Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
197
Views
0
Helpful
1
Replies

vpdn chap two way authentication

admin_2
Level 3
Level 3

‎06-26-2002 02:16 PM - edited ‎03-01-2019 10:55 PM

i have a 2500 rtr dialing through the bri into the NAS(LAC) and forwarded from there on with l2tp to the home gateway(LNS).

the bri is configured for chap and so is the vtemplate on the LNS side..(so a two way authentication). The LNS authenticates OK from the tacacs but at the 2500 site, the following message flows:

BR0:1 CHAP: O CHALLENGE id 67 len 48 from "N1gunesliBri@garanti.com.tr"

BR0:1 CHAP: I RESPONSE id 67 len 27 from "VHG-PE"

BR0:1 CHAP: Response name (VHG-PE) does not match Challenge name (AccessTest), i

gnoring

BR0:1 CHAP: I RESPONSE id 67 len 27 from "VHG-PE"

BR0:1 CHAP: Response name (VHG-PE) does not match Challenge name (AccessTest), i

gnoring

and the a termreq is recieved finally and the connection fails..

What do you think the problem is..

Labels:
0 Helpful
1 Reply 1

Not applicable

‎06-26-2002 02:16 PM

The problem is that the LAC initially

challenged the 2500 (using it's own

name), and the LNS ultimately authenticates

to the 2500. The workarounds are a

few options:

- configure the same CHAP username/

password for outbound authentication on

the LAC and LNS.

- configure the LNS to renegotiate

LCP - always.

- disable outbound authentication on

the 2500.

0 Helpful
Customers Also Viewed These Support Documents