04-23-2003 01:27 PM - edited 02-21-2020 12:29 PM
I'm currently trying to setup a cisco 7500 for VPN PPTP access (testing purposes)
7500 has two ethernet interfaces
169.x.x.x
172.x.x.x
I'm trying to use a XP Pro client to VPN (PPTP) to the 7500
169.x.x.x.
Here's how my config.txt looks like
feedback and suggestions are most welcome.
been trying to get this to work since yesterday.
FYI: I've edited out a lot of unneccsary info on there.
show run
Building configuration...
Current configuration : 2922 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service single-slot-reload-enable
!
hostname ciscopppoe
!
boot bootldr slot0:pppoe.bin
boot config slot1:startup-config
enable secret xxxxxxx
enable password xxxxx
!
username xx password 0 xx
aaa new-model
!
!
aaa authentication ppp default local
aaa session-id common
ip subnet-zero
ip cef
!
!
ip domain list abc.com
ip domain list def.com
ip name-server 172.x.x.x
ip name-server 172.x.x.x
ip name-server 172.x.x.x
ip name-server 172.x.x.x
!
ip address-pool local
vpdn enable
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 2
!
voice call carrier capacity active
!
!
!
interface FastEthernet2/0/0
ip address 169.254.255.254 255.0.0.0
full-duplex
pppoe enable
!
interface FastEthernet2/1/0
ip address 172.31.86.6 255.255.248.0
no ip mroute-cache
full-duplex
ipv6 address 3FFE:8311:FFFF:F28A::/64 eui-64
!
!
interface Virtual-Template2
ip unnumbered FastEthernet2/0/0
peer default ip address pool pppoe2
peer default ipv6 pool pppoev6
ppp authentication ms-chap chap pap
!
!
ip local pool pppoe 172.x.x.x 172.x.x.x
ip local pool pppoe2 172.x.x.x 172.x.x.x
ip default-gateway 172.x.x.x
no ip classless
ip route 103.x.x.x 255.x.x.x
ip route 157.x.x.x 255.x.x.x 172.x.x.x
ip route 172.x.x.x 255.x.x.x172.x.x.x
ip route 172.x.x.x 255.x.x.x 172.x.x.x
no ip http server
!
!
!
radius-server retransmit 3
radius-server authorization permit missing Service-Type
call rsvp-sync
!
!
mgcp profile default
!
!
line con 0
line aux 0
line vty 0 4
!
!
end
ciscopppoe#
04-23-2003 08:22 PM
Difficult to say what's wrong without seeing debugs from the router or at least you telling us what you're seeing on the client. For starters, follow this sample config (http://www.cisco.com/warp/public/707/pptp.shtml) and make sure you have a route back to the PC that points out the fa2/0/0 interface (you don't seem to have enough routes on this router). Can you even ping the 169.x.x.x interface from the PC? Are you behind a firewall or any device doing PAT/NAT?
04-24-2003 04:36 PM
True I don't have a 169.x.x.x route but LCP pkts seems to be exchanging among the machines. Do I still need one?
I am able to ping the routers ip address from the client
Both on 169.x.x.x subnet.
No nat/firewall.
I am just trying to configure the 7500 to do VPN PPTP using Local Auth.
The 7500 has two ethernet interfaces 169 and 172.
I want the client on the 169.x.x.x to VPN into the Routers 169.x.x.x interface and have the router return a 172.x.x.x address back to the client
I managed to get the debug logs from both client and router end.
Seems like it is failing in LCP and never gets to PPP
XP Client
[2012] 17:22:45:669:
[2012] 17:22:45:669:
[2012] 17:22:45:669:
[2012] 17:22:45:669: <07 02 08 02 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[2012] 17:22:45:669:
[2012] 17:22:45:669: InsertInTimerQ called portid=174,Id=4,Protocol=c021,EventType=0,fAuth=0
[1804] 17:22:46:390: Packet received (21 bytes) for hPort 3
[2012] 17:22:46:390: >PPP packet received at 04/25/2003 00:22:46:390
[2012] 17:22:46:390: >Protocol = LCP, Type = Configure-Req, Length = 0x15, Id = 0x8, Port = 3
[2012] 17:22:46:390: >C0 21 01 08 00 13 01 04 05 78 03 05 C2 23 05 05 |.!.......x...#..|
[2012] 17:22:46:390: >06 E1 B6 99 6E 00 00 00 00 00 00 00 00 00 00 00 |....n...........|
[2012] 17:22:46:390:
[2012] 17:22:46:390:
[2012] 17:22:46:390:
[2012] 17:22:46:390:
[2012] 17:22:46:390: <06 E1 B6 99 6E 00 00 00 00 00 00 00 00 00 00 00 |....n...........|
[2012] 17:22:46:390:
[1804] 17:22:48:413: Packet received (21 bytes) for hPort 3
[2012] 17:22:48:413: >PPP packet received at 04/25/2003 00:22:48:413
[2012] 17:22:48:413: >Protocol = LCP, Type = Configure-Req, Length = 0x15, Id = 0x9, Port = 3
[2012] 17:22:48:413: >C0 21 01 09 00 13 01 04 05 78 03 05 C2 23 05 05 |.!.......x...#..|
[2012] 17:22:48:413: >06 E1 B6 99 6E 00 00 00 00 00 00 00 00 00 00 00 |....n...........|
[2012] 17:22:48:413:
[2012] 17:22:48:413:
[2012] 17:22:48:413:
[2012] 17:22:48:413:
[2012] 17:22:48:413: <06 E1 B6 99 6E 00 00 00 00 00 00 00 00 00 00 00 |....n...........|
[2012] 17:22:48:413:
[2012] 17:22:49:675: Recv timeout event received for portid=174,Id=4,Protocol=c021,fAuth=0
[2012] 17:22:49:675:
[2012] 17:22:49:675:
[2012] 17:22:49:675:
[2012] 17:22:49:675: <07 02 08 02 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[2012] 17:22:49:675:
[2012] 17:22:49:675: InsertInTimerQ called portid=174,Id=5,Protocol=c021,EventType=0,fAuth=0
[1804] 17:22:50:426: Packet received (21 bytes) for hPort 3
[2012] 17:22:50:426: >PPP packet received at 04/25/2003 00:22:50:426
[2012] 17:22:50:426: >Protocol = LCP, Type = Configure-Req, Length = 0x15, Id = 0xa, Port = 3
[2012] 17:22:50:426: >C0 21 01 0A 00 13 01 04 05 78 03 05 C2 23 05 05 |.!.......x...#..|
[2012] 17:22:50:426: >06 E1 B6 99 6E 00 00 00 00 00 00 00 00 00 00 00 |....n...........|
[2012] 17:22:50:426:
[2012] 17:22:50:426:
[2012] 17:22:50:426:
[2012] 17:22:50:426:
[2012] 17:22:50:426: <06 E1 B6 99 6E 00 00 00 00 00 00 00 00 00 00 00 |....n...........|
[2012] 17:22:50:426:
[1804] 17:22:52:449: PPPEMSG_LineDown recvd, hPort=3
[2012] 17:22:52:449: Line down event occurred on port 3
[2012] 17:22:52:459: FsmDown event received for protocol c021 on port 3
[2012] 17:22:52:459: RemoveFromTimerQ called portid=174,Id=5,Protocol=c021,EventType=0,fAuth=0
[2012] 17:22:52:459: FsmReset called for protocol = c021, port = 3
[2012] 17:22:52:459: RemoveFromTimerQ called portid=174,Id=0,Protocol=0,EventType=3,fAuth=0
[2012] 17:22:52:459: RemoveFromTimerQ called portid=174,Id=0,Protocol=0,EventType=7,fAuth=0
[2012] 17:22:52:459: RemoveFromTimerQ called portid=174,Id=0,Protocol=0,EventType=2,fAuth=0
[2012] 17:22:52:459: RemoveFromTimerQ called portid=174,Id=0,Protocol=0,EventType=1,fAuth=0
[2012] 17:22:52:459: RemoveFromTimerQ called portid=174,Id=0,Protocol=c029,EventType=0,fAuth=0
[2012] 17:22:52:459: LcpEnd
[2012] 17:22:52:459: Post line down event occurred on port 3
[2012] 17:22:52:459: NotifyCaller(hPort=3, dwMsgId=23)
[2012] 17:22:52:459: NotifyCaller(hPort=3, dwMsgId=10)
Router 7500
virtual-template 2
*A
*Apr 24 17:36:36.803: ppp7 PPP: Using set call directionPDN groupP: MRU 1400 (0x0104057
accept-dialinVPN aut
*Apr 24 17:36:36.803: ppp7 PPP: Treating connection as a callinLCP: AuthPro
local name ciscopppoe_l2tpnmp
*Apr 24 17:36:36.803: ppp7 PPP: Phase is ESTABLISHING, Active OpenCP:
protocol pppoe1455288 (0x0506E
virtual-template 1nfig fr
*Apr 24 17:36:36.803: AAA/AUTHOR (0000000A): Method list id=0 not configured. Skc 500 TIMEout: State REQsent
!a
!
!b
voice call carrier capacity activeion
ip author 15:32:55
*Apr 24 17:36:36.807: ppp7 PPP: Authorization NOT required0rfaceMPOA debug
no ip addresscommand. CDA
shutdown 2
*Apr 24 17:36:36.807: ppp7 AAA/AUTHOR/LCP: Authorization succeeds triviallyace orA) eve
no ip addresser
*Apr 24 15
shutdown: ppp5 LC
no atm ilmi-k
*Apr 24 17:36:36.807: ppp7 LCP: O CONFREQ [Closed] id 1 l0/0ache t multilin
ip route 169.254.0.0 255.255.0.0 169.254.0.0.16
*Apr 24 17:36:42.847: ppp7 LCP: MagicNumber 0xE1B6996E (0x0506E1B6996E)169.254.50.85 Serial interfac
*Apr 24 15:33:03.167: ppp5
ip route 169.2
*Apr 24 17:36:44.863: ppp7 LCP: TIMEout: State REQsent SGBP debuggingi
*A
ip route 172.0.0.0 255.0.0.0 172.3
*Apr 24 17:36:44.863: ppp7 LCP: O CONFREQ [REQsent] id 5 len 19.0 255.255.0.0 172.31.80.1
*Apr 24 15:33:03.167: ppp5 LCP:
*Apr 24 17:36:44.863: ppp7 LCP: MRU 1400 (0x01040578)ost ciscopppoe-2-1-0 3FFE:8311:FFFF:F28A:2E0:FEFF:FEBA:F
*Apr 24 17:36:44.863: ppp7 LCP: AuthProto CHAP (0x0305C22305)
ipv6 local pool pppoev6 3FFE:8311:FFFF:F28A::/64 64:33:05.18
*Apr 24 17:36:44.863: ppp7 LCP: MagicNumber 0xE1B6996E (0x0506E1B6996E) (Link Acces
ccsip
*Apr 24 17:36:50.911: ppp7 LCP: TIMEout: State REQsent
*Apr 24 17:36:50.911: ppp7 LCP: O CONFREQ [REQsent] id 8 len 19
*Apr 24 17:36:50.911: ppp7 LCP: MRU 1400 (0x01040578)
*Apr 24 17:36:50.911: ppp7 LCP: AuthProto CHAP (0x0305C22305)
*Apr 24 17:36:50.911: ppp7 LCP: MagicNumber 0xE1B6996E (0x0506E1B6996E)
*Apr 24 17:36:52.927: ppp7 LCP: TIMEout: State REQsent
*Apr 24 17:36:52.927: ppp7 LCP: O CONFREQ [REQsent] id 9 len 19
*Apr 24 17:36:52.927: ppp7 LCP: MRU 1400 (0x01040578)
*Apr 24 17:36:52.927: ppp7 LCP: AuthProto CHAP (0x0305C22305)
*Apr 24 17:36:52.927: ppp7 LCP: MagicNumber 0xE1B6996E (0x0506E1B6996E)
*Apr 24 17:36:54.943: ppp7 LCP: TIMEout: State REQsent
*Apr 24 17:36:54.943: ppp7 LCP: O CONFREQ [REQsent] id 10 len 19
*Apr 24 17:36:54.943: ppp7 LCP: MRU 1400 (0x01040578)
*Apr 24 17:36:54.943: ppp7 LCP: AuthProto CHAP (0x0305C22305)
*Apr 24 17:36:54.943: ppp7 LCP: MagicNumber 0xE1B6996E (0x0506E1B6996E)
*Apr 24 17:36:56.959: ppp7 LCP: TIMEout: State REQsent
*Apr 24 17:36:56.959: ppp7 LCP: State is Closed
*Apr 24 17:36:56.959: ppp7 PPP: Phase is DOWN
*Apr 24 17:36:56.959: ppp7 PPP: Phase is ESTABLISHING, Passive Open
*Apr 24 17:36:56.959: ppp7 LCP: State is Listen
*Apr 24 17:36:56.959: ppp7 LCP: State is Closed
*Apr 24 17:36:56.959: ppp7 PPP: Phase is DOWN
*Apr 24 17:36:56.959: ppp7 LCP: State is Listen
*Apr 24 17:36:56.959: ppp7 EVT: Free PPP 0 0x0
Thanks for the reply and any feedback is appreciated.
04-27-2003 10:25 PM
What version of 12.2 code are you running here? If it's anything early 12.2 then you'r eprobably hitting bug CSCdu19654, so try upgrading and see if that resolves it.
http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdu19654
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: