In VPN Concentrator,PPTP VPN connection, not get authentication, verifying user name & password, but when we connect through vpn client software, which is IPSEC/UDP, get connect on VPN concentrator, this happens suddenly. after some time it woking. so, we contucted a test from outside of the network, PPTP VPN is working, while comes from ISP is not. what could be cause.
prompt response is much appicate,
thanks & regards
many thanks..... for ur prompt reply, how could is possible, it is working from many years. how can i prove that is from ISP. could you explain, please
thanks & regards,
Since PPTP works OK when you tested on your outside network, this means that your PPTP configuration should be OK. That's why I am thinking it might be caused by your ISP blocking the port for PPTP. You might check the log on VPN concentrator and do a packet sniffer to find it out.
dear, again the same problem happened. as you said, i snif the packet while traffic coming from ISP and as well as connecting through my Outside network. while analysing the packets several request, ack, ms chap authentication, login successful and compresed packet can see clearly, in through my outside network. while the analysing packet of isp, packet request, ack are fine, but ms chap authen & ppp LCP in not fine conversation, and again and again requesting. so i send to this management. but same time if there is any possible of upgrading IOS from 4.7 or any other recommendation,
awaiting for your response.
thanks & regards
Zak, I do agree with Kevin .but sounds you have ruled out ISP blocking PPTP with sniff results but to be completely sure you should from outside conduct a telnet test on port 1723 towards your VPN concentrator public IP address.
c:\telnet < VPN_gateway_outside_IP> 1723
if telnet test fails double check PPTP is enabled under udner Configuration\System\PPTP
if telnet test is successful I would suggest to double check VPN PPTP authentication protocols configuration under System/Usermanager/Groups/VPN(internally Configure) and verify authen protocols are in fact enabled .
The question would probably be can any of your PPTP clients successfully connect at all? or is it just a few clients unable to connect, what are you using for authenticating your users RADIUS from MS-IAS , is it possible some changes may have occor in RADIUS?
If you can rule out all these above we' could take different troubleshooting approach.
If your PPTP client works fine when it is in your outside network, I believe that your VPN concentator's configuration should be good. Is there any other device between your outside network and ISP? Remember you need open two ports for PPTP to work, one is TCP/1723 which is for PPTP control session and the other is GRE which is for data packets.
many thanks for all your efforts,
I telnet vpn public address with port 1723, is opening the session, and i double with tunneling & security, PPTP is enabled. and i also double check GRE it also enabled. we can say almost it working more than 6 years, no changes at all from side.
1- Can you post some real time vpn logs when PPTP client tries connecting.
2- When was the last time the unit was power clycle? you may want to try a reboot, save VPN configuration prior doing a reboot.
3- What version code are you running
Cisco Cotent Switch giving problem of intermittent connecting PPTP, we by pass the device, problem solved.
thanking all, for your efforts
thanks & regards,