Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
224
Views
0
Helpful
2
Replies

Win2k client to 3745 with ISDN/PPP/RADIUS

MATTHIAS SCHAERER
Level 3
Level 3

‎05-01-2006 07:26 AM

Hi,

I am trying to set up a dialup connection between a Windows Client and a 3745 NAS. I want to have authentication with RADIUS and also the IP address is provided by the RADIUS server (no local pool). I do not succeed in setting up the connection although I see the RADIUS server providing me the address but the NAS does not seem to forward it to the Windows client.

Has somebody done a similar config (I couldn't find any examples on CCO) or are my ideas completely way out?

Thanks and regards

Mat

I add a part of the debug radius auth and debug ppp neg so you can see a bit more how my situation looks:

...

May 1 17:07:13.638: RADIUS: 53 42 52 2D 43 4C 20 yy yy yy 22 59 4E 45 54 22 [SBR-CL DN="XXXX"]

May 1 17:07:13.638: RADIUS: 20 41 54 3D yy yy yy 00 [ AT="0"?]

May 1 17:07:13.638: RADIUS: Framed-IP-Address [8] 6 172.29.140.2

May 1 17:07:13.638: RADIUS: Framed-IP-Netmask [9] 6 255.255.255.255

May 1 17:07:13.638: RADIUS: Framed-Protocol [7] 6 PPP [1]

May 1 17:07:13.638: RADIUS: Service-Type [6] 6 Framed [2]

May 1 17:07:13.638: RADIUS(00000075): Received from id 1645/31

May 1 17:07:13.638: Se1/0:18 PPP: Phase is FORWARDING, Attempting Forward

May 1 17:07:13.638: Se1/0:18 PPP: Phase is AUTHENTICATING, Authenticated User

May 1 17:07:13.638: Se1/0:18 CHAP: O SUCCESS id 1 len 4

May 1 17:07:13.638: Se1/0:18 PPP: Phase is VIRTUALIZED

May 1 17:07:13.642: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up

May 1 17:07:13.642: Vi2 MLP: Added first link Se1/0:18 to bundle ynet

May 1 17:07:13.642: Vi2 PPP: Phase is DOWN, Setup

May 1 17:07:13.642: Vi2 PPP: Phase is UP

May 1 17:07:13.642: Vi2 PPP: Process pending ncp packets

May 1 17:07:13.642: Se1/0:18 PPP: Process pending ncp packets

May 1 17:07:13.642: Se1/0:18 PPP: Process pending ncp packets

May 1 17:07:13.674: Vi2 PPP: I pkt type 0x8021, datagramsize 38 link[ip]

May 1 17:07:13.674: Vi2 IPCP: I CONFREQ [Not negotiated] id 4 len 34

May 1 17:07:13.674: Vi2 IPCP: Address 0.0.0.0 (0x030600000000)

May 1 17:07:13.674: Vi2 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)

May 1 17:07:13.674: Vi2 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000)

May 1 17:07:13.674: Vi2 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)

May 1 17:07:13.674: Vi2 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000)

May 1 17:07:13.674: Vi2 LCP: O PROTREJ [Open] id 1 len 40 protocol IPCP

May 1 17:07:13.674: Vi2 LCP: (0x80210104002203060000000081060000)

May 1 17:07:13.674: Vi2 LCP: (0x00008206000000008306000000008406)

May 1 17:07:13.674: Vi2 LCP: (0x00000000)

May 1 17:07:13.894: %LINK-3-UPDOWN: Interface Serial1/0:18, changed state to down

May 1 17:07:13.898: Se1/0:18 PPP: Sending Acct Event[Down] id[75]

May 1 17:07:13.898: Se1/0:18 PPP: Phase is TERMINATING

May 1 17:07:13.898: Se1/0:18 LCP: State is Closed

May 1 17:07:13.898: Se1/0:18 PPP: Phase is DOWN

May 1 17:07:13.898: Vi2 PPP: Sending Acct Event[Down] id[76]

May 1 17:07:13.898: Vi2 PPP: Phase is TERMINATING

May 1 17:07:13.898: Vi2 LCP: State is Closed

May 1 17:07:13.898: Vi2 PPP: Phase is DOWN

May 1 17:07:13.898: Vi2 PPP: Block vaccess from being freed [0x20]

May 1 17:07:13.898: Vi2 PPP: Unlocked by [0x20] Still Locked by [0x0]

May 1 17:07:13.898: Vi2 PPP: Free previously blocked vaccess

May 1 17:07:13.902: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down

...

Labels:
0 Helpful
2 Replies 2

lgijssel
Level 9
Level 9

‎05-01-2006 10:22 PM

Your setup is not unusual. It might be a good idea to attempt using a local pool to start with. If that works you know that you will need to fiddle with your radius server.

As far as I can see from the debug, there is no response to the confreq. Instead, I see a rejection on IPCP. To counter this, switch off all compression settings on both ends. If that solves it, you can subsequentially try to find a working combination.

Regards,

Leo

0 Helpful

MATTHIAS SCHAERER
Level 3
Level 3
In response to lgijssel

‎05-05-2006 01:22 AM

Leo,

i finally found a working solution. I had a mixture of router-router connections with numbered IP links and unnumbered clients dialing in. When changing to an all unnumbered configuration it started to work. Thanks for your input, it kept me working although the compression was not the issue. It was the numbered/unnumbered mixture.

Regards,

Mat

0 Helpful
Customers Also Viewed These Support Documents