cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9680
Views
0
Helpful
3
Replies

PPTP VPN Problem - Hanging at Verifying Username and Password

napalm255
Level 1
Level 1

We've got two new 7206VXR's running 'c7200p-advsecurityk9-mz.124-24.T2.bin' that are being configure for our Remote Access solution. These two devices are setup for DMVPN, EasyVPN and PPTP. DMVPN and EasyVPN are working great with no issues. PPTP however is giving us some problems when clients try and connect. When an attempt is made it will get to "Verifying Username and Password" and just sit there and hang. It will eventually time out displaying an error on the screen. Other times you attempt a connection and it goes right through extremely quick - almost so quick that if you blink you may miss it. Once it connects via PPTP, everything works flawlessy.


I'm rather confident I've found the problem after reviewing the Router Debugs, Wireshark and PPP Logging on the Client. Unfortunately I am unsure how to correct the problem. We are using MS-CHAP-V2 with MPPE 128-bit (Required) and RADIUS authentication. Here's what happens. The client initiates a PPTP session with the 7200. LCP negotions begin between the Client and 7200. At the end of LCP, the 7200 sends the last LCP Ack packet back to the Client, then immediately sends the MS-CHAP-V2 Challenge. The 7200 debugs shows that "LCP: State is Open" and then after that you see "MS-CHAP-V2: O CHALLENGE" going out to the client. When reviewing the Wireshark logs the "PPP CHAP Challenge" message is received prior to the last "LCP Configration Ack". When that happens the client sits at "Verifying Username and Password" and eventually timesout. Looking at the client's PPP.log it confirms what Wireshark sees and also states that a "Non-LCP packet received when LCP is not opened. Packet being silently discarded". So in short, the client is receiving the Challenge before the LCP Ack.


The problem happens frequently and is easy to duplicate. I've tested with Windows XP and Windows 7. Testing has occured on Cable, DSL and Verizon Wireless. OS and Connectivity doesn't seem to matter.


Anyone got any thoughts??


Here's the config (as it relates to PPTP) and the logs...


7200 Config:

aaa authentication ppp pptpUsers group radius

aaa authorization network pptpAuthorize group radius

async-bootp dns-server 169.156.54.15 169.156.41.24
async-bootp nbns-server 169.156.41.1 169.156.33.12


vpdn enable
vpdn logging
vpdn logging local
vpdn logging user
vpdn logging tunnel-drop
vpdn logging accounting
!       
vpdn-group 1
accept-dialin
  protocol pptp
  virtual-template 2
source-ip X.X.X.X
!      


interface Virtual-Template2
description PPTP over Verizon
ip unnumbered GigabitEthernet0/3
peer default ip address pool pptpPool
no keepalive
ppp encrypt mppe 128 required
ppp authentication ms-chap-v2 pptpUsers
ppp authorization pptpAuthorize
!


ip local pool pptpPool 169.156.254.1 169.156.255.254


7200 Debug:

Jan 19 13:12:53.315: VPDN Received L2TUN socket message <xCRQ - Session Incoming>
Jan 19 13:12:53.319: VPDN Tnl/Sn 51 45 L2TUN socket session accept requested
Jan 19 13:12:53.319: VPDN Tnl/Sn 51 45 Setting up dataplane for L2-L2, no idb
Jan 19 13:12:53.319: VPDN Received L2TUN socket message <xCCN - Session Connected>
Jan 19 13:12:53.323: VPDN uid:44 VPDN session up
Jan 19 13:12:53.323: ppp44 PPP: Create Context 7BD512C
Jan 19 13:12:53.323: ppp44 PPP: Bind SSS Dynamic
Jan 19 13:12:53.323: ppp44 PPP: Send Message[Dynamic Bind Response]
Jan 19 13:12:53.323: ppp44 PPP: Using vpn set call direction
Jan 19 13:12:53.323: ppp44 PPP: Treating connection as a callin
Jan 19 13:12:53.323: ppp44 PPP: Session handle[DC00004C] Session id[44]
Jan 19 13:12:53.323: ppp44 PPP: Phase is ESTABLISHING, Passive Open
Jan 19 13:12:53.323: ppp44 LCP: State is Listen
Jan 19 13:12:53.499: ppp44 LCP: I CONFREQ [Listen] id 0 len 21
Jan 19 13:12:53.499: ppp44 LCP:    MRU 1400 (0x01040578)
Jan 19 13:12:53.499: ppp44 LCP:    MagicNumber 0x292E1DAC (0x0506292E1DAC)
Jan 19 13:12:53.499: ppp44 LCP:    PFC (0x0702)
Jan 19 13:12:53.499: ppp44 LCP:    ACFC (0x0802)
Jan 19 13:12:53.499: ppp44 LCP:    Callback 6  (0x0D0306)
Jan 19 13:12:53.503: ppp44 PPP: Authorization required
Jan 19 13:12:53.503: ppp44 LCP: O CONFREQ [Listen] id 1 len 15
Jan 19 13:12:53.503: ppp44 LCP:    AuthProto MS-CHAP-V2 (0x0305C22381)
Jan 19 13:12:53.503: ppp44 LCP:    MagicNumber 0xC681E488 (0x0506C681E488)
Jan 19 13:12:53.503: ppp44 LCP: O CONFREJ [Listen] id 0 len 7
Jan 19 13:12:53.503: ppp44 LCP:    Callback 6  (0x0D0306)
Jan 19 13:12:53.635: ppp44 LCP: I CONFACK [REQsent] id 1 len 15
Jan 19 13:12:53.635: ppp44 LCP:    AuthProto MS-CHAP-V2 (0x0305C22381)
Jan 19 13:12:53.635: ppp44 LCP:    MagicNumber 0xC681E488 (0x0506C681E488)
Jan 19 13:12:53.663: ppp44 LCP: I CONFREQ [ACKrcvd] id 1 len 18
Jan 19 13:12:53.663: ppp44 LCP:    MRU 1400 (0x01040578)
Jan 19 13:12:53.663: ppp44 LCP:    MagicNumber 0x292E1DAC (0x0506292E1DAC)
Jan 19 13:12:53.663: ppp44 LCP:    PFC (0x0702)
Jan 19 13:12:53.663: ppp44 LCP:    ACFC (0x0802)
Jan 19 13:12:53.663: ppp44 LCP: O CONFNAK [ACKrcvd] id 1 len 8
Jan 19 13:12:53.663: ppp44 LCP:    MRU 1500 (0x010405DC)
Jan 19 13:12:53.795: ppp44 LCP: I CONFREQ [ACKrcvd] id 2 len 18
Jan 19 13:12:53.795: ppp44 LCP:    MRU 1400 (0x01040578)
Jan 19 13:12:53.795: ppp44 LCP:    MagicNumber 0x292E1DAC (0x0506292E1DAC)
Jan 19 13:12:53.795: ppp44 LCP:    PFC (0x0702)
Jan 19 13:12:53.795: ppp44 LCP:    ACFC (0x0802)
Jan 19 13:12:53.795: ppp44 LCP: O CONFNAK [ACKrcvd] id 2 len 8
Jan 19 13:12:53.795: ppp44 LCP:    MRU 1500 (0x010405DC)
Jan 19 13:12:53.927: ppp44 LCP: I CONFREQ [ACKrcvd] id 3 len 18
Jan 19 13:12:53.927: ppp44 LCP:    MRU 1500 (0x010405DC)
Jan 19 13:12:53.927: ppp44 LCP:    MagicNumber 0x292E1DAC (0x0506292E1DAC)
Jan 19 13:12:53.927: ppp44 LCP:    PFC (0x0702)
Jan 19 13:12:53.927: ppp44 LCP:    ACFC (0x0802)
Jan 19 13:12:53.927: ppp44 LCP: O CONFACK [ACKrcvd] id 3 len 18
Jan 19 13:12:53.927: ppp44 LCP:    MRU 1500 (0x010405DC)
Jan 19 13:12:53.927: ppp44 LCP:    MagicNumber 0x292E1DAC (0x0506292E1DAC)
Jan 19 13:12:53.927: ppp44 LCP:    PFC (0x0702)
Jan 19 13:12:53.927: ppp44 LCP:    ACFC (0x0802)
Jan 19 13:12:53.927: ppp44 LCP: State is Open
Jan 19 13:12:53.927: ppp44 PPP: Phase is AUTHENTICATING, by this end
Jan 19 13:12:53.927: ppp44 MS-CHAP-V2: O CHALLENGE id 1 len 33 from "MECU-7206-H2"
Jan 19 13:12:54.115: ppp44 LCP: I IDENTIFY [Open] id 4 len 18 magic 0x292E1DAC MSRASV5.10
Jan 19 13:12:54.139: ppp44 LCP: I IDENTIFY [Open] id 5 len 28 magic 0x292E1DAC MSRAS-0-MOIT-SNIFFER
Jan 19 13:13:03.928: ppp44 AUTH: Timeout 1
Jan 19 13:13:13.944: ppp44 AUTH: Timeout 2
Jan 19 13:13:23.961: ppp44 AUTH: Timeout 3
Jan 19 13:13:33.977: ppp44 AUTH: Timeout 4
Jan 19 13:13:43.994: ppp44 AUTH: Timeout 5
Jan 19 13:13:54.011: ppp44 AUTH: Timeout 6
Jan 19 13:14:04.027: ppp44 AUTH: Timeout 7
Jan 19 13:14:14.044: ppp44 AUTH: Timeout 8
Jan 19 13:14:24.061: ppp44 AUTH: Timeout 9
Jan 19 13:14:34.077: ppp44 AUTH: Timeout 10
Jan 19 13:14:44.094: ppp44 AUTH: Timeout 11
Jan 19 08:14:44: %VPDN-6-TIMEOUT: PPTP PNS MECU-7206-H2 disconnected   ; PPP authentication


Wireshark on Client:

25 08:12:58.541015 75.197.0.79           X.X.X.X         PPP LCP  Configuration Request
26 08:12:58.681640 X.X.X.X         75.197.0.79           PPP CHAP Challenge

28 08:12:58.681640 X.X.X.X         75.197.0.79           PPP LCP  Configuration Ack


PPP.log on Client:

(netsh ras set tracing ppp enable -- will generate c:\windows\tracing\ppp.log)

[2544] 08:12:58:671: >PPP packet received at 01/19/2010 13:12:58:671
[2544] 08:12:58:671: >Protocol = CHAP, Type = Protocol specific, Length = 0x23, Id = 0x1, Port = 3
[2544] 08:12:58:671: >C2 23 01 01 00 21 10 41 31 6B 20 63 F6 5B DB 2B |.#...!.A1k c.[.+|
[2544] 08:12:58:671: >5C 21 4D E7 91 ED 46 4D 45 43 55 2D 37 32 30 36 |\!M...FMECU-7206|
[2544] 08:12:58:671: >2D 48 32 00 00 00 00 00 00 00 00 00 00 00 00 00 |-H2.............|
[2544] 08:12:58:671: 
[2544] 08:12:58:671: Non-LCP packet received when LCP is not opened
[2544] 08:12:58:671: Packet being silently discarded
[2544] 08:12:58:671: >PPP packet received at 01/19/2010 13:12:58:671
[2544] 08:12:58:671: >Protocol = LCP, Type = Configure-Ack, Length = 0x14, Id = 0x3, Port = 3
[2544] 08:12:58:671: >C0 21 02 03 00 12 01 04 05 DC 05 06 29 2E 1D AC |.!..........)...|
[2544] 08:12:58:671: >07 02 08 02 00 00 00 00 00 00 00 00 00 00 00 00 |................|

3 Replies 3

Ivan Martinon
Level 7
Level 7

It looks to me that the client is configured as default settings for ppp authentication protocols, if that is the case then it will be sending mschap v2 hashes to validate username and password, and we would need to find out if your radius server has this setting on. Depending on your radius server I would advise you to test first on your client whether the connection works with plain PAP. If it does then the problem might lie on the AAA server not supporting mschap for authenticating the user.

I am trying to find out on the IOS how to enable mschap support since the router by default sends PAP to the radius server I know I did it once but can't rememer how.

We're using Microsoft Windows Server 2003 with IAS for RADIUS authentication. To help you all help me, I describe the RADIUS server configuration below. However, as I first stated in my original post, it can and does connect at times. Some users seem to have more problems than others but everyone can connect at some point. When people do connect, all communications between the 7200 and the RADIUS server appear fine and authentication does occur.

The 7200 is configured as a client in IAS with the "Client-Vendor" option set to "Cisco" as well as "RADIUS Standard" and either setting doesn't seem to make a difference in this case.

The Remote Access Policy for the 7200 is defined as follows:

Policy Conditions:

  • Framed-Protocol matches "PPP" AND
  • Client-IP-Address matches "" AND
  • Windows-Groups matches "" AND
  • Authentication-Type matches "MS-CHAP-V2" (this is a new addition to my testing. I originaly didn't have this and it isn't helping, nor did it make it worse.)

Profile:

Advanced Attributes:

    • Framed-Protocol = PPP
    • Service-Type = Framed

Encryption:

    • Strongest encryption (MPPE 128 bit)
      (only one checked)

Authentication:

    • Microsoft Encrypted Authentication version 2 (MS-CHAP v2)
      (only one checked)

So, the RADIUS server looks right to me and it definately supports MS-CHAP-V2. I figured I should also include a debug from the 7200 when it *IS* working... (Slightly edited for security)

** Debug when client IS Working ***

Jan  7 20:08:08.453: VPDN Received L2TUN socket message
Jan  7 20:08:08.453: VPDN Tnl/Sn 258 256 L2TUN socket session accept requested
Jan  7 20:08:08.453: VPDN Tnl/Sn 258 256 Setting up dataplane for L2-L2, no idb
Jan  7 20:08:08.453: VPDN Received L2TUN socket message
Jan  7 20:08:08.457: VPDN uid:253 VPDN session up
Jan  7 20:08:08.457: ppp253 PPP: Create Context 7BE7BB8
Jan  7 20:08:08.457: ppp253 PPP: Bind SSS Dynamic
Jan  7 20:08:08.457: ppp253 PPP: Send Message[Dynamic Bind Response]
Jan  7 20:08:08.457: ppp253 PPP: Using vpn set call direction
Jan  7 20:08:08.457: ppp253 PPP: Treating connection as a callin
Jan  7 20:08:08.457: ppp253 PPP: Session handle[CE000190] Session id[253]
Jan  7 20:08:08.457: ppp253 PPP: Phase is ESTABLISHING, Passive Open
Jan  7 20:08:08.457: ppp253 LCP: State is Listen
Jan  7 20:08:08.637: ppp253 LCP: I CONFREQ [Listen] id 0 len 21
Jan  7 20:08:08.637: ppp253 LCP:    MRU 1400 (0x01040578)
Jan  7 20:08:08.637: ppp253 LCP:    MagicNumber 0x3058696F (0x05063058696F)
Jan  7 20:08:08.637: ppp253 LCP:    PFC (0x0702)
Jan  7 20:08:08.637: ppp253 LCP:    ACFC (0x0802)
Jan  7 20:08:08.637: ppp253 LCP:    Callback 6  (0x0D0306)
Jan  7 20:08:08.637: ppp253 PPP: Authorization required
Jan  7 20:08:08.637: ppp253 LCP: O CONFREQ [Listen] id 1 len 15
Jan  7 20:08:08.637: ppp253 LCP:    AuthProto MS-CHAP-V2 (0x0305C22381)
Jan  7 20:08:08.637: ppp253 LCP:    MagicNumber 0xD766D770 (0x0506D766D770)
Jan  7 20:08:08.637: ppp253 LCP: O CONFREJ [Listen] id 0 len 7
Jan  7 20:08:08.637: ppp253 LCP:    Callback 6  (0x0D0306)
Jan  7 20:08:08.745: ppp253 LCP: I CONFACK [REQsent] id 1 len 15
Jan  7 20:08:08.745: ppp253 LCP:    AuthProto MS-CHAP-V2 (0x0305C22381)
Jan  7 20:08:08.745: ppp253 LCP:    MagicNumber 0xD766D770 (0x0506D766D770)
Jan  7 20:08:08.769: ppp253 LCP: I CONFREQ [ACKrcvd] id 1 len 18
Jan  7 20:08:08.769: ppp253 LCP:    MRU 1400 (0x01040578)
Jan  7 20:08:08.769: ppp253 LCP:    MagicNumber 0x3058696F (0x05063058696F)
Jan  7 20:08:08.769: ppp253 LCP:    PFC (0x0702)
Jan  7 20:08:08.769: ppp253 LCP:    ACFC (0x0802)
Jan  7 20:08:08.769: ppp253 LCP: O CONFNAK [ACKrcvd] id 1 len 8
Jan  7 20:08:08.769: ppp253 LCP:    MRU 1500 (0x010405DC)
Jan  7 20:08:08.905: ppp253 LCP: I CONFREQ [ACKrcvd] id 2 len 18
Jan  7 20:08:08.905: ppp253 LCP:    MRU 1400 (0x01040578)
Jan  7 20:08:08.905: ppp253 LCP:    MagicNumber 0x3058696F (0x05063058696F)
Jan  7 20:08:08.905: ppp253 LCP:    PFC (0x0702)
Jan  7 20:08:08.905: ppp253 LCP:    ACFC (0x0802)
Jan  7 20:08:08.905: ppp253 LCP: O CONFNAK [ACKrcvd] id 2 len 8
Jan  7 20:08:08.905: ppp253 LCP:    MRU 1500 (0x010405DC)
Jan  7 20:08:09.089: ppp253 LCP: I CONFREQ [ACKrcvd] id 3 len 18
Jan  7 20:08:09.089: ppp253 LCP:    MRU 1500 (0x010405DC)
Jan  7 20:08:09.089: ppp253 LCP:    MagicNumber 0x3058696F (0x05063058696F)
Jan  7 20:08:09.089: ppp253 LCP:    PFC (0x0702)
Jan  7 20:08:09.089: ppp253 LCP:    ACFC (0x0802)
Jan  7 20:08:09.089: ppp253 LCP: O CONFACK [ACKrcvd] id 3 len 18
Jan  7 20:08:09.089: ppp253 LCP:    MRU 1500 (0x010405DC)
Jan  7 20:08:09.089: ppp253 LCP:    MagicNumber 0x3058696F (0x05063058696F)
Jan  7 20:08:09.089: ppp253 LCP:    PFC (0x0702)
Jan  7 20:08:09.089: ppp253 LCP:    ACFC (0x0802)
Jan  7 20:08:09.089: ppp253 LCP: State is Open
Jan  7 20:08:09.089: ppp253 PPP: Phase is AUTHENTICATING, by this end
Jan  7 20:08:09.089: ppp253 MS-CHAP-V2: O CHALLENGE id 1 len 33 from "MECU-7206-H2"
Jan  7 20:08:09.253: ppp253 LCP: I IDENTIFY [Open] id 4 len 18 magic 0x3058696F MSRASV5.10
Jan  7 20:08:09.305: ppp253 LCP: I IDENTIFY [Open] id 5 len 28 magic 0x3058696F MSRAS-0-MOIT-SNIFFER
Jan  7 20:08:09.305: ppp253 MS-CHAP-V2: I RESPONSE id 1 len 65 from "brad.gibson"
Jan  7 20:08:09.305: ppp253 PPP: Phase is FORWARDING, Attempting Forward
Jan  7 20:08:09.305: ppp253 PPP: Phase is AUTHENTICATING, Unauthenticated User
Jan  7 20:08:09.305: ppp253 PPP: Sent MSCHAP_V2 LOGIN Request
Jan  7 20:08:09.305: RADIUS/ENCODE(000003F4):Orig. component type = VPDN
Jan  7 20:08:09.305: RADIUS(000003F4): Config NAS IP: X.X.X.X
Jan  7 20:08:09.305: RADIUS/ENCODE(000003F4): acct_session_id: 2550
Jan  7 20:08:09.305: RADIUS(000003F4): sending
Jan  7 20:08:09.305: RADIUS(000003F4): Send Access-Request to 169.156.41.1:1645 id 1645/25, len 133
Jan  7 20:08:09.305: RADIUS:  authenticator 67 5A EB 4A 96 E4 82 B3 - 9B E3 EA 64 23 2C 3C 19
Jan  7 20:08:09.305: RADIUS:  Framed-Protocol     [7]   6   PPP                       [1]
Jan  7 20:08:09.305: RADIUS:  User-Name           [1]   13  "ThisIsMyUser"
Jan  7 20:08:09.305: RADIUS:  Vendor, Microsoft   [26]  24
Jan  7 20:08:09.305: RADIUS:   MS-CHAP-Challenge  [11]  18
Jan  7 20:08:09.305: RADIUS:   67 5A EB 4A 96 E4 82 B3 9B E3 EA 64 23 2C 3C 19  [gZ?J???????d#,Jan  7 20:08:09.305: RADIUS:  Vendor, Microsoft   [26]  58
Jan  7 20:08:09.305: RADIUS:   MS-CHAP-V2-Response[25]  52  *
Jan  7 20:08:09.305: RADIUS:  Service-Type        [6]   6   Framed                    [2]
Jan  7 20:08:09.305: RADIUS:  NAS-IP-Address      [4]   6   X.X.X.X
Jan  7 20:08:09.389: RADIUS: Received from id 1645/25 169.156.41.1:1645, Access-Accept, len 253
Jan  7 20:08:09.389: RADIUS:  authenticator 71 0C 09 1B 3E 0D 80 06 - 40 4B 68 2F 74 2D B8 85
Jan  7 20:08:09.389: RADIUS:  Framed-Protocol     [7]   6   PPP                       [1]
Jan  7 20:08:09.389: RADIUS:  Idle-Timeout        [28]  6   3600
Jan  7 20:08:09.389: RADIUS:  Service-Type        [6]   6   Framed                    [2]
Jan  7 20:08:09.389: RADIUS:  Session-Timeout     [27]  6   86400
Jan  7 20:08:09.389: RADIUS:  Class               [25]  32
Jan  7 20:08:09.389: RADIUS:   44 B7 04 E8 00 00 01 37 00 01 A9 9C 29 01 01 CA  [D??????7????)???]
Jan  7 20:08:09.389: RADIUS:   7E 6D 1D 58 55 46 00 00 00 00 00 00 0C 6D        [~m?XUF???????m]
Jan  7 20:08:09.389: RADIUS:  Vendor, Microsoft   [26]  42
Jan  7 20:08:09.389: RADIUS:   MS-MPPE-Recv-Key   [17]  36  *
Jan  7 20:08:09.389: RADIUS:  Vendor, Microsoft   [26]  42
Jan  7 20:08:09.389: RADIUS:   MS-MPPE-Send-Key   [16]  36  *
Jan  7 20:08:09.389: RADIUS:  Vendor, Microsoft   [26]  51
Jan  7 20:08:09.389: RADIUS:   MS-CHAP-V2-Success [26]  45  "S=0F6DF5727FC44CCEA9D8E4611C2205BC1CB87A5F"
Jan  7 20:08:09.393: RADIUS:  Vendor, Microsoft   [26]  18
Jan  7 20:08:09.393: RADIUS:   MS-CHAP-DOMAIN     [10]  12  ""
Jan  7 20:08:09.393: RADIUS:  Vendor, Microsoft   [26]  12
Jan  7 20:08:09.393: RADIUS:   MS-MPPE-Enc-Policy [7]   6
Jan  7 20:08:09.393: RADIUS:   00 00 00 02                                      [????]
Jan  7 20:08:09.393: RADIUS:  Vendor, Microsoft   [26]  12
Jan  7 20:08:09.393: RADIUS:   MS-MPPE-Enc-Type   [8]   6
Jan  7 20:08:09.393: RADIUS:   00 00 00 04                                      [????]
Jan  7 20:08:09.393: RADIUS(000003F4): Received from id 1645/25
Jan  7 20:08:09.393: ppp253 PPP: Received LOGIN Response PASS
Jan  7 20:08:09.393: ppp253 PPP: Phase is FORWARDING, Attempting Forward
Jan  7 20:08:09.393: ppp253 PPP: Send Message[Connect Local]
Jan  7 20:08:09.393: Vi4 PPP: Phase is DOWN, Setup
Jan  7 20:08:09.393: VPDN Vi4 Virtual interface created for unknown, bandwidth 100000 Kbps
Jan  7 20:08:09.393: VPDN Vi4 Setting up dataplane for L2-L3, Vi4
L2X_ADJ: Vi4:allocated ctx, size 1
Jan  7 20:08:09.393: VPDN Received L2TUN socket message
Jan  7 20:08:09.393: ppp253 PPP: Bind to [Virtual-Access4]
Jan  7 20:08:09.393: Vi4 PPP: Bind SSS Static
Jan  7 20:08:09.393: Vi4 PPP: Send Message[Static Bind Response]
Jan  7 15:08:09: %LINK-3-UPDOWN: Interface Virtual-Access4, changed state to up
L2X_ADJ: Vi4:midchain adj reqd for ip 0.0.0.0, cid 0
L2X_ADJ: Vi4:midchain adj reqd for ip 0.0.0.0, cid 0
L2X_ADJ: Vi4:midchain adj repopulate, nothing to do
Jan  7 20:08:09.397: Vi4 PPP: Phase is AUTHENTICATING, Authenticated User
Jan  7 20:08:09.397: Vi4 PPP: Sent LCP AUTHOR Request
Jan  7 20:08:09.397: Vi4 PPP: Sent IPCP AUTHOR Request
Jan  7 20:08:09.397: RADIUS/ENCODE(000003F4): send packet; PASS
Jan  7 20:08:09.397: RADIUS/ENCODE(000003F4): send packet; PASS
Jan  7 20:08:09.397: Vi4 LCP: Received AAA AUTHOR Response PASS
Jan  7 20:08:09.397: Vi4 IPCP: Received AAA AUTHOR Response PASS
Jan  7 20:08:09.397: Vi4 MS-CHAP-V2: O SUCCESS id 1 len 46 msg is "S=0F6DF5727FC44CCEA9D8E4611C2205BC1CB87A5F"
Jan  7 20:08:09.397: Vi4 PPP: Phase is UP
Jan  7 20:08:09.397: Vi4 IPCP: O CONFREQ [Closed] id 1 len 10
Jan  7 20:08:09.397: Vi4 IPCP:    Address 141.157.34.21 (0x03068D9D2215)
Jan  7 20:08:09.397: Vi4 PPP: Sent CCP AUTHOR Request
Jan  7 20:08:09.397: Vi4 PPP: Process pending ncp packets
Jan  7 20:08:09.397: RADIUS/ENCODE(000003F4): send packet; PASS
Jan  7 20:08:09.397: Vi4 CCP: Received AAA AUTHOR Response PASS
Jan  7 20:08:09.397: Vi4 CCP: O CONFREQ [Closed] id 1 len 10
Jan  7 20:08:09.397: Vi4 CCP:    MS-PPC supported bits 0x01000040 (0x120601000040)
Jan  7 20:08:09.569: Vi4 CCP: I CONFREQ [REQsent] id 6 len 10
Jan  7 20:08:09.569: Vi4 CCP:    MS-PPC supported bits 0x010000E1 (0x1206010000E1)
Jan  7 20:08:09.569: Vi4 MPPE: don't understand all options, NAK
Jan  7 20:08:09.569: Vi4 CCP: O CONFNAK [REQsent] id 6 len 10
Jan  7 20:08:09.569: Vi4 CCP:    MS-PPC supported bits 0x01000040 (0x120601000040)
Jan  7 20:08:09.597: Vi4 IPCP: I CONFACK [REQsent] id 1 len 10
Jan  7 20:08:09.597: Vi4 IPCP:    Address 141.157.34.21 (0x03068D9D2215)
Jan  7 20:08:09.625: Vi4 CCP: I CONFACK [REQsent] id 1 len 10
Jan  7 20:08:09.625: Vi4 CCP:    MS-PPC supported bits 0x01000040 (0x120601000040)
Jan  7 20:08:09.705: Vi4 CCP: I CONFREQ [ACKrcvd] id 8 len 10
Jan  7 20:08:09.705: Vi4 CCP:    MS-PPC supported bits 0x01000040 (0x120601000040)
Jan  7 20:08:09.705: Vi4 CCP: O CONFACK [ACKrcvd] id 8 len 10
Jan  7 20:08:09.705: Vi4 CCP:    MS-PPC supported bits 0x01000040 (0x120601000040)
Jan  7 20:08:09.705: Vi4 CCP: State is Open
Jan  7 20:08:09.705: Vi4 MPPE: Generate keys using RADIUS data
Jan  7 20:08:09.705: Vi4 MPPE: Initialize V2 RADIUS keys
Jan  7 20:08:09.705: Vi4 MPPE: [128 bit encryption]  [stateless mode]
Jan  7 15:08:10: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access4, changed state to up
Jan  7 20:08:10.718: Vi4 IPCP: I CONFREQ [ACKrcvd] id 9 len 34
Jan  7 20:08:10.718: Vi4 IPCP:    Address 0.0.0.0 (0x030600000000)
Jan  7 20:08:10.718: Vi4 IPCP:    PrimaryDNS 0.0.0.0 (0x810600000000)
Jan  7 20:08:10.718: Vi4 IPCP:    PrimaryWINS 0.0.0.0 (0x820600000000)
Jan  7 20:08:10.718: Vi4 IPCP:    SecondaryDNS 0.0.0.0 (0x830600000000)
Jan  7 20:08:10.718: Vi4 IPCP:    SecondaryWINS 0.0.0.0 (0x840600000000)
Jan  7 20:08:10.718: Vi4 AAA/AUTHOR/IPCP: Start.  Her address 0.0.0.0, we want 0.0.0.0
Jan  7 20:08:10.718: Vi4 AAA/AUTHOR/IPCP: Done.  Her address 0.0.0.0, we want 0.0.0.0
Jan  7 20:08:10.718: Vi4 IPCP: Pool returned 169.156.254.16
Jan  7 20:08:10.718: Vi4 IPCP: O CONFNAK [ACKrcvd] id 9 len 34
Jan  7 20:08:10.718: Vi4 IPCP:    Address 169.Y.Y.Y (0x0306A99CFE10)
Jan  7 20:08:10.718: Vi4 IPCP:    PrimaryDNS 169.Y.Y.Y (0x8106A99C360F)
Jan  7 20:08:10.718: Vi4 IPCP:    PrimaryWINS 169.Y.Y.Y (0x8206A99C2901)
Jan  7 20:08:10.718: Vi4 IPCP:    SecondaryDNS 169.Y.Y.Y (0x8306A99C2918)
Jan  7 20:08:10.718: Vi4 IPCP:    SecondaryWINS 169.Y.Y.Y (0x8406A99C210C)
Jan  7 20:08:10.854: Vi4 IPCP: I CONFREQ [ACKrcvd] id 10 len 34
Jan  7 20:08:10.854: Vi4 IPCP:    Address 169.Y.Y.Y (0x0306A99CFE10)
Jan  7 20:08:10.854: Vi4 IPCP:    PrimaryDNS 169.Y.Y.Y (0x8106A99C360F)
Jan  7 20:08:10.854: Vi4 IPCP:    PrimaryWINS 169.Y.Y.Y (0x8206A99C2901)
Jan  7 20:08:10.854: Vi4 IPCP:    SecondaryDNS 169.Y.Y.Y (0x8306A99C2918)
Jan  7 20:08:10.854: Vi4 IPCP:    SecondaryWINS 169.Y.Y.Y (0x8406A99C210C)
Jan  7 20:08:10.854: Vi4 IPCP: O CONFACK [ACKrcvd] id 10 len 34
Jan  7 20:08:10.854: Vi4 IPCP:    Address 169.156.Y.Y (0x0306A99CFE10)
Jan  7 20:08:10.854: Vi4 IPCP:    PrimaryDNS 169.Y.Y.Y (0x8106A99C360F)
Jan  7 20:08:10.854: Vi4 IPCP:    PrimaryWINS 169.Y.Y.Y (0x8206A99C2901)
Jan  7 20:08:10.854: Vi4 IPCP:    SecondaryDNS 169.Y.Y.Y (0x8306A99C2918)
Jan  7 20:08:10.854: Vi4 IPCP:    SecondaryWINS 169.Y.Y.Y (0x8406A99C210C)
Jan  7 20:08:10.854: Vi4 IPCP: State is Open
Jan  7 20:08:10.854: Vi4 IPCP: Install route to 169.Y.Y.Y
Jan  7 15:08:11: %SEC-6-IPACCESSLOGNP: list ospfFilter permitted 0 70.208.59.192 -> 0.0.0.0, 1 packet
Jan  7 15:08:11: %SYS-5-CONFIG_I: Configured from console by console on vty1 (EEM:pptpRouteAdd)
Jan  7 20:08:11.930: %HA_EM-6-LOG: pptpRouteAdd: 70.208.59.192 -> Z.Z.Z.Z [169.Y.Y.Y]

I realized I didn't comment about the client... The client defaults to having both MS-CHAP-V1 and MS-CHAP-V2 both enabled. I've tried just one or the other (with the matching config on the 7200 of course). I've also changed around the "Required encryption" and "Maximum strength encryption" settings. All with no help.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: