Cisco router 831 PPTP VPN setup

I'm trying to set up a PPTP VPN on a Cisco 831 router. I've got the routers

800-series software configuration guide from the Cisco site but it talks about IPSEC instead. I came up with a document at Cisco called "Configuring the Cisco Router and VPN Clients Using PPTP and MPPE. It's pretty close to what I want but is actually written for a Cisco 2621. So here's what I'm doing but it doesn't yet work (I'm just typing the main stuff here. The access-list 111 actually permits a variety of other things as well, such as icmp, stmp, pop3, www, etc):

vpdn-group 1 description My VPDN remote-access group request-dialin protocol pptp source vpdn-template virtual-template1

interface Ethernet1 description $ETH-WAN$ ip address (our external internet IP address goes here, followed by subnet mask) ip access-group 111 in ip nat outside no ip mroute-cache no cdp enable hold-queue 32 in

interface Virtual-Template1 ip unnumbered Ethernet0 peer default ip address pool PPTP_pool no keepalive ppp encrypt mppe auto ppp authentication pap chap ms-chap

ip local pool PPTP_pool

access-list 111 permit tcp any any eq 1723 access-list 111 permit gre any any access-list 111 deny ip any any

I've actually got a working PPTP VPN set up on my PIX 506e, but the command set on the Cisco 831 router is somewhat different. For example, on the PIX the VPN username is set up via the command 'vpdn username anyname password anypassword', but this command doesn't exist on the 831. Instead, I just create a username/password in general on the 831. By the way, the internal LAN network for the 831 is 172.16.x.x, One main thing that I'm doing different on the PIX is:

access-list acl_PPTP permit ip access-list acl_PPTP permit icmp nat (inside) 0 access-list acl_PPTP

My VPN setup on the PIX (only part of it shown here) works great, but I can't get the Router 831 equivalent working. Can anyone suggest a PDF, web link, or direct comments as to why the configuration shown at the top of this posting isn't sufficient? It seems I'm on the right track but am missing a couple of configuration steps.

Thanks in advance,

Tom Edelbrok

Reply to
Tom Edelbrok
Loading thread data ...

Try this: interface Virtual-Template1 ppp authentication ms-chap {callin}

Because in some document it is mentioned, that MPPE could be negotiated only by MS-CHAP (not MS-CHAP-v2).

p.s. And don't use PAP at all.

Reply to
liminas_LT Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.