Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
586
Views
0
Helpful
2
Replies

Cisc 871 PPTP to Windows Radius Server (Required encryption not negotiated)

johnelliot
Level 1
Level 1

‎10-09-2006 05:25 PM

Hi,

I am unable to get any level of encryption on a PPTP connection from Windows XP box connecting to a Cisco 871(with ADVSECURITYK9-M IOS) authenticating from a Windows 2000 Radius Server - I have the following config:

aaa new-model

!

!

aaa authentication ppp default group radius local

aaa authorization network default if-authenticated

aaa session-id common

vpdn enable

!

vpdn-group 1

! Default PPTP VPDN group

accept-dialin

protocol pptp

virtual-template 1

interface Virtual-Template1

ip unnumbered Vlan1

ip mroute-cache

peer default ip address pool DIAL-IN

ppp encrypt mppe auto required

ppp authentication ms-chap ms-chap-v2

I have tried all variations on the "ppp encrypt mppe" line (40/128 and with/without the "required"), but if I set the WinXP client to require encryption, I always get:

Oct 10 11:22:34.210 GMT+10: Vi3 IPCP: State is Open

Oct 10 11:22:34.210 GMT+10: Vi3 CCP: I TERMACK [TERMsent] id 3 len 4

Oct 10 11:22:34.210 GMT+10: Vi3 CCP: State is Closed

Oct 10 11:22:34.214 GMT+10: Vi3 MPPE: Required encryption not negotiated

Oct 10 11:22:34.214 GMT+10: Vi3 PPP: Sending Acct Event[Down] id[54]

Oct 10 11:22:34.214 GMT+10: Vi3 IPCP: State is Closed

Oct 10 11:22:34.214 GMT+10: Vi3 PPP: Phase is TERMINATING

and WinXP reports:

Error 742: The remote computer does not support the required data encryption type

NB: A Pix 515, auth'ing from the same Radius server is able to achieve 128bit encrpytion.

Any suggestions aer greatly appreciated.

Labels:
0 Helpful
2 Replies 2

smalkeric
Level 6
Level 6

‎10-13-2006 11:07 AM

Sometimes if you upgrade the IOS you might get this error.Try downgrading the IOS.Refer tje following URL for more info

http://www.cisco.com/warp/public/116/pptp_3885.html

0 Helpful

johnelliot
Level 1
Level 1
In response to smalkeric

‎10-16-2006 02:02 PM

Thanks for the reponse - but the problem was with the following line:

aaa authorization network default if-authenticated

Needed to be:

aaa authorization network default group radius

And 128bit PPTP connections worked immediately.

Fairly certain older IOS versions accepted the first version....I was running C870-ADVSECURITYK9-M), Version 12.3(8)YI2

0 Helpful
Customers Also Viewed These Support Documents