Kenneth,
Few strange this from following trace..
1. PPTP does comes in & establishes connection & which brings vaccess
interface up too..if thats the case then why outgoing PPP packets are not
shown in debug. Try turning "debug vpdn packet" "debug vpdn error" & "debug
vpdn event" on & see if you get traces after placing pptp call.
2. As you mentioned connection doesnt comes up, from following traces i
didnt found it went back down if its true then i need traces till that level
to see which process/layer failed to establish connection .
3. You have configured AAA for login but i didnt saw any UDP packet going to
internal network for getting authenticatad.
Just curious if you can try after removing MPPE if that works then try
configuring it to auto "ppp encrypt mppe auto", but i would prefer just try
without encryption first & see if that works. Tommorow i will simulate in
lab to figure out whats causing it meanwhile you can provide above traces.
Also let me know your email id, since this email id fails to deliver
message.
thanks,
rahul.
om: "Kenneth"
Reply-To: "Kenneth"
To: [EMAIL PROTECTED]
Subject: Re: PPP Negotiation question --- HELP!!! PLEASE! [7:8438]
Date: Wed, 13 Jun 2001 23:17:09 -0400
Nothing came up with the debugs you listed except for ip packet detail
The router is a 2621 with 2 Fastethernet ports. Fa0/0 is connected to our
internal network, while Fa0/1 is connected to a border router to the
internet. PPTP arrives on the Fa0/1 interface. Fa0/1 has a public IP
address while Fa0/0 has the private address.
Here's the debug from debug ip packet det - I replaced the router's public
ip with A.B.C.D
Jun 13 22:51:35: IP: s=A.B.C.D (local), d=66.32.46.139 (FastEthernet0/1),
len 116, sending
Jun 13 22:51:35: TCP src=22, dst=2604, seq=1252417216, ack=391149,
win=4028 ACK PSH
Jun 13 22:51:35: IP: s=66.32.46.139 (FastEthernet0/1), d=A.B.C.D
(FastEthernet0/1), len 40, rcvd 3
Jun 13 22:51:35: TCP src=2604, dst=22, seq=391149, ack=1252417292,
win=8120 ACK
Jun 13 22:51:36: IP: s=192.168.1.3 (FastEthernet0/0), d=224.0.0.10, len 60,
rcvd 2, proto=88
Jun 13 22:51:36: IP: s=192.168.1.1 (FastEthernet0/0), d=224.0.0.10, len 60,
rcvd 2, proto=88
Jun 13 22:51:36: IP: s=66.32.46.139 (FastEthernet0/1), d=A.B.C.D
(FastEthernet0/1), len 44, rcvd 3
Jun 13 22:51:36: TCP src=2626, dst=1723, seq=384185, ack=0, win=8192 SYN
Jun 13 22:51:36: IP: s=66.32.46.139 (FastEthernet0/1), d=A.B.C.D
(FastEthernet0/1), len 40, rcvd 3
Jun 13 22:51:36: TCP src=2626, dst=1723, seq=384186, ack=79997953,
win=8576 ACK
Jun 13 22:51:36: IP: s=66.32.46.139 (FastEthernet0/1), d=A.B.C.D
(FastEthernet0/1), len 196, rcvd 3
Jun 13 22:51:36: TCP src=2626, dst=1723, seq=384186, ack=79997953,
win=8576 ACK PSH
Jun 13 22:51:37: IP: s=66.32.46.139 (FastEthernet0/1), d=A.B.C.D
(FastEthernet0/1), len 208, rcvd 3
Jun 13 22:51:37: TCP src=2626, dst=1723, seq=384342, ack=79998109,
win=8420 ACK PSH
Jun 13 22:51:37: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to
up
Jun 13 22:51:37: IP: s=A.B.C.D (local), d=66.32.46.139 (FastEthernet0/1),
len 55, sending, proto=47
Jun 13 22:51:37: IP: s=66.32.46.139 (FastEthernet0/1), d=A.B.C.D
(FastEthernet0/1), len 64, rcvd 3
Jun 13 22:51:37: TCP src=2626, dst=1723, seq=384510, ack=79998141,
win=8388 ACK PSH
Jun 13 22:51:37: IP: s=66.32.46.139 (FastEthernet0/1), d=A.B.C.D
(FastEthernet0/1), len 53, rcvd 3, proto=47
Jun 13 22:51:37: IP: s=192.168.1.5 (FastEthernet0/0), d=224.0.0.10, len 60,
rcvd 2, proto=88
Jun 13 22:51:37: IP: s=192.168.1.10 (local), d=224.0.0.10 (FastEthernet0/0),
len 60, sending broad/multicast, proto=88
Jun 13 22:51:37: IP: s=66.32.46.139 (FastEthernet0/1), d=A.B.C.D
(FastEthernet0/1), len 55, rcvd 3, proto=47
Jun 13 22:51:38: IP: s=172.16.3.1 (local), d=224.0.0.10 (Loopback0), len 60,
sending broad/multicast, proto=88
Jun 13 22:51:38: IP: s=172.16.3.1 (Loopback0), d=224.0.0.10, len 60, rcvd 2,
proto=88
Jun 13 22:51:38: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Virtual-Access1, changed state to up
Jun 13 22:51:38: IP: s=192.168.1.97 (FastEthernet0/0), d=192.168.1.255
(FastEthernet0/0), len 229, rcvd 3
Jun 13 22:51:38: UDP src=138, dst=138
Jun 13 22:51:38: IP: s=192.168.1.9 (FastEthernet0/0), d=224.0.0.10, len 60,
rcvd 2, proto=88
Jun 13 22:51:38: IP: s=192.168.1.33 (FastEthernet0/0), d=192.168.1.255
(FastEthernet0/0), len 78, rcvd 3
Jun 13 22:51:38: UDP src=137, dst=137
Jun 13 22:51:39: IP: s=A.B.C.D (local), d=66.32.46.139 (FastEthernet0/1),
len 55, sending, proto=47
Jun 13 22:51:39: IP: s=66.32.46.139 (FastEthernet0/1), d=A.B.C.D
(FastEthernet0/1), len 57, rcvd 3, proto=47
Jun 13 22:51:39: IP: s=66.32.46.139 (FastEthernet0/1), d=A.B.C.D
(FastEthernet0/1), len 51, rcvd 3, proto=47
Jun 13 22:51:39: IP: s=192.168.1.33 (FastEthernet0/0), d=192.168.1.255
(FastEthernet0/0), len 78, rcvd 3
Jun 13 22:51:39: UDP src=137, dst=137
Jun 13 22:51:39: IP: s=66.32.46.139 (FastEthernet0/1), d=A.B.C.D
(FastEthernet0/1), len 60, rcvd 3
Jun 13 22:51:39: TCP src=2604, dst=22, seq=391149, ack=1252417292,
win=8120 ACK PSH
Jun 13 22:51:39: IP: s=A.B.C.D (local), d=66.32.46.139 (FastEthernet0/1),
len 76, sending
Jun 13 22:51:39: TCP src=22, dst=2604, seq=1252417292, ack=391169,
win=4008 ACK PSH
Jun 13 22:51:40: IP: s=192.168.1.33 (FastEthernet0/0), d=192.168.1.255
(FastEthernet0/0), len 78, rcvd 3
Jun 13 22:51:40: UDP src=137, dst=137
Jun 13 22:51:40: IP: s=66.32.46.139 (FastEthernet0/1), d=A.B.C.D
(FastEthernet0/1), len 40, rcvd 3
Jun 13 22:51:40: TCP src=2604, dst=22, seq=391169, ack=1252417328,
win=8084 ACK
Jun 13 22:51:40: IP: s=192.168.1.3 (FastEthernet0/0), d=224.0.0.10, len 60,
rcvd 2, proto=88
Jun 13 22:51:40: IP: s=66.32.46.139 (FastEthernet0/1), d=A.B.C.D
(FastEthernet0/1), len 60, rcvd 3
Jun 13 22:51:41: TCP src=2604, dst=22, seq=391169, ack=1252417328,
win=8084 ACK PSH
Jun 13 22:51:41: IP: s=A.B.C.D (local), d=66.32.46.139 (FastEthernet0/1),
len 76, sending
Jun 13 22:51:41: TCP src=22, dst=2604, seq=1252417328, ack=391189,
win=3988 ACK PSH
Jun 13 22:51:41: IP: s=66.32.46.139 (FastEthernet0/1), d=A.B.C.D
(FastEthernet0/1), len 40, rcvd 3
Jun 13 22:51:41: TCP src=2604, dst=22, seq=391189, ack=1252417364,
win=8048 ACK
Jun 13 22:51:41: IP: s=A.B.C.D (local), d=66.32.46.139 (FastEthernet0/1),
len 55, sending, proto=47
Jun 13 22:51:41: IP: s=66.32.46.139 (FastEthernet0/1), d=A.B.C.D
(FastEthernet0/1), len 55, rcvd 3, proto=47
Jun 13 22:51:41: IP: s=192.168.1.1 (FastEthernet0/0), d=224.0.0.10, len 60,
rcvd 2, proto=88
Jun 13 22:51:41: IP: s=66.32.46.139 (FastEthernet0/1), d=A.B.C.D
(FastEthernet0/1), len 60, rcvd 3
Jun 13 22:51:41: TCP src=2604, dst=22, seq=391189, ack=1252417364,
win=8048 ACK PSH
Jun 13 22:51:41: IP: s=A.B.C.D (local), d=66.32.46.139 (FastEthernet0/1),
len 100, sending
Jun 13 22:51:41: TCP src=22, dst=2604, seq=1252417364, ack=391209,
win=3968 ACK PSH
Jun 13 22:51:41: IP: s=66.32.46.139 (FastEthernet0/1), d=A.B.C.D
(FastEthernet0/1), len 60, rcvd 3
Jun 13 22:51:41: TCP src=2604, dst=22, seq=391209, ack=1252417424,
win=8576 ACK PSH
Jun 13 22:51:41: IP: s=A.B.C.D (local), d=66.32.46.139 (FastEthernet0/1),
len 100, sending
Jun 13 22:51:41: TCP src=22, dst=2604, seq=1252417424, ack=391229,
win=3948 ACK PSH
Jun 13 22:51:41: IP: s=66.32.46.139 (FastEthernet0/1), d=A.B.C.D
(FastEthernet0/1), len 40, rcvd 3
Jun 13 22:51:41: TCP src=2604, dst=22, seq=391229, ack=1252417484,
win=8516 ACK
Jun 13 22:51:41: IP: s=192.168.1.10 (local), d=224.0.0.10 (FastEthernet0/0),
len 60, sending broad/multicast, proto=88
Jun 13 22:51:41: IP: s=172.16.3.1 (local), d=224.0.0.10 (Virtual-Access1),
len 60, sending broad/multicast, proto=88
Jun 13 22:51:41: IP: s=172.16.3.1 (local), d=224.0.0.10 (Virtual-Access1),
len 60, encapsulation failed, proto=88
Jun 13 22:51:42: IP: s=192.168.1.5 (FastEthernet0/0), d=224.0.0.10, len 60,
rcvd 2, proto=88
Jun 13 22:51:42: IP: s=66.32.46.139 (FastEthernet0/1), d=A.B.C.D
(FastEthernet0/1), len 53, rcvd 3, proto=47
Jun 13 22:51:42: IP: s=172.16.3.1 (local), d=224.0.0.10 (Loopback0), len 60,
sending broad/multicast, proto=88
Jun 13 22:51:42: IP: s=172.16.3.1 (Loopback0), d=224.0.0.10, len 60, rcvd 2,
proto=88
Jun 13 22:51:43: IP: s=192.168.1.9 (FastEthernet0/0), d=224.0.0.10, len 60,
rcvd 2, proto=88
Jun 13 22:51:43: IP: s=A.B.C.D (local), d=66.32.46.139 (FastEthernet0/1),
len 55, sending, proto=47
Jun 13 22:51:43: IP: s=66.32.46.139 (FastEthernet0/1), d=A.B.C.D
(FastEthernet0/1), len 55, rcvd 3, proto=47
Jun 13 22:51:44: IP: s=192.168.1.50 (FastEthernet0/0), d=255.255.255.255,
len 164, rcvd 2
Jun 13 22:51:44: UDP src=1042, dst=12974
Jun 13 22:51:44: IP: s=192.168.1.15 (FastEthernet0/0), d=192.168.1.255
(FastEthernet0/0), len 213, rcvd 3
Jun 13 22:51:44: UDP src=138, dst=138
Jun 13 22:51:45: IP: s=192.168.1.3 (FastEthernet0/0), d=224.0.0.10, len 60,
rcvd 2, proto=88
Jun 13 22:51:45: IP: s=A.B.C.D (local), d=66.32.46.139 (FastEthernet0/1),
len 55, sending, proto=47
Jun 13 22:51:45: IP: s=66.32.46.139 (FastEthernet0/1), d=A.B.C.D
(FastEthernet0/1), len 55, rcvd 3, proto=47
Jun 13 22:51:46: IP: s=66.32.46.139 (FastEthernet0/1), d=A.B.C.D
(FastEthernet0/1), len 53, rcvd 3, proto=47
Jun 13 22:51:46: IP: s=192.168.1.1 (FastEthernet0/0), d=224.0.0.10, len 60,
rcvd 2, proto=88
Jun 13 22:51:46: IP: s=192.168.1.5 (FastEthernet0/0), d=224.0.0.10, len 60,
rcvd 2, proto=88
Jun 13 22:51:46: IP: s=192.168.1.10 (local), d=224.0.0.10 (FastEthernet0/0),
len 60, sending broad/multicast, proto=88
Jun 13 22:51:46: IP: s=172.16.3.1 (local), d=224.0.0.10 (Virtual-Access1),
len 60, sending broad/multicast, proto=88
Jun 13 22:51:46: IP: s=172.16.3.1 (local), d=224.0.0.10 (Virtual-Access1),
len 60, encapsulation failed, proto=88
Jun 13 22:51:47: IP: s=172.16.3.1 (local), d=224.0.0.10 (Loopback0), len 60,
sending broad/multicast, proto=88
Jun 13 22:51:47: IP: s=172.16.3.1 (Loopback0), d=224.0.0.10, len 60, rcvd 2,
proto=88
Jun 13 22:51:47: IP: s=A.B.C.D (local), d=66.32.46.139 (FastEthernet0/1),
len 55, sending, proto=47
Jun 13 22:51:47: IP: s=66.32.46.139 (FastEthernet0/1), d=A.B.C.D
(FastEthernet0/1), len 55, rcvd 3, proto=47
Jun 13 22:51:47: IP: s=192.168.1.9 (FastEthernet0/0), d=224.0.0.10, len 60,
rcvd 2, proto=88
Jun 13 22:51:47: IP: s=66.32.46.139 (FastEthernet0/1), d=A.B.C.D
(FastEthernet0/1), len 60, rcvd 3
Jun 13 22:51:47: TCP src=2604, dst=22, seq=391229, ack=1252417484,
win=8516 ACK PSH
Jun 13 22:51:47: IP: s=A.B.C.D (local), d=66.32.46.139 (FastEthernet0/1),
len 60, sending
Jun 13 22:51:47: TCP src=22, dst=2604, seq=1252417484, ack=391249,
win=3928 ACK PSH
""Rahul Kachalia"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Kenneth,
>
> I cant see single LCP coming in..anyway provide following outputs
after
> turning debugs on.
>
> show radius statistics.
> debug aaa authen
> debug ppp mppe pack
> show ppp mppe virtual-access
>
> if no traces comes up with this debugs..then turn "debug ip pack det"
&
> place pptp call again I am expecting tcp packet here..if not then there
is
> definatly L2 problems.. Also looking from configs I can see only FE, may
i
> know where is the PPTP call is arriving? Is it over PPPoE ( FE0/1 )??
Kindly
> provide your topology based on configs I am assuming every thing is
local.
>
> thanks,
> rahul.
>
> ----- Original Message -----
> From: "Kenneth"
> To:
> Sent: Wednesday, June 13, 2001 5:49 PM
> Subject: Re: PPP Negotiation question --- HELP!!! PLEASE! [7:8438]
>
>
> > Here's my config, Rahul, I hope you can help me out on this. I also
have
> the
> > debugs included below the configs.
> >
> > !
> > ! Last configuration change at 15:12:59 EDT Wed Jun 13 2001 by klorenzo
> > !
> > version 12.2
> > no service single-slot-reload-enable
> > service timestamps debug datetime localtime
> > service timestamps log datetime localtime
> > service password-encryption
> > !
> > hostname XXX
> > !
> > logging buffered 12000 debugging
> > logging rate-limit console 10 except errors
> > aaa new-model
> > aaa authentication login default group radius local none
> > aaa authentication login console group radius local none
> > aaa authentication login vty group radius local
> > aaa authentication ppp default group radius local
> > aaa authorization exec default group radius local
> > aaa authorization exec telnet group radius
> > aaa accounting exec shell start-stop group radius
> > aaa accounting network default start-stop group radius
> > enable secret 5 XXX.
> > !
> > clock timezone EST -5
> > clock summer-time EDT recurring
> > ip subnet-zero
> > no ip source-route
> > !
> > !
> > no ip finger
> > ip domain-name ctnet.com
> > ip name-server 192.168.1.11
> > !
> > ip inspect audit-trail
> > ip audit attack action alarm drop
> > ip audit notify log
> > ip audit po max-events 100
> > ip dhcp-server 192.168.1.11
> > no ip dhcp-client network-discovery
> > ip ssh time-out 120
> > ip ssh authentication-retries 3
> > vpdn enable
> > no vpdn logging local
> > no vpdn logging remote
> > no vpdn logging user
> > !
> > vpdn-group 1
> > ! Default PPTP VPDN group
> > accept-dialin
> > protocol pptp
> > virtual-template 1
> >
> > !
> > !
> > call rsvp-sync
> > !
> > !
> > !
> > !
> > !
> > !
> > !
> > !
> > interface Loopback0
> > ip address 172.16.3.1 255.255.255.0
> > !
> > interface FastEthernet0/0
> > ip address 192.168.1.10 255.255.255.0
> > speed 100
> > full-duplex
> > !
> > interface Serial0/0
> > no ip address
> > shutdown
> > no fair-queue
> > !
> > interface FastEthernet0/1
> > ip address A.B.C.D 255.255.255.0
> > duplex auto
> > speed auto
> > pppoe enable
> > !
> > interface Virtual-Template1
> > ip unnumbered Loopback0
> > ip mroute-cache
> > peer default ip address pool testpool
> > ppp encrypt mppe 128
> > ppp authentication ms-chap
> > !
> > router eigrp 1000
> > passive-interface FastEthernet0/1
> > network 172.16.0.0
> > network 192.168.1.0
> > no auto-summary
> > no eigrp log-neighbor-changes
> > !
> > ip local pool testpool 172.16.3.2 172.16.3.10
> > ip kerberos source-interface any
> > ip classless
> > ip route 0.0.0.0 0.0.0.0 A.B.C.D
> > ip route X.Y.0.0 255.255.0.0 X.Y.1.1
> > no ip http server
> > !
> > ip radius source-interface FastEthernet0/0
> > !
> > snmp-server community network~elites1 RO
> > snmp-server location Cleveland,OH
> > snmp-server contact Kenneth Lorenzo
> > radius-server host 192.168.1.195 auth-port 1645 acct-port 1646
> > radius-server retransmit 2
> > radius-server timeout 10
> > radius-server deadtime 2
> > radius-server key 7 XXX!
> > dial-peer cor custom
> > !
> > !
> > !
> > !
> > banner motd ^C
> > **********************************************
> > * *
> > * Access to this router is logged *
> > * Unauthorized Access is not allowed *
> > * and will be persecuted to the *
> > * full extent of the law *
> > * *
> > **********************************************
> > ^C
> > !
> > line con 0
> > exec-timeout 5 0
> > authorization exec telnet
> > accounting exec shell
> > login authentication console
> > transport input none
> > line aux 0
> > no exec
> > authorization exec telnet
> > accounting exec shell
> > login authentication console
> > line vty 0 4
> > authorization exec telnet
> > accounting exec shell
> > login authentication vty
> > transport input ssh
> > line vty 5 15
> > authorization exec telnet
> > accounting exec shell
> > login authentication vty
> > transport input ssh
> > !
> > ntp clock-period 17179778
> > ntp server 192.168.1.2
> > end
> >
> >
> > ------ Debugs ---
> >
> > Jun 13 15:23:47: Vi1 LCP: TIMEout: State REQsent
> > Jun 13 15:23:47: Vi1 LCP: O CONFREQ [REQsent] id 38 len 15
> > Jun 13 15:23:47: Vi1 LCP: AuthProto MS-CHAP (0x0305C22380)
> > Jun 13 15:23:47: Vi1 LCP: MagicNumber 0x067E3C84 (0x0506067E3C84)
> > Jun 13 15:23:47: Vi1 VPDN: O out
> > Jun 13 15:23:49: Vi1 LCP: TIMEout: State REQsent
> > Jun 13 15:23:49: Vi1 LCP: O CONFREQ [REQsent] id 39 len 15
> > Jun 13 15:23:49: Vi1 LCP: AuthProto MS-CHAP (0x0305C22380)
> > Jun 13 15:23:49: Vi1 LCP: MagicNumber 0x067E3C84 (0x0506067E3C84)
> > Jun 13 15:23:49: Vi1 VPDN: O out
> > Jun 13 15:23:49: Vi1 PPP: Outbound ip packet dropped, line protocol not
up
> > Jun 13 15:23:51: Vi1 LCP: TIMEout: State REQsent
> > Jun 13 15:23:51: Vi1 LCP: O CONFREQ [REQsent] id 40 len 15
> > Jun 13 15:23:51: Vi1 LCP: AuthProto MS-CHAP (0x0305C22380)
> > Jun 13 15:23:51: Vi1 LCP: MagicNumber 0x067E3C84 (0x0506067E3C84)
> > Jun 13 15:23:51: Vi1 VPDN: O out
> >
> >
> >
> >
> > ""Rahul Kachalia"" wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Kenneth,
> > >
> > > Can you paste those contents & if possible configs of router.
> > >
> > > thanks,
> > > rahul.
> > > ----- Original Message -----
> > > From: "Kenneth"
> > > To:
> > > Sent: Wednesday, June 13, 2001 3:59 PM
> > > Subject: PPP Negotiation question --- HELP!!! PLEASE! [7:8438]
> > >
> > >
> > > > Can anyone shed light on this problem im having.
> > > >
> > > > I have 1 laptop with Sniffer pro and a router on the other end
running
> > > PPTP
> > > > set for Ms-chap authentication.
> > > >
> > > > When I tried to establish a PPTP session from the laptop to the
> router,
> > > all
> > > > it does is it times out. The router is acting as a PPTP server.
> > > >
> > > > When I look at the sniffer's output, I can see the:
> > > >
> > > > 1) PPP ConfReq sent to the Router from my laptop
> > > > 2) PPP ConfReq sent from the router to my laptop
> > > > 3) PPP ConfAck sent from my laptop to the Router
> > > >
> > > > but when I look at the debug PPP negotiation on the router, all I
see
> is
> > > > that the router keep sending out PPP ConfReq and it's timing out.
It's
> > not
> > > > receiving any of the ConfAck being sent out by my laptop. I don't
have
> > any
> > > > firewall installed on my laptop and I know for a fact that it
worked
> > > talking
> > > > to an NT Server-based PPTP.
> > > >
> > > > I'm really stumped with this problem. Any help would be greatly
> > > appreciated.
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=8476&t=8438
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
