PPTP with Radius Authentication

Discussion in 'Cisco' started by Jan Sinke, May 3, 2006.

  1. Jan Sinke

    Jan Sinke Guest

    Hello,

    Has any one had any luck getting a PPTP vpn working with encryption and
    Radius authentication.

    I keep getting the error:
    May 3 22:48:38.811: %LINK-3-UPDOWN: Interface Virtual-Access3, changed
    state to up
    May 3 22:48:38.943: Vi3 MPPE: don't understand all options, NAK
    May 3 22:48:39.071: Vi3 MPPE: RADIUS keying material missing
    May 3 22:48:39.335: %LINK-3-UPDOWN: Interface Virtual-Access3, changed
    state to down

    I use this config:

    vpdn enable
    vpdn ip udp ignore checksum
    !
    vpdn-group 1
    ! Default PPTP VPDN group
    accept-dialin
    protocol pptp
    virtual-template 1

    async-bootp gateway 126.0.0.110
    async-bootp dns-server 192.168.1.26
    async-bootp nbns-server 192.168.1.26

    interface Virtual-Template1
    description $FW_INSIDE$
    ip unnumbered FastEthernet4
    ip nat inside
    ip virtual-reassembly
    ip mroute-cache
    peer default ip address pool DIAL-IN
    ppp encrypt mppe auto
    ppp authentication ms-chap-v2 ms-chap
    !
    radius-server host X.X.X.X auth-port 1645 acct-port 1645
    radius-server key 7 XXXXXXXXXXXXX

    Thanks in advance,

    Jan Sinke
     
    Jan Sinke, May 3, 2006
    #1
    1. Advertisements

  2. Jan Sinke

    nogo Guest

    Hi,

    I do the pptp stunt on quite a few dial-in devices. This is my template:

    # 1. Replace ddd.hhh.ccc.ppp with the IP address of the DHCP server
    # 2. Replace manager with the root password (backdoor if RADIUS fails)
    # 3. If neccesary, replace Ethernet0/0 with the acutal interface used.
    # 4. Replace xxx.xxx.xxx.xxx with the IP address of the Internet interface
    # 5. Replace rrr.aaa.ddd.iii with the IP address of the RADIUS server
    # 6. Replace NEW_KEY with the RADIUS shared secret
    #
    !
    aaa new-model
    aaa authentication login default local group radius
    aaa authentication ppp default local group radius
    aaa authorization network default local group radius
    aaa authorization auth-proxy default group radius
    !
    !
    ip dhcp-server ddd.hhh.ccc.ppp
    !
    vpdn enable
    no vpdn logging
    !
    vpdn-group 1
    ! Default PPTP VPDN group
    accept-dialin
    protocol pptp
    virtual-template 1
    local name PPTP-Tunnel
    !
    interface Virtual-Template1
    ip unnumbered Ethernet0/0
    ip nat inside
    peer default ip address dhcp
    ppp encrypt mppe 40 required
    ppp authentication ms-chap
    !
    interface FastEthernet0
    ip mroute-cache
    ip proxy-arp
    !
    ip http server
    ip http access-class 61
    ip http authentication aaa
    access-list 61 deny any
    access-list 110 permit gre any host xxx.xxx.xxx.xxx
    access-list 110 permit tcp any host xxx.xxx.xxx.xxx eq 1723
    !
    radius-server host rrr.aaa.ddd.iii auth-port 1645 acct-port 1646
    radius-server retransmit 3
    radius-server key NEW_KEY


    Brgds Johan Westberg
     
    nogo, May 8, 2006
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.