Problem with PPTP VPN through Wireless Access Point

Answered Question
Jan 7th, 2010
User Badges:

Hi all,


My customer has a very basic LAN+WLAN configuration:


- 1 switch (not Cisco)

- 1 DSL router which is the default gateway (not Cisco)

- 2 Wi-Fi Access Points (Cisco AIR-AP1131AG-E-K9)


If he tries to establish a PPTP VPN when he is connected to the wired LAN, it works but when he tries the same from the wireless LAN it doesn't work. He says he'd tested it with Windows Firewall disabled.


Can anybody help me toubleshoot this? Is there any configuration command that can enable/disable PPTP VPN traffic pass through a Wi-Fi connection? I've never seen something like this and I use PPTP VPNs over a Wi-Fi connection every day without any particular configuration on the access point.


Here's the APs config:



hostname ...
!
enable secret ...
!
aaa new-model
!
!
aaa authentication login default local
!
aaa session-id common
!
!
dot11 syslog
!
dot11 ssid ...
   authentication open
   authentication key-management wpa version 2
   guest-mode
   infrastructure-ssid
   wpa-psk ascii ...
!
power inline negotiation prestandard source
!
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
!
ssid ...
!
speed  1.0 2.0 5.5 basic-11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2412
station-role root
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
!
ssid ...
!
no dfs band block
power client 11
channel dfs
station-role root
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.1.254 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.1.1
no cdp log mismatch duplex
bridge 1 route ip

Correct Answer by Stephen Rodriguez about 7 years 5 months ago

Defect for PPTP not establishing in an IOS AP.


  CSCtc78925, for 1130/1240 etc, you can downgrade to the previous release (something other thatn 12.4(21a))  For 1140, contact TAC, if you or your customer is willing to run an Engineering Special image

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
simon.dwyer Thu, 01/21/2010 - 18:06
User Badges:

Hi,


I am having the exact same problem with a 1142.


Cant find a fix anywhere!


Simon

Davide Fiumi Fri, 01/22/2010 - 09:07
User Badges:

Hi,


I confirm the existance of this problem on 1240 AP series. I guess it is caused by a regression in the latest firmware version (12.4.21a).


The solution is simple: downgrade to version 12.4.10b.


/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Tabella normale"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}


Best regards.

simon.dwyer Sat, 01/23/2010 - 21:30
User Badges:

Sadly for the 1142 there is only one IOS image avaliable.

Davide Fiumi Mon, 01/25/2010 - 00:18
User Badges:

I see. In this case I think you should look for a reliable way to file a bug report to Cisco and/or wait for next firmware release in the hope that it comes with that bug fixed.


Good luck & best regards.

Correct Answer
Stephen Rodriguez Mon, 01/25/2010 - 09:19
User Badges:
  • Purple, 4500 points or more

Defect for PPTP not establishing in an IOS AP.


  CSCtc78925, for 1130/1240 etc, you can downgrade to the previous release (something other thatn 12.4(21a))  For 1140, contact TAC, if you or your customer is willing to run an Engineering Special image

chiefarchitectinc Thu, 01/28/2010 - 16:18
User Badges:

We have the same problem with a 1252 access point. We've also tried both IOS versions with no success. We have a TAC request open, but the technicians have yet to come up with a solution. Everything works fine except for a Microsoft VPN connection. A simple Linksys router in the 1252's place works just fine, but I don't think that's the right way to solve this problem.

Davide Fiumi Fri, 01/29/2010 - 01:12
User Badges:

1. make sure this error is not related to the MTU. Adjust its value to something like 1450 on the WAN interface of your Internet gateway.

2. try all the available IOS versions and report your results:


          - 12.4.10b-JDA(ED)

          - 12.4.10b-JA3(ED)

          - 12.4.10b-JA1(ED)


Regards.

chiefarchitectinc Wed, 02/24/2010 - 09:00
User Badges:

My problem was with the most current IOS. After I went back to an earlier version, it worked. To my knowledge, there is no newer IOS that fixes this problem yet.

frankroche Fri, 03/26/2010 - 12:28
User Badges:

any update? i also have a 1140 with the same PPTP issue. i currently have a TAC opened, but so far no resolution.

gerardo.raimondi Thu, 12/15/2011 - 10:44
User Badges:

I've the same problem. Read about this bug (CSCtc78925), upgrade to 12.4(21a)JY and that resolved the problem.

Thanks to all !!

Anton Pestov Wed, 04/18/2012 - 06:30
User Badges:

c1140-k9w7-tar.124-25d.JA1.tar release 15-AUG-2011 probably has the same problem

Actions

This Discussion

Related Content

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode