PPTP with Radius Authentication

Hello,

Has any one had any luck getting a PPTP vpn working with encryption and Radius authentication.

I keep getting the error: May 3 22:48:38.811: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to up May 3 22:48:38.943: Vi3 MPPE: don't understand all options, NAK May 3 22:48:39.071: Vi3 MPPE: RADIUS keying material missing May 3 22:48:39.335: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to down

I use this config:

vpdn enable vpdn ip udp ignore checksum ! vpdn-group 1 ! Default PPTP VPDN group accept-dialin protocol pptp virtual-template 1

async-bootp gateway 126.0.0.110 async-bootp dns-server 192.168.1.26 async-bootp nbns-server 192.168.1.26

interface Virtual-Template1 description $FW_INSIDE$ ip unnumbered FastEthernet4 ip nat inside ip virtual-reassembly ip mroute-cache peer default ip address pool DIAL-IN ppp encrypt mppe auto ppp authentication ms-chap-v2 ms-chap ! radius-server host X.X.X.X auth-port 1645 acct-port 1645 radius-server key 7 XXXXXXXXXXXXX

Thanks in advance,

Jan Sinke

Reply to
Jan Sinke
Loading thread data ...

Hi,

I do the pptp stunt on quite a few dial-in devices. This is my template:

# 1. Replace ddd.hhh.ccc.ppp with the IP address of the DHCP server # 2. Replace manager with the root password (backdoor if RADIUS fails) # 3. If neccesary, replace Ethernet0/0 with the acutal interface used. # 4. Replace xxx.xxx.xxx.xxx with the IP address of the Internet interface # 5. Replace rrr.aaa.ddd.iii with the IP address of the RADIUS server # 6. Replace NEW_KEY with the RADIUS shared secret # ! aaa new-model aaa authentication login default local group radius aaa authentication ppp default local group radius aaa authorization network default local group radius aaa authorization auth-proxy default group radius ! ! ip dhcp-server ddd.hhh.ccc.ppp ! vpdn enable no vpdn logging ! vpdn-group 1 ! Default PPTP VPDN group accept-dialin protocol pptp virtual-template 1 local name PPTP-Tunnel ! interface Virtual-Template1 ip unnumbered Ethernet0/0 ip nat inside peer default ip address dhcp ppp encrypt mppe 40 required ppp authentication ms-chap ! interface FastEthernet0 ip mroute-cache ip proxy-arp ! ip http server ip http access-class 61 ip http authentication aaa access-list 61 deny any access-list 110 permit gre any host xxx.xxx.xxx.xxx access-list 110 permit tcp any host xxx.xxx.xxx.xxx eq 1723 ! radius-server host rrr.aaa.ddd.iii auth-port 1645 acct-port 1646 radius-server retransmit 3 radius-server key NEW_KEY

Brgds Johan Westberg

Reply to
nogo

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.