cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
451
Views
0
Helpful
3
Replies

Need help configuring a cisco 7500 for VPN (PPTP) access

waio76
Level 1
Level 1

I'm currently trying to setup a cisco 7500 for VPN PPTP access (testing purposes)

7500 has two ethernet interfaces

169.x.x.x

172.x.x.x

I'm trying to use a XP Pro client to VPN (PPTP) to the 7500

169.x.x.x.

Here's how my config.txt looks like

feedback and suggestions are most welcome.

been trying to get this to work since yesterday.

FYI: I've edited out a lot of unneccsary info on there.

show run

Building configuration...

Current configuration : 2922 bytes

!

version 12.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

no service single-slot-reload-enable

!

hostname ciscopppoe

!

boot bootldr slot0:pppoe.bin

boot config slot1:startup-config

enable secret xxxxxxx

enable password xxxxx

!

username xx password 0 xx

aaa new-model

!

!

aaa authentication ppp default local

aaa session-id common

ip subnet-zero

ip cef

!

!

ip domain list abc.com

ip domain list def.com

ip name-server 172.x.x.x

ip name-server 172.x.x.x

ip name-server 172.x.x.x

ip name-server 172.x.x.x

!

ip address-pool local

vpdn enable

!

vpdn-group 1

! Default PPTP VPDN group

accept-dialin

protocol pptp

virtual-template 2

!

voice call carrier capacity active

!

!

!

interface FastEthernet2/0/0

ip address 169.254.255.254 255.0.0.0

full-duplex

pppoe enable

!

interface FastEthernet2/1/0

ip address 172.31.86.6 255.255.248.0

no ip mroute-cache

full-duplex

ipv6 address 3FFE:8311:FFFF:F28A::/64 eui-64

!

!

interface Virtual-Template2

ip unnumbered FastEthernet2/0/0

peer default ip address pool pppoe2

peer default ipv6 pool pppoev6

ppp authentication ms-chap chap pap

!

!

ip local pool pppoe 172.x.x.x 172.x.x.x

ip local pool pppoe2 172.x.x.x 172.x.x.x

ip default-gateway 172.x.x.x

no ip classless

ip route 103.x.x.x 255.x.x.x

ip route 157.x.x.x 255.x.x.x 172.x.x.x

ip route 172.x.x.x 255.x.x.x172.x.x.x

ip route 172.x.x.x 255.x.x.x 172.x.x.x

no ip http server

!

!

!

radius-server retransmit 3

radius-server authorization permit missing Service-Type

call rsvp-sync

!

!

mgcp profile default

!

!

line con 0

line aux 0

line vty 0 4

!

!

end

ciscopppoe#

3 Replies 3

gfullage
Cisco Employee
Cisco Employee

Difficult to say what's wrong without seeing debugs from the router or at least you telling us what you're seeing on the client. For starters, follow this sample config (http://www.cisco.com/warp/public/707/pptp.shtml) and make sure you have a route back to the PC that points out the fa2/0/0 interface (you don't seem to have enough routes on this router). Can you even ping the 169.x.x.x interface from the PC? Are you behind a firewall or any device doing PAT/NAT?

True I don't have a 169.x.x.x route but LCP pkts seems to be exchanging among the machines. Do I still need one?

I am able to ping the routers ip address from the client

Both on 169.x.x.x subnet.

No nat/firewall.

I am just trying to configure the 7500 to do VPN PPTP using Local Auth.

The 7500 has two ethernet interfaces 169 and 172.

I want the client on the 169.x.x.x to VPN into the Routers 169.x.x.x interface and have the router return a 172.x.x.x address back to the client

I managed to get the debug logs from both client and router end.

Seems like it is failing in LCP and never gets to PPP

XP Client

[2012] 17:22:45:669:

[2012] 17:22:45:669:

[2012] 17:22:45:669:

[2012] 17:22:45:669: <07 02 08 02 00 00 00 00 00 00 00 00 00 00 00 00 |................|

[2012] 17:22:45:669:

[2012] 17:22:45:669: InsertInTimerQ called portid=174,Id=4,Protocol=c021,EventType=0,fAuth=0

[1804] 17:22:46:390: Packet received (21 bytes) for hPort 3

[2012] 17:22:46:390: >PPP packet received at 04/25/2003 00:22:46:390

[2012] 17:22:46:390: >Protocol = LCP, Type = Configure-Req, Length = 0x15, Id = 0x8, Port = 3

[2012] 17:22:46:390: >C0 21 01 08 00 13 01 04 05 78 03 05 C2 23 05 05 |.!.......x...#..|

[2012] 17:22:46:390: >06 E1 B6 99 6E 00 00 00 00 00 00 00 00 00 00 00 |....n...........|

[2012] 17:22:46:390:

[2012] 17:22:46:390:

[2012] 17:22:46:390:

[2012] 17:22:46:390:

[2012] 17:22:46:390: <06 E1 B6 99 6E 00 00 00 00 00 00 00 00 00 00 00 |....n...........|

[2012] 17:22:46:390:

[1804] 17:22:48:413: Packet received (21 bytes) for hPort 3

[2012] 17:22:48:413: >PPP packet received at 04/25/2003 00:22:48:413

[2012] 17:22:48:413: >Protocol = LCP, Type = Configure-Req, Length = 0x15, Id = 0x9, Port = 3

[2012] 17:22:48:413: >C0 21 01 09 00 13 01 04 05 78 03 05 C2 23 05 05 |.!.......x...#..|

[2012] 17:22:48:413: >06 E1 B6 99 6E 00 00 00 00 00 00 00 00 00 00 00 |....n...........|

[2012] 17:22:48:413:

[2012] 17:22:48:413:

[2012] 17:22:48:413:

[2012] 17:22:48:413:

[2012] 17:22:48:413: <06 E1 B6 99 6E 00 00 00 00 00 00 00 00 00 00 00 |....n...........|

[2012] 17:22:48:413:

[2012] 17:22:49:675: Recv timeout event received for portid=174,Id=4,Protocol=c021,fAuth=0

[2012] 17:22:49:675:

[2012] 17:22:49:675:

[2012] 17:22:49:675:

[2012] 17:22:49:675: <07 02 08 02 00 00 00 00 00 00 00 00 00 00 00 00 |................|

[2012] 17:22:49:675:

[2012] 17:22:49:675: InsertInTimerQ called portid=174,Id=5,Protocol=c021,EventType=0,fAuth=0

[1804] 17:22:50:426: Packet received (21 bytes) for hPort 3

[2012] 17:22:50:426: >PPP packet received at 04/25/2003 00:22:50:426

[2012] 17:22:50:426: >Protocol = LCP, Type = Configure-Req, Length = 0x15, Id = 0xa, Port = 3

[2012] 17:22:50:426: >C0 21 01 0A 00 13 01 04 05 78 03 05 C2 23 05 05 |.!.......x...#..|

[2012] 17:22:50:426: >06 E1 B6 99 6E 00 00 00 00 00 00 00 00 00 00 00 |....n...........|

[2012] 17:22:50:426:

[2012] 17:22:50:426:

[2012] 17:22:50:426:

[2012] 17:22:50:426:

[2012] 17:22:50:426: <06 E1 B6 99 6E 00 00 00 00 00 00 00 00 00 00 00 |....n...........|

[2012] 17:22:50:426:

[1804] 17:22:52:449: PPPEMSG_LineDown recvd, hPort=3

[2012] 17:22:52:449: Line down event occurred on port 3

[2012] 17:22:52:459: FsmDown event received for protocol c021 on port 3

[2012] 17:22:52:459: RemoveFromTimerQ called portid=174,Id=5,Protocol=c021,EventType=0,fAuth=0

[2012] 17:22:52:459: FsmReset called for protocol = c021, port = 3

[2012] 17:22:52:459: RemoveFromTimerQ called portid=174,Id=0,Protocol=0,EventType=3,fAuth=0

[2012] 17:22:52:459: RemoveFromTimerQ called portid=174,Id=0,Protocol=0,EventType=7,fAuth=0

[2012] 17:22:52:459: RemoveFromTimerQ called portid=174,Id=0,Protocol=0,EventType=2,fAuth=0

[2012] 17:22:52:459: RemoveFromTimerQ called portid=174,Id=0,Protocol=0,EventType=1,fAuth=0

[2012] 17:22:52:459: RemoveFromTimerQ called portid=174,Id=0,Protocol=c029,EventType=0,fAuth=0

[2012] 17:22:52:459: LcpEnd

[2012] 17:22:52:459: Post line down event occurred on port 3

[2012] 17:22:52:459: NotifyCaller(hPort=3, dwMsgId=23)

[2012] 17:22:52:459: NotifyCaller(hPort=3, dwMsgId=10)

Router 7500

virtual-template 2

*A

*Apr 24 17:36:36.803: ppp7 PPP: Using set call directionPDN groupP: MRU 1400 (0x0104057

accept-dialinVPN aut

*Apr 24 17:36:36.803: ppp7 PPP: Treating connection as a callinLCP: AuthPro

local name ciscopppoe_l2tpnmp

*Apr 24 17:36:36.803: ppp7 PPP: Phase is ESTABLISHING, Active OpenCP:

protocol pppoe1455288 (0x0506E

virtual-template 1nfig fr

*Apr 24 17:36:36.803: AAA/AUTHOR (0000000A): Method list id=0 not configured. Skc 500 TIMEout: State REQsent

!a

!

!b

voice call carrier capacity activeion

ip author 15:32:55

*Apr 24 17:36:36.807: ppp7 PPP: Authorization NOT required0rfaceMPOA debug

no ip addresscommand. CDA

shutdown 2

*Apr 24 17:36:36.807: ppp7 AAA/AUTHOR/LCP: Authorization succeeds triviallyace orA) eve

no ip addresser

*Apr 24 15

shutdown: ppp5 LC

no atm ilmi-k

*Apr 24 17:36:36.807: ppp7 LCP: O CONFREQ [Closed] id 1 l0/0ache t multilin

ip route 169.254.0.0 255.255.0.0 169.254.0.0.16

*Apr 24 17:36:42.847: ppp7 LCP: MagicNumber 0xE1B6996E (0x0506E1B6996E)169.254.50.85 Serial interfac

*Apr 24 15:33:03.167: ppp5

ip route 169.2

*Apr 24 17:36:44.863: ppp7 LCP: TIMEout: State REQsent SGBP debuggingi

*A

ip route 172.0.0.0 255.0.0.0 172.3

*Apr 24 17:36:44.863: ppp7 LCP: O CONFREQ [REQsent] id 5 len 19.0 255.255.0.0 172.31.80.1

*Apr 24 15:33:03.167: ppp5 LCP:

*Apr 24 17:36:44.863: ppp7 LCP: MRU 1400 (0x01040578)ost ciscopppoe-2-1-0 3FFE:8311:FFFF:F28A:2E0:FEFF:FEBA:F

*Apr 24 17:36:44.863: ppp7 LCP: AuthProto CHAP (0x0305C22305)

ipv6 local pool pppoev6 3FFE:8311:FFFF:F28A::/64 64:33:05.18

*Apr 24 17:36:44.863: ppp7 LCP: MagicNumber 0xE1B6996E (0x0506E1B6996E) (Link Acces

ccsip

*Apr 24 17:36:50.911: ppp7 LCP: TIMEout: State REQsent

*Apr 24 17:36:50.911: ppp7 LCP: O CONFREQ [REQsent] id 8 len 19

*Apr 24 17:36:50.911: ppp7 LCP: MRU 1400 (0x01040578)

*Apr 24 17:36:50.911: ppp7 LCP: AuthProto CHAP (0x0305C22305)

*Apr 24 17:36:50.911: ppp7 LCP: MagicNumber 0xE1B6996E (0x0506E1B6996E)

*Apr 24 17:36:52.927: ppp7 LCP: TIMEout: State REQsent

*Apr 24 17:36:52.927: ppp7 LCP: O CONFREQ [REQsent] id 9 len 19

*Apr 24 17:36:52.927: ppp7 LCP: MRU 1400 (0x01040578)

*Apr 24 17:36:52.927: ppp7 LCP: AuthProto CHAP (0x0305C22305)

*Apr 24 17:36:52.927: ppp7 LCP: MagicNumber 0xE1B6996E (0x0506E1B6996E)

*Apr 24 17:36:54.943: ppp7 LCP: TIMEout: State REQsent

*Apr 24 17:36:54.943: ppp7 LCP: O CONFREQ [REQsent] id 10 len 19

*Apr 24 17:36:54.943: ppp7 LCP: MRU 1400 (0x01040578)

*Apr 24 17:36:54.943: ppp7 LCP: AuthProto CHAP (0x0305C22305)

*Apr 24 17:36:54.943: ppp7 LCP: MagicNumber 0xE1B6996E (0x0506E1B6996E)

*Apr 24 17:36:56.959: ppp7 LCP: TIMEout: State REQsent

*Apr 24 17:36:56.959: ppp7 LCP: State is Closed

*Apr 24 17:36:56.959: ppp7 PPP: Phase is DOWN

*Apr 24 17:36:56.959: ppp7 PPP: Phase is ESTABLISHING, Passive Open

*Apr 24 17:36:56.959: ppp7 LCP: State is Listen

*Apr 24 17:36:56.959: ppp7 LCP: State is Closed

*Apr 24 17:36:56.959: ppp7 PPP: Phase is DOWN

*Apr 24 17:36:56.959: ppp7 LCP: State is Listen

*Apr 24 17:36:56.959: ppp7 EVT: Free PPP 0 0x0

Thanks for the reply and any feedback is appreciated.

What version of 12.2 code are you running here? If it's anything early 12.2 then you'r eprobably hitting bug CSCdu19654, so try upgrading and see if that resolves it.

http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdu19654

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: