LCP: ACFC (0x0802)
*Mar 1 08:12:47: ppp17 LCP: MRRU 1614 (0x1104064E)
*Mar 1 08:12:47: ppp17 LCP: EndpointDisc 1 Local
*Mar 1 08:12:47: ppp17 LCP: (0x131701E41EA956731945DCB21EF11AC7)
*Mar 1 08:12:47: ppp17 LCP: (0x112F3E00000006)
*Mar 1 08:12:47: ppp17 LCP: O CONFACK [ACKrcvd] id 2 len 41
*Mar 1 08:12:47: ppp17 LCP: MagicNumber 0x20425878 (0x050620425878)
*Mar 1 08:12:47: ppp17 LCP: PFC (0x0702)
*Mar 1 08:12:47: ppp17 LCP: ACFC (0x0802)
*Mar 1 08:12:47: ppp17 LCP: MRRU 1614 (0x1104064E)
*Mar 1 08:12:47: ppp17 LCP: EndpointDisc 1 Local
*Mar 1 08:12:47: ppp17 LCP: (0x131701E41EA956731945DCB21EF11AC7)
*Mar 1 08:12:47: ppp17 LCP: (0x112F3E00000006)
*Mar 1 08:12:47: ppp17 LCP: State is Open
*Mar 1 08:12:47: ppp17 PPP: Phase is AUTHENTICATING, by this end
*Mar 1 08:12:47: ppp17 MS-CHAP: O CHALLENGE id 1 len 22 from "Cisco-PRK"
*Mar 1 08:12:47: ppp17 EVT: Packet 0 0x8110FA18
*Mar 1 08:12:47: ppp17 LCP: I IDENTIFY [Open] id 3 len 18 magic 0x20425878 MSRASV5.00
*Mar 1 08:12:47: ppp17 EVT: Packet 0 0x811102DC
*Mar 1 08:12:47: ppp17 LCP: I IDENTIFY [Open] id 4 len 25 magic 0x20425878 MSRAS-1-MOBILE-HO
*Mar 1 08:12:47: ppp17 EVT: Auth Packet 0 0x8110E5A4
*Mar 1 08:12:47: ppp17 MS-CHAP: I RESPONSE id 1 len 61 from "testvpn"
*Mar 1 08:12:47: ppp17 PPP: Phase is FORWARDING, Attempting Forward
*Mar 1 08:12:47: ppp17 EVT: Hook 1 0x0
*Mar 1 08:12:47: ppp17 EVT: Hook 1 0x0
*Mar 1 08:12:47: ppp17 EVT: Forwarded 0 0x0
*Mar 1 08:12:47: ppp17 PPP: Phase is AUTHENTICATING, Unauthenticated User
*Mar 1 08:12:47: ppp17 PPP: Phase is FORWARDING, Attempting Forward
*Mar 1 08:12:47: ppp17 EVT: Hook 1 0x0
*Mar 1 08:12:47: Vi5 EVT: Setup 0 0x0
*Mar 1 08:12:47: Vi5 PPP: Phase is DOWN, Setup
*Mar 1 08:12:47: EVT: Static Bind 0 0x815C69A0
*Mar 1 08:12:47: Vi5 EVT: Free PPP 0 0x0
*Mar 1 08:12:47: %LINK-3-UPDOWN: Interface Virtual-Access5, changed state to up
*Mar 1 08:12:47: Vi5 EVT: Hook 1 0x0
*Mar 1 08:12:47: Vi5 EVT: Forwarded 0 0x0
*Mar 1 08:12:47: Vi5 PPP: Phase is AUTHENTICATING, Authenticated User
*Mar 1 08:12:47: Vi5 MS-CHAP: O SUCCESS id 1 len 4
*Mar 1 08:12:47: Vi5 PPP: Phase is VIRTUALIZED
*Mar 1 08:12:47: VT[Vi6]:Created unnumbered vaccess
*Mar 1 08:12:47: Vi6 EVT: Setup 0 0x0
*Mar 1 08:12:47: Vi6 PPP: Phase is DOWN, Setup
*Mar 1 08:12:47: Vi6 PPP: Treating connection as a dedicated line
*Mar 1 08:12:47: Vi6 PPP: Phase is ESTABLISHING, Active Open
*Mar 1 08:12:47: Vi6 LCP: O CONFREQ [Closed] id 1 len 31
*Mar 1 08:12:47: Vi6 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 08:12:47: Vi6 LCP: MagicNumber 0x094F36F9 (0x0506094F36F9)
*Mar 1 08:12:47: Vi6 LCP: MRRU 1524 (0x110405F4)
*Mar 1 08:12:47: Vi6 LCP: EndpointDisc 1 Cisco-PRK (0x130C01436973636F2D50524B)
*Mar 1 08:12:47: Vi6 EVT: Setup 0 0x0
*Mar 1 08:12:47: Vi6 PPP: Phase is DOWN, Setup
*Mar 1 08:12:47: %LINK-3-UPDOWN: Interface Virtual-Access6, changed state to up
*Mar 1 08:12:47: Vi6 EVT: Cstate 4 0x0
*Mar 1 08:12:47: Vi6 MLP: Added first link Vi5 to bundle testvpn
*Mar 1 08:12:47: Vi6 EVT: Virtualize 0 0x0
*Mar 1 08:12:47: Vi6 PPP: Phase is UP
*Mar 1 08:12:47: Vi6 IPCP: O CONFREQ [Closed] id 1 len 10
*Mar 1 08:12:47: Vi6 IPCP: Address 192.168.1.65 (0x0306C0A80141)
*Mar 1 08:12:47: Vi6 CCP: O CONFREQ [Closed] id 1 len 4
*Mar 1 08:12:47: Vi6 PPP: Process pending packets
*Mar 1 08:12:47: Vi5 EVT: Redirect 0 0x0
*Mar 1 08:12:47: Vi5 PPP: Process pending packets
*Mar 1 08:12:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access5, changed state to up
*Mar 1 08:12:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access6, changed state to up
*Mar 1 08:12:48: Vi6 EVT: Cstate 4 0x0
*Mar 1 08:12:49: Vi6 IPCP: TIMEout: State REQsent
*Mar 1 08:12:49: Vi6 IPCP: O CONFREQ [REQsent] id 2 len 10
*Mar 1 08:12:49: Vi6 IPCP: Address 192.168.1.65 (0x0306C0A80141)
*Mar 1 08:12:49: Vi6 CCP: TIMEout: State REQsent
*Mar 1 08:12:49: Vi6 CCP: O CONFREQ [REQsent] id 2 len 4
*Mar 1 08:12:50: Vi5 EVT: Auth Packet 0 0x811102DC
*Mar 1 08:12:50: Vi5 MS-CHAP: I RESPONSE id 1 len 61 from "testvpn"
*Mar 1 08:12:50: Vi5 MS-CHAP: O SUCCESS id 1 len 4
*Mar 1 08:12:51: Vi6 IPCP: TIMEout: State REQsent
*Mar 1 08:12:51: Vi6 IPCP: O CONFREQ [REQsent] id 3 len 10
*Mar 1 08:12:51: Vi6 IPCP: Address 192.168.1.65 (0x0306C0A80141)
*Mar 1 08:12:51: Vi6 CCP: TIMEout: State REQsent
*Mar 1 08:12:51: Vi6 CCP: O CONFREQ [REQsent] id 3 len 4
*Mar 1 08:12:53: Vi5 EVT: Auth Packet 0 0x8110F154
*Mar 1 08:12:53: Vi5 MS-CHAP: I RESPONSE id 1 len 61 from "testvpn"
*Mar 1 08:12:53: Vi5 MS-CHAP: O SUCCESS id 1 len 4
*Mar 1 08:12:53: Vi6 IPCP: TIMEout: State REQsent
*Mar 1 08:12:53: Vi6 IPCP: O CONFREQ [REQsent] id 4 len 10
*Mar 1 08:12:53: Vi6 IPCP: Address 192.168.1.65 (0x0306C0A80141)
*Mar 1 08:12:53: Vi6 CCP: TIMEout: State REQsent
*Mar 1 08:12:53: Vi6 CCP: O CONFREQ [REQsent] id 4 len 4
*Mar 1 08:12:55: Vi6 IPCP: TIMEout: State REQsent
*Mar 1 08:12:55: Vi6 IPCP: O CONFREQ [REQsent] id 5 len 10
*Mar 1 08:12:55: Vi6 IPCP: Address 192.168.1.65 (0x0306C0A80141)
*Mar 1 08:12:55: Vi6 CCP: TIMEout: State REQsent
*Mar 1 08:12:55: Vi6 CCP: O CONFREQ [REQsent] id 5 len 4
*Mar 1 08:12:56: Vi5 EVT: Auth Packet 0 0x8110E890
*Mar 1 08:12:56: Vi5 MS-CHAP: I RESPONSE id 1 len 61 from "testvpn"
*Mar 1 08:12:56: Vi5 MS-CHAP: O SUCCESS id 1 len 4
*Mar 1 08:12:57: Vi6 IPCP: TIMEout: State REQsent
*Mar 1 08:12:57: Vi6 IPCP: O CONFREQ [REQsent] id 6 len 10
*Mar 1 08:12:57: Vi6 IPCP: Address 192.168.1.65 (0x0306C0A80141)
*Mar 1 08:12:57: Vi6 CCP: TIMEout: State REQsent
*Mar 1 08:12:57: Vi6 CCP: O CONFREQ [REQsent] id 6 len 4
*Mar 1 08:12:59: Vi5 EVT: Auth Packet 0 0x8110D41C
*Mar 1 08:12:59: Vi5 MS-CHAP: I RESPONSE id 1 len 61 from "testvpn"
*Mar 1 08:12:59: Vi5 MS-CHAP: O SUCCESS id 1 len 4
*Mar 1 08:13:00: Vi6 IPCP: TIMEout: State REQsent
*Mar 1 08:13:00: Vi6 IPCP: O CONFREQ [REQsent] id 7 len 10
*Mar 1 08:13:00: Vi6 IPCP: Address 192.168.1.65 (0x0306C0A80141)
*Mar 1 08:13:00: Vi6 CCP: TIMEout: State REQsent
*Mar 1 08:13:00: Vi6 CCP: O CONFREQ [REQsent] id 7 len 4
*Mar 1 08:13:02: Vi6 IPCP: TIMEout: State REQsent
*Mar 1 08:13:02: Vi6 IPCP: O CONFREQ [REQsent] id 8 len 10
*Mar 1 08:13:02: Vi6 IPCP: Address 192.168.1.65 (0x0306C0A80141)
*Mar 1 08:13:02: Vi6 CCP: TIMEout: State REQsent
*Mar 1 08:13:02: Vi6 CCP: O CONFREQ [REQsent] id 8 len 4
*Mar 1 08:13:02: Vi5 EVT: Auth Packet 0 0x8110FFF0
*Mar 1 08:13:02: Vi5 MS-CHAP: I RESPONSE id 1 len 61 from "testvpn"
*Mar 1 08:13:02: Vi5 MS-CHAP: O SUCCESS id 1 len 4
*Mar 1 08:13:04: Vi6 IPCP: TIMEout: State REQsent
*Mar 1 08:13:04: Vi6 IPCP: O CONFREQ [REQsent] id 9 len 10
*Mar 1 08:13:04: Vi6 IPCP: Address 192.168.1.65 (0x0306C0A80141)
*Mar 1 08:13:04: Vi6 CCP: TIMEout: State REQsent
*Mar 1 08:13:04: Vi6 CCP: O CONFREQ [REQsent] id 9 len 4
*Mar 1 08:13:05: Vi5 EVT: Auth Packet 0 0x8110C86C
*Mar 1 08:13:05: Vi5 MS-CHAP: I RESPONSE id 1 len 61 from "testvpn"
*Mar 1 08:13:05: Vi5 MS-CHAP: O SUCCESS id 1 len 4
*Mar 1 08:13:06: Vi6 IPCP: TIMEout: State REQsent
*Mar 1 08:13:06: Vi6 IPCP: O CONFREQ [REQsent] id 10 len 10
*Mar 1 08:13:06: Vi6 IPCP: Address 192.168.1.65 (0x0306C0A80141)
*Mar 1 08:13:06: Vi6 CCP: TIMEout: State REQsent
*Mar 1 08:13:06: Vi6 CCP: O CONFREQ [REQsent] id 10 len 4
*Mar 1 08:13:08: Vi6 IPCP: TIMEout: State REQsent
*Mar 1 08:13:08: Vi6 IPCP: State is REQsent
*Mar 1 08:13:08: Vi6 CCP: TIMEout: State REQsent
*Mar 1 08:13:08: Vi6 CCP: State is Listen
*Mar 1 08:13:08: Vi5 EVT: Auth Packet 0 0x8110CE44
*Mar 1 08:13:08: Vi5 MS-CHAP: I RESPONSE id 1 len 61 from "testvpn"
*Mar 1 08:13:08: Vi5 MS-CHAP: O SUCCESS id 1 len 4
*Mar 1 08:13:11: Vi5 EVT: Auth Packet 0 0x8110FD04
*Mar 1 08:13:11: Vi5 MS-CHAP: I RESPONSE id 1 len 61 from "testvpn"
*Mar 1 08:13:11: Vi5 MS-CHAP: O SUCCESS id 1 len 4
*Mar 1 08:13:14: Vi5 EVT: Auth Packet 0 0x8110EE68
*Mar 1 08:13:14: Vi5 MS-CHAP: I RESPONSE id 1 len 61 from "testvpn"
*Mar 1 08:13:14: Vi5 MS-CHAP: O SUCCESS id 1 len 4
*Mar 1 08:13:17: Vi5 PPP: Block vaccess from being freed [0x18]
*Mar 1 08:13:17: %LINK-3-UPDOWN: Interface Virtual-Access5, changed state to down
*Mar 1 08:13:17: Vi5 EVT: Cstate 0 0x0
*Mar 1 08:13:17: Vi5 PPP: Unlocked by [0x8] Still Locked by [0x12]
*Mar 1 08:13:17: Vi5 PPP: Unlocked by [0x10] Still Locked by [0x2]
*Mar 1 08:13:17: Vi5 PPP: Phase is TERMINATING
*Mar 1 08:13:17: Vi5 LCP: State is Closed
*Mar 1 08:13:17: Vi5 PPP: Phase is DOWN
*Mar 1 08:13:17: Vi5 PPP: Unlocked by [0x2] Still Locked by [0x0]
*Mar 1 08:13:17: Vi5 PPP: Free previously blocked vaccess
*Mar 1 08:13:17: Vi6 CCP: State is Closed
*Mar 1 08:13:17: Vi6 BACP: State is Closed
*Mar 1 08:13:17: Vi6 IPCP: State is Closed
*Mar 1 08:13:17: Vi6 PPP: Phase is TERMINATING
*Mar 1 08:13:17: Vi6 LCP: State is Closed
*Mar 1 08:13:17: Vi6 PPP: Phase is DOWN
*Mar 1 08:13:17: %LINK-3-UPDOWN: Interface Virtual-Access6, changed state to down
*Mar 1 08:13:17: Vi5 EVT: Free PPP 0 0x0
*Mar 1 08:13:17: Vi6 EVT: Cstate 0 0x0
*Mar 1 08:13:17: Vi6 EVT: Free PPP 0 0x0
*Mar 1 08:13:18: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access5, changed state to down
*Mar 1 08:13:18: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access6, changed state to down

So it's successfully authenticating, but then getting IPCP timeouts, I'm guessing for the IP allocation?

I'm not sure what I'm missing, or what additional debugging I can enable to try and trace it down.

I've turned on all the following:

Cisco-PRK#show debug
PPP:
PPP detailed event debugging is on
MPPE Packet Details debugging is on
PPP protocol negotiation debugging is on
PPP packet display debugging is on
VPN:
L2X protocol events debugging is on
L2X data packets debugging is on
L2X control packets debugging is on
L2X protocol errors debugging is on
VPDN message debugging is on
VPDN events debugging is on
VPDN errors debugging is on
VPDN packet debugging is on
Cisco-PRK#

And I get:

*Mar 1 08:20:09: %LINK-3-UPDOWN: Interface Virtual-Access5, changed state to up
*Mar 1 08:20:09: Vi5 EVT: Hook 1 0x0
*Mar 1 08:20:09: Vi5 EVT: Forwarded 0 0x0
*Mar 1 08:20:09: Vi5 PPP: Phase is AUTHENTICATING, Authenticated User
*Mar 1 08:20:09: Vi5 MS-CHAP: O SUCCESS id 1 len 4
*Mar 1 08:20:09: Vi5 VPDN FS Network to tunnel: Punted 44 byte pak to l2x process queue
*Mar 1 08:20:09: Vi5 PPP: Phase is VIRTUALIZED
*Mar 1 08:20:09: Vi5 VPDN PROCESS Into tunnel: Sending 44 byte pak
*Mar 1 08:20:09: L2X: IP socket write 60 bytes, 192.168.1.65 to 192.168.1.6, prot 47
*Mar 1 08:20:09: VT[Vi6]:Created unnumbered vaccess
*Mar 1 08:20:09: Vi6 EVT: Setup 0 0x0
*Mar 1 08:20:09: Vi6 PPP: Phase is DOWN, Setup
*Mar 1 08:20:09: Vi6 PPP: Treating connection as a dedicated line
*Mar 1 08:20:09: Vi6 PPP: Phase is ESTABLISHING, Active Open
*Mar 1 08:20:09: Vi6 LCP: O CONFREQ [Closed] id 1 len 31
*Mar 1 08:20:09: Vi6 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 08:20:09: Vi6 LCP: MagicNumber 0x0955F59C (0x05060955F59C)
*Mar 1 08:20:09: Vi6 LCP: MRRU 1524 (0x110405F4)
*Mar 1 08:20:09: Vi6 LCP: EndpointDisc 1 Cisco-PRK (0x130C01436973636F2D50524B)
*Mar 1 08:20:09: Vi6 EVT: Setup 0 0x0
*Mar 1 08:20:09: Vi6 PPP: Phase is DOWN, Setup
*Mar 1 08:20:09: %LINK-3-UPDOWN: Interface Virtual-Access6, changed state to up
*Mar 1 08:20:09: Vi6 EVT: Cstate 4 0x0
*Mar 1 08:20:09: Vi6 MLP: Added first link Vi5 to bundle testvpn
*Mar 1 08:20:09: Vi6 EVT: Virtualize 0 0x0
*Mar 1 08:20:09: Vi6 PPP: Phase is UP
*Mar 1 08:20:09: Vi6 IPCP: O CONFREQ [Closed] id 1 len 10
*Mar 1 08:20:09: Vi6 IPCP: Address 192.168.0.65 (0x0306C0A80041)
*Mar 1 08:20:09: Vi5 VPDN FS Network to tunnel: Punted 50 byte pak to l2x process queue
*Mar 1 08:20:09: Vi6 CCP: O CONFREQ [Closed] id 1 len 4
*Mar 1 08:20:09: Vi5 VPDN FS Network to tunnel: Punted 44 byte pak to l2x process queue
*Mar 1 08:20:09: Vi6 PPP: Process pending packets
*Mar 1 08:20:09: Vi5 EVT: Redirect 0 0x0
*Mar 1 08:20:09: Vi5 PPP: Process pending packets
*Mar 1 08:20:09: Vi5 VPDN PROCESS Into tunnel: Sending 50 byte pak
*Mar 1 08:20:09: L2X: IP socket write 64 bytes, 192.168.1.65 to 192.168.1.6, prot 47
*Mar 1 08:20:09: Vi5 VPDN PROCESS Into tunnel: Sending 44 byte pak
*Mar 1 08:20:09: L2X: IP socket write 60 bytes, 192.168.1.65 to 192.168.1.6, prot 47
*Mar 1 08:20:10: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access5, changed state to up
*Mar 1 08:20:10: Vi5 LCP: O ECHOREQ [Open] id 1 len 12 magic 0x0955EC32
*Mar 1 08:20:10: Vi5 VPDN FS Network to tunnel: Punted 52 byte pak to l2x process queue
*Mar 1 08:20:10: Vi5 VPDN PROCESS Into tunnel: Sending 52 byte pak
*Mar 1 08:20:10: L2X: IP socket write 66 bytes, 192.168.1.65 to 192.168.1.6, prot 47
*Mar 1 08:20:10: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access6, changed state to up
*Mar 1 08:20:10: Vi6 EVT: Cstate 4 0x0
*Mar 1 08:20:11: Vi6 IPCP: TIMEout: State REQsent
*Mar 1 08:20:11: Vi6 IPCP: O CONFREQ [REQsent] id 2 len 10
*Mar 1 08:20:11: Vi6 IPCP: Address 192.168.0.65 (0x0306C0A80041)
*Mar 1 08:20:11: Vi5 VPDN FS Network to tunnel: Punted 50 byte pak to l2x process queue
*Mar 1 08:20:11: Vi6 CCP: TIMEout: State REQsent
*Mar 1 08:20:11: Vi6 CCP: O CONFREQ [REQsent] id 2 len 4
*Mar 1 08:20:11: Vi5 VPDN FS Network to tunnel: Punted 44 byte pak to l2x process queue
*Mar 1 08:20:11: Vi5 VPDN PROCESS Into tunnel: Sending 50 byte pak
*Mar 1 08:20:11: L2X: IP socket write 64 bytes, 192.168.1.65 to 192.168.1.6, prot 47
*Mar 1 08:20:11: Vi5 VPDN PROCESS Into tunnel: Sending 44 byte pak
*Mar 1 08:20:11: L2X: IP socket write 60 bytes, 192.168.1.65 to 192.168.1.6, prot 47
*Mar 1 08:20:12: VPDN PROCESS: Processing GRE packet received from tunnel
*Mar 1 08:20:12: Vi5 PPTP/xGRE: I, src 192.168.1.6, len 77, seq 8
*Mar 1 08:20:12: Vi5 VPDN PROCESS From tunnel: Queue 65 byte pak to ppp parse and iqueue
*Mar 1 08:20:12: Vi5 PPP: I pkt type 0xC223, datagramsize 65 link[ppp]
*Mar 1 08:20:12: Vi6 PPP: I pkt type 0xC223, datagramsize 65 link[ppp]
*Mar 1 08:20:12: Vi5 VPDN PROCESS From tunnel: Pak send successful
*Mar 1 08:20:12: Vi5 EVT: Auth Packet 0 0x8110FD04
*Mar 1 08:20:12: Vi5 MS-CHAP: I RESPONSE id 1 len 61 from "testvpn"
*Mar 1 08:20:12: Vi5 MS-CHAP: O SUCCESS id 1 len 4
*Mar 1 08:20:12: Vi5 VPDN FS Network to tunnel: Punted 44 byte pak to l2x process queue
*Mar 1 08:20:12: Vi5 VPDN PROCESS Into tunnel: Sending 44 byte pak
*Mar 1 08:20:12: L2X: IP socket write 60 bytes, 192.168.1.65 to 192.168.1.6, prot 47
*Mar 1 08:20:13: Vi6 IPCP: TIMEout: State REQsent
*Mar 1 08:20:13: Vi6 IPCP: O CONFREQ [REQsent] id 3 len 10
*Mar 1 08:20:13: Vi6 IPCP: Address 192.168.0.65 (0x0306C0A80041)
*Mar 1 08:20:13: Vi5 VPDN FS Network to tunnel: Punted 50 byte pak to l2x process queue
*Mar 1 08:20:13: Vi6 CCP: TIMEout: State REQsent
*Mar 1 08:20:13: Vi6 CCP: O CONFREQ [REQsent] id 3 len 4
*Mar 1 08:20:13: Vi5 VPDN FS Network to tunnel: Punted 44 byte pak to l2x process queue
*Mar 1 08:20:13: Vi5 VPDN PROCESS Into tunnel: Sending 50 byte pak
*Mar 1 08:20:13: L2X: IP socket write 64 bytes, 192.168.1.65 to 192.168.1.6, prot 47
*Mar 1 08:20:13: Vi5 VPDN PROCESS Into tunnel: Sending 44 byte pak
*Mar 1 08:20:13: L2X: IP socket write 60 bytes, 192.168.1.65 to 192.168.1.6, prot 47
*Mar 1 08:20:15: VPDN PROCESS: Processing GRE packet received from tunnel
*Mar 1 08:20:15: Vi5 PPTP/xGRE: I, src 192.168.1.6, len 77, seq 9
*Mar 1 08:20:15: Vi5 VPDN PROCESS From tunnel: Queue 65 byte pak to ppp parse and iqueue
*Mar 1 08:20:15: Vi5 PPP: I pkt type 0xC223, datagramsize 65 link[ppp]
*Mar 1 08:20:15: Vi6 PPP: I pkt type 0xC223, datagramsize 65 link[ppp]
*Mar 1 08:20:15: Vi5 VPDN PROCESS From tunnel: Pak send successful
*Mar 1 08:20:15: Vi5 EVT: Auth Packet 0 0x8110F154
*Mar 1 08:20:15: Vi5 MS-CHAP: I RESPONSE id 1 len 61 from "testvpn"
*Mar 1 08:20:15: Vi5 MS-CHAP: O SUCCESS id 1 len 4
*Mar 1 08:20:15: Vi5 VPDN FS Network to tunnel: Punted 44 byte pak to l2x process queue
*Mar 1 08:20:15: Vi5 VPDN PROCESS Into tunnel: Sending 44 byte pak
*Mar 1 08:20:15: L2X: IP socket write 60 bytes, 192.168.1.65 to 192.168.1.6, prot 47
*Mar 1 08:20:15: Vi6 IPCP: TIMEout: State REQsent
*Mar 1 08:20:15: Vi6 IPCP: O CONFREQ [REQsent] id 4 len 10
*Mar 1 08:20:15: Vi6 IPCP: Address 192.168.0.65 (0x0306C0A80041)
*Mar 1 08:20:15: Vi5 VPDN FS Network to tunnel: Punted 50 byte pak to l2x process queue
*Mar 1 08:20:15: Vi6 CCP: TIMEout: State REQsent
*Mar 1 08:20:15: Vi6 CCP: O CONFREQ [REQsent] id 4 len 4
*Mar 1 08:20:15: Vi5 VPDN FS Network to tunnel: Punted 44 byte pak to l2x process queue
*Mar 1 08:20:15: Vi5 VPDN PROCESS Into tunnel: Sending 50 byte pak
*Mar 1 08:20:15: L2X: IP socket write 64 bytes, 192.168.1.65 to 192.168.1.6, prot 47
*Mar 1 08:20:15: Vi5 VPDN PROCESS Into tunnel: Sending 44 byte pak
*Mar 1 08:20:15: L2X: IP socket write 60 bytes, 192.168.1.65 to 192.168.1.6, prot 47
*Mar 1 08:20:17: Vi6 IPCP: TIMEout: State REQsent

Help?

prk.
 
Any particular reason why you aren't going with IPSec? Although I've never used it I believe it's natively supported in Win2K. There is also a reported DoS vulnerability with PPTP and 12.2.
Some docs that you probably already have at:

Do you have a TAC login?
Sorry i couldn't offer more detailed help. I'll try to look at it more in depth when I have more time.

-Jeff
----------------------------------------
Wassabi Pop Tarts! Write Kellogs today!
 
G'day Jeff,

The client has requested PPTP to make support easier for them.

It's much easier to guide a user through setting up a PPTP VPN connection under win2k or winxp than an IPSec one, additionally
they may have some older Win98 machines they'll need it available on.

No, alas, no TAC access for this.

Any light you could shed would be appreciated.
 
Try configuring with authentication to a pptp server instead of locally. This setup is well documented and may let you narrow the problem.

Linux pptp server, PopTop

More Cisco docs at

Gotta go again. Look at it more tomarrow.
-Jeff
----------------------------------------
Wasabi Pop Tarts! Write Kellogs today!
 
Hi Jeff,

Not sure what you mean by configuring authentication to a linux pptp server instead.

NAT / PAT on an 827 is fine, it's easy to configure to forwards to a Microsoft or Linux PPTP server, but I'm trying to do it all on the Cisco, intially with local authentication, then later with radius.

If I forward it to another PPTP server, then the router isn't
doing it at all.

Based on the logs, the authentication is successful. If I put the wrong password on the win2k client, it fails with an incorrect username / password error. If I put the right username, it hangs on verifying.

From an ip packet dump, it appears that after the auth is successful, the CONFREQ (presumably to sort out IP details) is sent via GRE, and no answer received from the client.

I might try using a linux PPTP client to do a tcpdump on it, and see what packets it's getting back from the router. I suspect possibly an incorrect source address within the GRE,
so it's sending the reply to a non-existant server.

Any other thoughts you have would be appreciated.

Cheers,
 
This is now resolved.

It turns out it's a bug in the Y train of IOS.

I tried with YJ1, YN, and YM, all with the same problem.

12.2.8T5 and 12.2.4XM4 both worked properly though, with the same configuration.

*grumble*

Thanks for your help anway, Jeff.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top