Cisco 1721 Router
in [Cisco]
|
Prev: Switchport multi and trunk lines
Next: 1811 failure
From: Rob on 29 Oct 2009 13:21 David <dmw2628(a)gmail.com> wrote: > On Oct 29, 11:14 am, Rob <nom...(a)example.com> wrote: >> David <dmw2...(a)gmail.com> wrote: >> > On Oct 29, 10:50 am, Rob <nom...(a)example.com> wrote: >> >> In the interface Virtual-Template1 I use: >> >> >> compress mppc >> >> ppp encrypt mppe auto required >> >> ppp authentication ms-chap >> >> ppp pap refuse >> >> >> This works. >> >> > I tried this and it is still doing the same thing. If it helps too, >> > this only happens after it authenticates, and is "Registering computer >> > on the network." On the Vista machine it show you can try and >> > diagnose, try again, or choose another connection, but on the XP >> > machine it says "Error 742: the remote computer does not support the >> > requred data encryption type." Is the data still being encrypted even >> > if I have the box "require encryptions" unchecked? >> >> I assumed you use PPTP with its associated encryption (mppe) but >> it seems you have configured network encryption on top of that?- Hide quoted text - >> >> - Show quoted text - > > How would I change it to use PPTP with it's associated encryption and > not network encryption on top of it? You configure only a PPTP connection on the calling PC. Not the whole network encryption (IPsec) stuff.
From: David on 29 Oct 2009 16:33 I basically started from scratch and redid the config. Here is what it looks like now: Current configuration : 3084 bytes ! ! Last configuration change at 14:50:35 CST Thu Oct 29 2009 by david ! NVRAM config last updated at 14:11:52 CST Thu Oct 29 2009 by david ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname Inet3 ! boot-start-marker boot-end-marker ! enable password 7 password ! clock timezone CST -5 mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 aaa new-model ! ! aaa authentication login TRAuthList group radius local aaa authentication login userauthen group radius local aaa authentication ppp default group radius local aaa authorization network default if-authenticated aaa authorization auth-proxy default group radius aaa session-id common ip subnet-zero ! ! no ip domain lookup ip domain name esp-seals.com ! ip cef ip audit po max-events 100 vpdn enable vpdn ip udp ignore checksum ! vpdn-group PPTP-Radius ! Default PPTP VPDN group accept-dialin protocol pptp virtual-template 1 ! vpdn-group pppoe request-dialin protocol pppoe ! async-bootp dns-server 192.168.x.x 192.168.x.x async-bootp nbns-server 192.168.x.x 192.168.x.x ! ! username espadmin password 7 password username david privilege 15 password 7 password ! ! ! ! ! interface ATM0 no ip address no ip mroute-cache no atm ilmi-keepalive bundle-enable dsl operating-mode auto ! interface ATM0.1 point-to-point pvc 0/32 pppoe-client dial-pool-number 1 ! ! interface FastEthernet0 ip address 1.1.1.1 255.255.255.0 speed 100 full-duplex ! interface Virtual-Template1 ip unnumbered FastEthernet0 ip helper-address 192.168.x.x peer default ip address dhcp compress mppc ppp encrypt mppe auto required ppp authentication ms-chap ms-chap-v2 ppp pap refuse ! interface Dialer1 mtu 1492 ip address [outside IP] 255.255.255.240 encapsulation ppp dialer pool 1 no cdp enable ppp authentication chap pap callin ppp chap hostname username ppp chap password 7 password ppp pap sent-username username password 7 password ! router eigrp 100 network 1.1.1.0 no auto-summary ! ip classless ip route 0.0.0.0 0.0.0.0 Dialer1 ip http server ip http authentication local ip http secure-server ! ! logging trap debugging logging facility local2 ! snmp-server community key RO radius-server host 192.168.x.x auth-port 1645 acct-port 1646 radius-server key 7 key radius-server vsa send authentication ! line con 0 exec-timeout 0 0 line aux 0 line vty 0 4 exec-timeout 0 0 login authentication userauthen transport input telnet ssh ! ntp clock-period 17180080 ntp server 192.168.x.x end The same thing is happening, but now there is another line in the debug ppp negotiation: Oct 29 20:28:57.429: Vi5 MPPE: Required encryption not negotiated I'm assuming it is disconnecting due to no encryption, but the client (Windows Vista vpn) has the require encryption checked. I took off all NAT and ACLs just to make sure. I am really confused here.
From: David on 30 Oct 2009 14:06 Anyone have any ideas on this one?
From: mikeyb on 10 Nov 2009 10:52
On Oct 30, 6:06 pm, David <dmw2...(a)gmail.com> wrote: > Anyone have any ideas on this one? try ppp encrypt mppe auto passive ppp authentication ms-chap-v2 and leave Require data encryption (disconnect if none) unticked at the client. once connected look at the vpn connection details and you should see mppe encryption on the connection Mike |