cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
691
Views
0
Helpful
10
Replies

PPTP in VPN Concentrator

zakid
Level 1
Level 1

Dear all,

In VPN Concentrator,PPTP VPN connection, not get authentication, verifying user name & password, but when we connect through vpn client software, which is IPSEC/UDP, get connect on VPN concentrator, this happens suddenly. after some time it woking. so, we contucted a test from outside of the network, PPTP VPN is working, while comes from ISP is not. what could be cause.

prompt response is much appicate,

thanks & regards

10 Replies 10

Yudong Wu
Level 7
Level 7

I guess your ISP might block PPTP port TCP/1723.

many thanks..... for ur prompt reply, how could is possible, it is working from many years. how can i prove that is from ISP. could you explain, please

thanks & regards,

Since PPTP works OK when you tested on your outside network, this means that your PPTP configuration should be OK. That's why I am thinking it might be caused by your ISP blocking the port for PPTP. You might check the log on VPN concentrator and do a packet sniffer to find it out.

dear, again the same problem happened. as you said, i snif the packet while traffic coming from ISP and as well as connecting through my Outside network. while analysing the packets several request, ack, ms chap authentication, login successful and compresed packet can see clearly, in through my outside network. while the analysing packet of isp, packet request, ack are fine, but ms chap authen & ppp LCP in not fine conversation, and again and again requesting. so i send to this management. but same time if there is any possible of upgrading IOS from 4.7 or any other recommendation,

awaiting for your response.

thanks & regards

Zak, I do agree with Kevin  .but  sounds you have ruled out ISP blocking PPTP with sniff results  but  to be completely sure you should from  outside  conduct a telnet test on port 1723  towards your VPN concentrator public IP address.

c:\telnet < VPN_gateway_outside_IP>  1723

if telnet test fails double check  PPTP is enabled under udner Configuration\System\PPTP 

if telnet test is successful I would suggest to double check    VPN PPTP  authentication protocols configuration under   System/Usermanager/Groups/VPN(internally Configure) and verify  authen protocols are in fact enabled .

The question would probably be  can any of your PPTP clients successfully connect at all?  or is it just a few clients unable to connect,   what are you using for authenticating your users   RADIUS  from MS-IAS  , is it possible some changes may have occor in RADIUS? 

If you can rule out  all these above we' could take different  troubleshooting approach.

Regards  

Jorge Rodriguez

If your PPTP client works fine when it is in your outside network, I believe that your VPN concentator's configuration should be good. Is there any other device between your outside network and ISP? Remember you need open two ports for PPTP to work, one is TCP/1723 which is for PPTP control session and the other is GRE which is for data packets.

many thanks for all your efforts,

I telnet vpn public address with port 1723, is opening the session, and i double with tunneling & security, PPTP is enabled. and i also double check GRE it also enabled. we can say almost it working more than 6 years, no changes at all from side.

Regards,

1- Can you post some real time vpn logs when PPTP client tries connecting.

2- When was the last time the unit was power clycle? you may want to try a reboot, save VPN configuration prior doing a reboot.

3- What version code are you running

Jorge Rodriguez

hi, really sorry for delay.... once it working for a while... we didn't care..

3.Current VER is 4.1.7 E

2.Last month.

hi all,

Cisco Cotent Switch giving problem of intermittent connecting PPTP, we by pass the device, problem solved.

thanking all, for your efforts

thanks & regards,

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: