Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

vpdn chap two way authentication

i have a 2500 rtr dialing through the bri into the NAS(LAC) and forwarded from there on with l2tp to the home gateway(LNS).

the bri is configured for chap and so is the vtemplate on the LNS side..(so a two way authentication). The LNS authenticates OK from the tacacs but at the 2500 site, the following message flows:

BR0:1 CHAP: O CHALLENGE id 67 len 48 from "N1gunesliBri@garanti.com.tr"

BR0:1 CHAP: I RESPONSE id 67 len 27 from "VHG-PE"

BR0:1 CHAP: Response name (VHG-PE) does not match Challenge name (AccessTest), i

gnoring

BR0:1 CHAP: I RESPONSE id 67 len 27 from "VHG-PE"

BR0:1 CHAP: Response name (VHG-PE) does not match Challenge name (AccessTest), i

gnoring

and the a termreq is recieved finally and the connection fails..

What do you think the problem is..

1 REPLY
Anonymous
N/A

Re: vpdn chap two way authentication

The problem is that the LAC initially

challenged the 2500 (using it's own

name), and the LNS ultimately authenticates

to the 2500. The workarounds are a

few options:

- configure the same CHAP username/

password for outbound authentication on

the LAC and LNS.

- configure the LNS to renegotiate

LCP - always.

- disable outbound authentication on

the 2500.

82
Views
0
Helpful
1
Replies
CreatePlease to create content