PPTP + Local Authentication

cowsis300 · ‎01-31-2008

I am trying to setup our concentrator to allow PPTP VPN sessions using local authentication. I setup a pptp group on our concentrator and setup a local user which is associated with the group. I set the tunneling protocols to PPTP on both the group and user levels. I also set the respective PPTP Authentication Protocols under the PPTP/L2TP tab for the group. The problem I am running into is when I attempt to establish a connection from a Windows XP machine using the local user account I am not able to ever establish a connection. When I watch the Live Event Viewer it shows the following message ( User [pptpuser]disconnected.. failed authentication (MSCHAP-V2) ). What I take from this is as if the concentrator is still looking for Radius auth. Anyone have any suggestions on this?

ajagadee · ‎01-31-2008

Couple of things I would try to begin with.

1. Move the Internal Authentication to the top of the list under authentication servers.

2. Check the PPTP Configuration to see if you have MSCHAP-V2 Configured. If so, try disabling this option and see if it works.

Regards,

Arul

** Please rate all helpful posts **

cowsis300 · ‎02-01-2008

I tried these 2 suggestions and the outcome is not as I expected. I think the issue I am having is due to how this concentrator was originally deployed and setup. If I move the Internal Authentication to the top of the list then Radius authentication fails. If I move Radius back to the top then Internal will fail. Historically the way users access VPN is the use radius and authenticate to the Base-Group which by default is set to Radius authentication. In previous implementations I have seen were the Base-Group is set to internal for authentication and then various groups are created in the concentrator and within those groups you specify them to auth via Radius server.