Connection fails between a PPTP (XP) client and VPN 3000 concentrator
I am trying to set up a VPN 3080 concentrator to support PPTP clients. Authentication is done through a RADIUS server that supports MS-CHAPv2. Using the built in PPTP client in Windows XP, I have set up the security parameters to use MS-CHAPv2.
Looking at the concentrator logs, authentication is successful:
Authenticated successfully with MSCHAP-V2
However, the client closes the connection. A window appears in the XP client showing the error:
Error 778: It was not possible to verify the identity of the server.
With the same concentrator, I can connect successfully using PAP and pointing to a different authentication server that only supports PAP.
Need to know how to enable the client to accept the identity of the concentrator.
Re: Connection fails between a PPTP (XP) client and VPN 3000 con
I think this could be a setting in the concentrator.
In our MS-RADIUS server I have three authentication methods setup under remote access policy for vpn users : MSCHAOP-V2, MSCHAP, PAP SPAP, but all our PPTP clients get through via MSCHAP-V2 because this is the one we instruct the concentrator to only accept..
log to concentrator and go to :
user management>base group> and pick PPTP/L2TP tab and then under PPTP authentication protocol check-mark MSCHAP-V2
for PPTP encryption check-mark :
and for L2TP have the same settings as above.
As for your PPTP clients just accept defualts in their configuration, I strongly believe is settings in your concetrator.
Also make sure you have ruled out RADIUS server configuration discrepancies, for example ensure the RADIUS clients "the concentrator itself " is set for "Client vendor type" to be Microsoft
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...