Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

lee
New Member

a mind boggler

Thanks in advance.

there has to be a reason for this. I am unable to get authenticated on pipex radius server although i am continually hitting their server. pipex are informing me that i am dialing in then disconnecting and repeating this continously until the radius server blocks me out and then i get blocked by a what i believe to be a bt router. pipex tell me im dialling in every two to three seconds ( 40 times over two minutes they told me) but obviously not authenticating.

i did authenticate a couple of times yesterday, but dropped almost immediately.

im running cisco 1720 adsl.

ive pasted config and chall/response.

please help im baffled

n.b. could there be a software bug or patch

ive logged on no problem using my dsl modem at home with the user id and password.

PP authentication debugging is on

******@xtreme.pipex.net#

01:42:52: Vi1 CHAP: O CHALLENGE id 237 len 44 from "****@xtreme.pipex.net"

01:42:52: Vi1 CHAP: I CHALLENGE id 212 len 39 from "sms1.dsl.pipex.net"

01:42:52: Vi1 CHAP: Username sms1.dsl.pipex.net not found

01:42:52: Vi1 CHAP: Unable to authenticate for peer

01:42:56: Vi1 CHAP: O CHALLENGE id 238 len 44 from "<A HREF="mailto:******@xtreme.pipex.net">******@xtreme.pipex.net</A>"

01:42:56: Vi1 CHAP: I CHALLENGE id 213 len 39 from "sms1.dsl.pipex.net"

01:42:56: Vi1 CHAP: Username sms1.dsl.pipex.net not found

01:42:56: Vi1 CHAP: Unable to authenticate for peer

01:43:00: Vi1 CHAP: O CHALLENGE id 239 len 44 from "******@xtreme.pipex.net"

01:43:00: Vi1 CHAP: I CHALLENGE id 214 len 39 from "sms1.dsl.pipex.net"

01:43:00: Vi1 CHAP: Username sms1.dsl.pipex.net not found

01:43:00: Vi1 CHAP: Unable to authenticate for peer

01:43:04: Vi1 CHAP: O CHALLENGE id 240 len 44 from "******@xtreme.pipex.net"

01:43:04: Vi1 CHAP: I CHALLENGE id 215 len 39 from "sms1.dsl.pipex.net"

01:43:04: Vi1 CHAP: Username sms1.dsl.pipex.net not found

01:43:04: Vi1 CHAP: Unable to authenticate for peer

01:43:08: Vi1 CHAP: O CHALLENGE id 241 len 44 from "******@xtreme.pipex.net"

01:43:08: Vi1 CHAP: I CHALLENGE id 216 len 39 from "sms1.dsl.pipex.net"

01:43:08: Vi1 CHAP: Username sms1.dsl.pipex.net not found

01:43:08: Vi1 CHAP: Unable to authenticate for peern

01:43:12: Vi1 CHAP: O CHALLENGE id 242 len 44 from "******@xtreme.pipex.net"

01:43:12: Vi1 CHAP: I CHALLENGE id 217 len 39 from "sms1.dsl.pipex.net"

01:43:12: Vi1 CHAP: Username sms1.dsl.pipex.net not found

01:43:12: Vi1 CHAP: Unable to authenticate for peero debug all

All possible debugging has been turned off

******@xtreme.pipex.net#

01:43:16: Vi1 CHAP: O CHALLENGE id 243 len 44 from "******@xtreme.pipex.net"

01:43:16: Vi1 CHAP: I CHALLENGE id 218 len 39 from "sms1.dsl.pipex.net"

01:43:16: Vi1 CHAP: Username sms1.dsl.pipex.net not found

01:43:16: Vi1 CHAP: Unable to authenticate for peer

******@xtreme.pipex.net#show run

Building configuration...

Current configuration : 2586 bytes

!

version 12.1

no service single-slot-reload-enable

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname ******@xtreme.pipex.net

!

logging rate-limit console 10 except errors

enable secret 5 $1$d6OJ$JU.yzY/g6lGebq0i.gD5H0

!

username *****password 7 1303120602051C2F31

username *****@xtreme.pipex.net password 7 09474F1D1801181D11

username ******@xtreme.pipex.net password 7 0827494800101D1208

memory-size iomem 25

ip subnet-zero

no ip source-route

!

!

no ip finger

ip dhcp excluded-address 192.168.1.2

ip dhcp excluded-address 192.168.1.1

ip dhcp excluded-address 192.168.1.254

ip dhcp excluded-address 192.168.1.3

ip dhcp excluded-address 192.168.1.4

ip dhcp excluded-address 192.168.1.5

ip dhcp excluded-address 192.168.1.6

ip dhcp excluded-address 192.168.1.7

ip dhcp excluded-address 192.168.1.8

ip dhcp excluded-address 192.168.1.9

!

ip dhcp pool hertford

network 192.168.1.0 255.255.255.0

dns-server 158.43.240.4 158.43.240.3

default-router 192.168.1.254

!

no ip dhcp-client network-discovery

!

!

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

crypto isakmp key ***** address 52.168.35.118

!

!

crypto ipsec transform-set strong esp-3des esp-sha-hmac

!

crypto map vpn 10 ipsec-isakmp

set peer 52.168.35.118

set transform-set strong

match address 101

!

!

!

!

interface ATM0

no ip address

ip nat outside

atm vc-per-vp 256

no atm ilmi-keepalive

pvc 0/38

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

dsl operating-mode auto

no fair-queue

crypto map vpn

!

interface FastEthernet0

ip address 192.168.1.254 255.255.255.0

ip nat inside

speed auto

no cdp enable

!

interface Dialer0

ip address 52.168.35.126 255.255.255.248

ip access-group 150 in

ip nat outside

encapsulation ppp

dialer pool 1

no cdp enable

ppp authentication chap

crypto map vpn

!

ip nat pool vpn 52.168.35.121 52.168.35.121 prefix-length 29

ip nat inside source list 10 pool vpn overload

ip nat inside source static 192.168.1.2 52.168.35.122

ip nat outside source static 52.168.35.122 192.168.1.2

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer0

no ip http server

!

access-list 10 deny 192.168.1.2

access-list 10 permit 192.168.1.0 0.0.0.255

access-list 101 permit ip host 52.168.35.122 host 52.168.35.113

access-list 150 permit ip 52.168.35.112 0.0.0.7 52.168.35.120 0.0.0.7

access-list 150 permit tcp any any established

no cdp run

!

!

!

line con 0

password 7 045219561E34495A01

login

transport input none

line aux 0

password 7 020F160B1A130A3544

login

line vty 0 4

login

!

end

  • Other Security Subjects
1 REPLY
Cisco Employee

Re: a mind boggler

Looks like you are also trying to authenticate your peer, have you tried ppp authentication chap callin under the dialer 0 so you don't

authenticate your isp?

86
Views
0
Helpful
1
Replies