I'm trying to deal with one strange problem. I have configured pptp server on Cisco 2821 (c2800nm-advipservicesk9-mz.124-13d.bin"). All pptp users are authenticated through a RADIUS server . However, it seems that when 15 users get connected simultaneously, no additional slot for the 16th user is available. Or otherwise users who may use vpn access to the network through pptp are only 15. Here is some sample configuration and log files on the router:
aaa authentication login default local
aaa authentication ppp default group radius
aaa authorization network default group radius if-authenticated
aaa accounting network default start-stop group radius
aaa session-id common
! Default PPTP VPDN group
description ** Administrative VPN for IT colleagues **
description ** Colleagues VPN **
ip address 192.168.100.1 255.255.255.0
ip mtu 1460
ip nat inside
peer default ip address pool VPN-IP
keepalive 3600 168
ppp encrypt mppe auto
ppp authentication chap ms-chap ms-chap-v2
Afther authentication process somethings get wrong with the IPCP:
*May 16 08:51:30.947: Vi19 MS-CHAP-V2: O SUCCESS id 1 len 46 msg is "S=D82A744BCA7653F5D988B7902727D3F7C7033709"
It looks like the maximum number of virtual-access interfaces is 19 for each virtual-template profile. I don't know? I tried to find documentation about virtual access interfaces on Cisco's website - but there's nothing mentioned about maximum number of Vi-access interfaces spawned per virtual-template. However, thank you guys anyway ;-)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...