05-16-2008 02:27 AM - edited 03-09-2019 08:43 PM
Hello,
I'm trying to deal with one strange problem. I have configured pptp server on Cisco 2821 (c2800nm-advipservicesk9-mz.124-13d.bin"). All pptp users are authenticated through a RADIUS server . However, it seems that when 15 users get connected simultaneously, no additional slot for the 16th user is available. Or otherwise users who may use vpn access to the network through pptp are only 15. Here is some sample configuration and log files on the router:
aaa new-model
aaa authentication login default local
aaa authentication ppp default group radius
aaa authorization network default group radius if-authenticated
aaa accounting network default start-stop group radius
aaa session-id common
vpdn enable
!
vpdn-group VPN
! Default PPTP VPDN group
description ** Administrative VPN for IT colleagues **
accept-dialin
protocol pptp
virtual-template 1
interface Virtual-Template1
description ** Colleagues VPN **
ip address 192.168.100.1 255.255.255.0
ip mtu 1460
ip nat inside
ip virtual-reassembly
load-interval 30
peer default ip address pool VPN-IP
keepalive 3600 168
compress mppc
ppp encrypt mppe auto
ppp authentication chap ms-chap ms-chap-v2
end
Afther authentication process somethings get wrong with the IPCP:
[cut]
*May 16 08:51:30.947: Vi19 MS-CHAP-V2: O SUCCESS id 1 len 46 msg is "S=D82A744BCA7653F5D988B7902727D3F7C7033709"
*May 16 08:51:30.947: Vi19 PPP: Phase is UP
*May 16 08:51:30.947: Vi19 CCP: Compression already closed
*May 16 08:51:30.947: Vi19 CCP: O CONFREQ [Closed] id 1 len 10
*May 16 08:51:30.947: Vi19 CCP: MS-PPC supported bits 0x00000001 (0x120600000001)
*May 16 08:51:30.947: Vi19 PPP: Process pending ncp packets
*May 16 08:51:30.951: Vi19 CCP: I CONFREQ [REQsent] id 6 len 10
*May 16 08:51:30.951: Vi19 CCP: MS-PPC supported bits 0x01000001 (0x120601000001)
*May 16 08:51:30.951: Vi19 CCP: O CONFNAK [REQsent] id 6 len 10
*May 16 08:51:30.951: Vi19 CCP: MS-PPC supported bits 0x00000001 (0x120600000001)
*May 16 08:51:30.951: Vi19 CCP: I CONFACK [REQsent] id 1 len 10
*May 16 08:51:30.951: Vi19 CCP: MS-PPC supported bits 0x00000001 (0x120600000001)
*May 16 08:51:30.951: Vi19 IPCP: I CONFREQ [Not negotiated] id 7 len 34
*May 16 08:51:30.951: Vi19 IPCP: Address 0.0.0.0 (0x030600000000)
*May 16 08:51:30.951: Vi19 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)
*May 16 08:51:30.951: Vi19 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000)
*May 16 08:51:30.951: Vi19 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)
*May 16 08:51:30.951: Vi19 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000)
*May 16 08:51:30.951: Vi19 LCP: O PROTREJ [Open] id 3 len 40 protocol IPCP
*May 16 08:51:30.951: Vi19 LCP: (0x80210107002203060000000081060000)
*May 16 08:51:30.951: Vi19 LCP: (0x00008206000000008306000000008406)
*May 16 08:51:30.951: Vi19 LCP: (0x00000000)
*May 16 08:51:30.955: Vi19 CCP: I CONFREQ [ACKrcvd] id 8 len 10
*May 16 08:51:30.955: Vi19 CCP: MS-PPC supported bits 0x00000001 (0x120600000001)
*May 16 08:51:30.955: Vi19 CCP: O CONFACK [ACKrcvd] id 8 len 10
*May 16 08:51:30.955: Vi19 CCP: MS-PPC supported bits 0x00000001 (0x120600000001)
*May 16 08:51:30.955: Vi19 CCP: State is Open
*May 16 08:51:30.955: Vi19 CCP: ppp_hwcomp_open: no h/w
*May 16 08:51:30.975: Vi19 LCP: I TERMREQ [Open] id 9 len 16 (0x11E7706D003CCD7400000000)
*May 16 08:51:30.975: Vi19 LCP: O TERMACK [Open] id 9 len 4
The Microsoft Windows XP VPN client says "Error 733"
Any clues are welcome!
05-16-2008 02:39 AM
Here is a little more information:
tbirouter#show idb all
Maximum number of Software IDBs 1400. In use 39.
HWIDBs SWIDBs
Active 26 31
Inactive 6 8
Total IDBs 32 39
Size each (bytes) 2912 1272
Total bytes 93184 49608
Type SIdx Idx St,O,Sh HDel Interface Name (subblocks)
--------------------------------------------------------
H 1 2 U,I,R . GigabitEthernet0/0 (CRYPTO_HWSB(10), HW IFINDEX(10001), HW SB CDP(6), Qos hw subblock(5), DOT1Q(4), MAC ADDR(3), MTU MIN MAX(2), Ether(1))
H 2 3 U,I,R . GigabitEthernet0/1 (HW IFINDEX(10001), HW SB CDP(6), DOT1Q(4), MAC ADDR(3), MTU MIN MAX(2), Ether(1))
H 3 5 U,D,R . NVI0
H 4 7 D,D,R . Virtual-Access1 (HW IFINDEX(10001), Serial(7), HW Vaccess(8))
H 5 6 D,D,R . Virtual-Template1 (HW COMPRESS(9), HW IFINDEX(10001), Serial(7))
H 6 8 U,D,R . Virtual-Access2 (Serial(7), HW Vaccess(8))
H 7 9 U,D,R . Virtual-Access3 (HW COMPRESS(9), HW IFINDEX(10001), Serial(7), HW Vaccess(8))
H 8 10 U,D,R . Virtual-Access4 (HW COMPRESS(9), Serial(7), HW Vaccess(8))
H 9 14 D,D,R . Virtual-Access5 (Serial(7), HW Vaccess(8))
H 10 15 U,D,R . Virtual-Access6 (HW COMPRESS(9), Serial(7), HW Vaccess(8))
H 11 16 U,D,R . Virtual-Access7 (HW COMPRESS(9), Serial(7), HW Vaccess(8))
H 12 17 D,D,R . Virtual-Access8 (Serial(7), HW Vaccess(8))
H 13 18 U,D,R . Virtual-Access9 (HW COMPRESS(9), Serial(7), HW Vaccess(8))
H 14 19 U,D,R . Virtual-Access10 (HW COMPRESS(9), Serial(7), HW Vaccess(8))
H 15 20 U,D,R . Virtual-Access11 (HW COMPRESS(9), Serial(7), HW Vaccess(8))
H 16 21 U,D,R . Virtual-Access12 (HW COMPRESS(9), HW IFINDEX(10001), Serial(7), HW Vaccess(8))
H 17 22 U,D,R . Virtual-Access13 (HW COMPRESS(9), Serial(7), HW Vaccess(8))
H 18 23 U,D,R . Virtual-Access14 (HW COMPRESS(9), Serial(7), HW Vaccess(8))
H 19 24 U,D,R . Virtual-Access15 (HW COMPRESS(9), Serial(7), HW Vaccess(8))
H 20 25 U,D,R . Virtual-Access16 (HW COMPRESS(9), Serial(7), HW Vaccess(8))
H 21 26 U,D,R . Virtual-Access17 (HW COMPRESS(9), Serial(7), HW Vaccess(8))
H 22 27 U,D,R . Virtual-Access18 (HW COMPRESS(9), Serial(7), HW Vaccess(8))
H 23 28 U,D,R . Virtual-Access19 (HW COMPRESS(9), Serial(7), HW Vaccess(8))
H 24 11 U,D,R . Loopback1 (HW IFINDEX(10001))
H 25 12 U,D,R . Loopback2 (HW IFINDEX(10001))
H 26 13 A,U,R X Loopback3 (HW IFINDEX(10001))
H 27 1 U,D,R . VoIP-Null0
S 1 4 U . GigabitEthernet0/0 (SW CDP(7), IEEE 802.1q(4), DSS(3), NetBIOS(2), KEEPALIVE(1))
S 2 8 U . GigabitEthernet0/0.3072 (CRYPTO(12), DSS(3), SW IP VFR(8), NetBIOS(2), SW CDP(7), Qos sw subblock(6), Dynamic DNS Updates(5), IEEE 802.1q(4))
S 3 9 U . GigabitEthernet0/0.3197 (CRYPTO(12), SW IP VFR(8), NetBIOS(2), SW CDP(7), Qos sw subblock(6), Dynamic DNS Updates(5), IEEE 802.1q(4), DSS(3))
S 4 10 U . GigabitEthernet0/0.3465 (SW IP VFR(8), NetBIOS(2), SW CDP(7), Qos sw subblock(6), Dynamic DNS Updates(5), IEEE 802.1q(4), DSS(3))
S 5 11 U . GigabitEthernet0/0.3467 (CRYPTO(12), SW IP VFR(8), NetBIOS(2), SW CDP(7), Qos sw subblock(6), Dynamic DNS Updates(5), IEEE 802.1q(4), DSS(3))
S 6 24 U . GigabitEthernet0/0.3514 (DSS(3), SW IP VFR(8), NetBIOS(2), Dynamic DNS Updates(5), IEEE 802.1q(4), SW CDP(7))
S 7 5 U . GigabitEthernet0/1 (CRYPTO(12), DSS(3), SW IP VFR(8), Dynamic DNS Updates(5), SW CDP(7), NetBIOS(2), KEEPALIVE(1))
S 8 12 X . GigabitEthernet0/1.3072 (SW FIB PENDING EVENT(10002))
05-16-2008 03:54 AM
Guys,
I solved my issue as made the following changes:
interface Virtual-Template1
description ** Colleagues VPN **
ip unnumbered Loopback3
ip mtu 1460
ip nat inside
ip virtual-reassembly
load-interval 30
peer default ip address pool VPN-IP
keepalive 3600 168
compress mppc
ppp encrypt mppe auto
ppp authentication chap ms-chap ms-chap-v2
interface Virtual-Template2
description ** Colleagues VPN **
ip unnumbered Loopback3
ip mtu 1460
ip nat inside
ip virtual-reassembly
load-interval 30
peer default ip address pool VPN-IP
keepalive 3600 168
compress mppc
ppp encrypt mppe auto
ppp authentication chap ms-chap ms-chap-v2
interface Loopback3
ip address 192.168.100.1 255.255.255.255
It looks like the maximum number of virtual-access interfaces is 19 for each virtual-template profile. I don't know? I tried to find documentation about virtual access interfaces on Cisco's website - but there's nothing mentioned about maximum number of Vi-access interfaces spawned per virtual-template. However, thank you guys anyway ;-)
10-17-2008 07:41 AM
Hello!
You find information about maximum number of Vi-access interfaces spawned per virtual-template. I have similar issue
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: