прошу помощи, бьюсь над проблемой третий день, не могу спать и есть )
Задача в том, что бы поднять на циске 2821 pptp c возможностью подключения встроенным в win впн клиентом через radius работающем на win2003.
т.о. клиенты устанавливая внп соединение попадают в корпоративную сети
На циске для пробы настроил без радиуса(локальные учетки циски), все работает, клиент подключается. Добавляю радиус, как возникает ошибка 734 Протокол управления РРР связью был прерван. Захожу на радиус и вижу лог, того что пользователь вошел удачно и радиус его пустил.
Что самое смешное при этом на той же циске поднят easy vpn server и пользователи с помощью cisco vpn client спокойно подключаются.
Вот значимые куски конфига:
aaa new-model
!
!
aaa group server radius radiusvpn
server 172.22.50.12 auth-port 1645 acct-port 1646
!
aaa authentication login userauthen local group radiusvpn
aaa authentication ppp default group radiusvpn
aaa authorization network default local
aaa authorization network groupauthor local group radiusvpn
!
!
vpdn enable
!
!
vpdn-group 1
! Default L2TP VPDN group
! Default PPTP VPDN group
accept-dialin
protocol any
virtual-template 1
local name pptp_gateway
!
interface GigabitEthernet0/0
ip address 82.x.x.x x.x.x.x
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
crypto ipsec client ezvpn vpnremote inside
!
interface GigabitEthernet0/1
description $ETH-LAN$
ip address 192.y.y.y y.y.y.y
ip route-cache flow
duplex auto
speed auto
pppoe enable group global
!
!
interface Virtual-Template1
ip unnumbered GigabitEthernet0/1
ip access-group 100 in
ip access-group 100 out
ip verify unicast reverse-path
ip virtual-reassembly
autodetect encapsulation ppp
peer default ip address pool superpool
ppp mtu adaptive
ppp encrypt mppe auto
ppp authentication pap chap ms-chap ms-chap-v2 eap
!
лог с цискиSep 4 14:08:22.884: VPDN Vi31 disconnect (L2X) IETF: 9/nas-error Ascend: 66/VPDN Local PPP Disconnect
Sep 4 14:08:22.884: VPDN Vi31 vpdn shutdown session, result=1, error=7, vendor_err=0
Sep 4 14:08:22.884: VPDN Vi31 VPDN/AAA: accounting stop sent
Sep 4 14:08:22.884: VPDN Vi31 Unbinding session from idb
Sep 4 14:08:22.884: Vi31 VPDN: Resetting interface
Sep 4 14:08:22.884: L2TUN APP: uid:384handle/1569150Destroying app session
Sep 4 14:08:22.884: L2TUN APP: uid:384handle/1569150Stopping service selection
Sep 4 14:08:22.884: PPTP 384:1679769:_____: close -> state change estabd to terminal
Sep 4 14:08:22.884: PPTP 384:1679769:_____: Destroying session
Sep 4 14:08:22.884: L2X _____:_____: Cannot remove invalid application context 0x466A6B00 from socket
Sep 4 14:08:22.884: PPTP 384:_____:_____: L2X request teardown data plane
Sep 4 14:08:22.884: L2X _____:_____: PROTO DB: removed session: rIP 172.22.50.60, rSession id 12043 (total 218959117)
Sep 4 14:08:22.884: L2X _____:_____: PROTO DB: removed session with id 405 (total 0)
Sep 4 14:08:22.888: PPTP tnl 1679769:_____: no-sess -> state change estabd to wt-stprp
Sep 4 14:08:22.888: VPDN Received L2TUN socket message <CDN - Session Disconnected>
Sep 4 14:08:22.888: %LINK-3-UPDOWN: Interface Virtual-Access31, changed state to down
Sep 4 14:08:22.888: PPTP tnl 1679769:_____: Recvd session msg 12, tunnel state wt-stprp, ignoredUnexpected event!!! VPDN SW Subblock destroy called
Sep 4 14:08:22.896: PPTP tnl 1679769:_____: Destroy tunnel
Sep 4 14:08:22.896: PPTP _____:_____: No l2x in cc
Sep 4 14:08:22.896: L2X _____:_____: PROTO DB: removed cc with id 411 (total 1)
Sep 4 14:08:22.896: PPTP _____:_____: Invalid session received from SSM
Sep 4 14:08:22.896: PPTP:(Tnl0:Sn405)L2X s/w switching session unprovisioned
Sep 4 14:08:22.896: L2X:Session DB (Tnl/Sn: 0/405): Removed the switching session from the session DB
Sep 4 14:08:22.896: PPTP _____:_____: Cant find tunnel 411 in the DB
Sep 4 14:15:02.013: EZVPN: Static route change notify tableid 0, event DOWN, destination 172.22.25.69, gateway 0.0.0.0, interface Virtual-Access16
Sep 4 14:15:02.013: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access16, changed state to down
Sep 4 14:15:09.249: EZVPN: Static route change notify tableid 0, event DOWN, destination 172.22.25.55, gateway 0.0.0.0, interface Virtual-Access7
Sep 4 14:15:09.249: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access7, changed state to down
Sep 4 14:15:51.302: %SYS-5-CONFIG_I: Configured from console by admin on vty0 (82.198.184.194)
Sep 4 14:16:16.019: PPTP _____:_____: TCP connect reqd from 0.0.0.0:2006
Sep 4 14:16:16.087: L2X _____:_____: PROTO DB: added cc with id 412 (total 2)
Sep 4 14:16:16.087: PPTP tnl 1683866:_____: Tunnel created; peer initiated
Sep 4 14:16:16.115: PPTP tnl 1683866:_____: SCCRQ-ok -> state change wt-sccrq to estabd
Sep 4 14:16:16.195: L2X _____:_____: PROTO DB: added session (cc id 412, sess id 406) (total 1)
Sep 4 14:16:16.195: L2X _____:_____: PROTO DB: added session: rIP 82.198.184.194, rSession id 1024 (total 1)
Sep 4 14:16:16.195: VPDN Received L2TUN socket message <xCRQ - Session Incoming>
Sep 4 14:16:16.195: VPDN Tnl/Sn 412 406 L2TUN socket session accept requested
Sep 4 14:16:16.195: VPDN Tnl/Sn 412 406 Setting up dataplane for L2-L2, no idb
Sep 4 14:16:16.199: PPTP _____:1683866:_____: sss-started -> state change start-sss to estabd
Sep 4 14:16:16.199: VPDN Received L2TUN socket message <xCCN - Session Connected>
Sep 4 14:16:16.203: VPDN uid:385 VPDN session up
Sep 4 14:16:16.203: PPTP _____:_____:_____: L2X session data plane setup successful
Sep 4 14:16:16.203: L2X:Session DB (Tnl/Sn: 0/406): Stored the switching session in the session DB
Sep 4 14:16:16.203: PPTP:(Tnl0:Sn406)Provisioned: idb=none, session_sip=1,idb_switching=0, sw_mode=1
Sep 4 14:16:16.203: PPTP:(Tnl0:Sn406)L2X s/w switching session provisioned
Sep 4 14:16:16.207: VPDN Received L2TUN socket message <Dataplane UP>
Sep 4 14:16:16.683: RADIUS/ENCODE(0000178D):Orig. component type = VPDN
Sep 4 14:16:16.683: RADIUS: AAA Unsupported Attr: interface [157] 15
Sep 4 14:16:16.683: RADIUS: 55 6E 69 71 2D 53 65 73 73 2D 49 44 33 [Uniq-Sess-ID3]
Sep 4 14:16:16.683: RADIUS(0000178D): Config NAS IP: 0.0.0.0
Sep 4 14:16:16.683: RADIUS/ENCODE(0000178D): acct_session_id: 6029
Sep 4 14:16:16.683: RADIUS(0000178D): sending
Sep 4 14:16:16.683: RADIUS/ENCODE: Best Local IP-Address 172.22.25.5 for Radius-Server 172.22.50.12
Sep 4 14:16:16.683: RADIUS(0000178D): Send Access-Request to 172.22.50.12:1645 id 1645/62, len 165
Sep 4 14:16:16.683: RADIUS: authenticator 61 0A 6B 81 27 1E A4 D3 - 13 D1 87 69 91 2B 5A 6D
Sep 4 14:16:16.683: RADIUS: Framed-Protocol [7] 6 PPP [1]
Sep 4 14:16:16.683: RADIUS: User-Name [1] 16 "domen\user"
Sep 4 14:16:16.683: RADIUS: Vendor, Microsoft [26] 24
Sep 4 14:16:16.683: RADIUS: MSCHAP_Challenge [11] 18
Sep 4 14:16:16.683: RADIUS: 61 0A 6B 81 27 1E A4 D3 13 D1 87 69 91 2B 5A 6D [a?k?'??????i?+Zm]
Sep 4 14:16:16.683: RADIUS: Vendor, Microsoft [26] 58
Sep 4 14:16:16.683: RADIUS: MS-CHAP-V2-Response[25] 52 *
Sep 4 14:16:16.683: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
Sep 4 14:16:16.683: RADIUS: NAS-Port [5] 6 385
Sep 4 14:16:16.683: RADIUS: NAS-Port-Id [87] 17 "Uniq-Sess-ID385"
Sep 4 14:16:16.683: RADIUS: Service-Type [6] 6 Framed [2]
Sep 4 14:16:16.683: RADIUS: NAS-IP-Address [4] 6 172.22.25.5
Sep 4 14:16:16.695: RADIUS: Received from id 1645/62 172.22.50.12:1645, Access-Accept, len 213
Sep 4 14:16:16.695: RADIUS: authenticator 96 48 99 23 AE 87 64 4E - CC 18 E8 B4 0B 33 ED 77
Sep 4 14:16:16.695: RADIUS: Framed-Protocol [7] 6 PPP [1]
Sep 4 14:16:16.695: RADIUS: Service-Type [6] 6 Framed [2]
Sep 4 14:16:16.695: RADIUS: Class [25] 32
Sep 4 14:16:16.699: RADIUS: 4C 5B 05 FA 00 00 01 37 00 01 AC 16 32 0C 01 C8 [L[?????7????2???]
Sep 4 14:16:16.699: RADIUS: E3 83 16 F1 CD 01 00 00 00 00 00 07 B0 05 [??????????????]
Sep 4 14:16:16.699: RADIUS: Vendor, Microsoft [26] 42
Sep 4 14:16:16.699: RADIUS: MS-MPPE-Recv-Key [17] 36 *
Sep 4 14:16:16.699: RADIUS: Vendor, Microsoft [26] 42
Sep 4 14:16:16.699: RADIUS: MS-MPPE-Send-Key [16] 36 *
Sep 4 14:16:16.699: RADIUS: Vendor, Microsoft [26] 51
Sep 4 14:16:16.699: RADIUS: MS-CHAP-V2-Success [26] 45 "^AS=5E0A0797DA84107CCDF303C0D653EA078668033D"
Sep 4 14:16:16.699: RADIUS: Vendor, Microsoft [26] 14
Sep 4 14:16:16.699: RADIUS: MS-CHAP-DOMAIN [10] 8 "^Adomen"
Sep 4 14:16:16.699: RADIUS(0000178D): Received from id 1645/62
Sep 4 14:16:16.707: VPDN Vi30 Virtual interface created for unknown, bandwidth 100000 Kbps
Sep 4 14:16:16.707: VPDN Vi30 Setting up dataplane for L2-L3, Vi30
Sep 4 14:16:16.711: %LINK-3-UPDOWN: Interface Virtual-Access30, changed state to up
Sep 4 14:16:16.715: PPTP:(Tnl0:Sn406)L2X s/w switching session updated
Sep 4 14:16:16.715: PPTP:(Tnl0:Sn406)L2X s/w switching session bound
Sep 4 14:16:16.715: PPTP:(Tnl0:Sn406)VPDN L2TP s/w session mode changed to L2_L3
Sep 4 14:16:16.715: PPTP:(Tnl0:Sn406)Updated: idb=Vi30, session_sip=1,idb_switching=1, sw_mode=2
Sep 4 14:16:16.715: PPTP _____:_____: Unexpected Dataplane Up Event
Sep 4 14:16:18.795: VPDN Vi30 disconnect (L2X) IETF: 9/nas-error Ascend: 66/VPDN Local PPP Disconnect
Sep 4 14:16:18.795: VPDN Vi30 vpdn shutdown session, result=1, error=7, vendor_err=0
Sep 4 14:16:18.795: VPDN Vi30 VPDN/AAA: accounting stop sent
Sep 4 14:16:18.799: VPDN Vi30 Unbinding session from idb
Sep 4 14:16:18.799: Vi30 VPDN: Resetting interface
Sep 4 14:16:18.799: L2TUN APP: uid:385handle/1573247Destroying app session
Sep 4 14:16:18.799: L2TUN APP: uid:385handle/1573247Stopping service selection
Sep 4 14:16:18.799: PPTP 385:1683866:_____: close -> state change estabd to terminal
Sep 4 14:16:18.799: PPTP 385:1683866:_____: Destroying session
Sep 4 14:16:18.799: L2X _____:_____: Cannot remove invalid application context 0x466A6B00 from socket
Sep 4 14:16:18.799: PPTP 385:_____:_____: L2X request teardown data plane
Sep 4 14:16:18.799: L2X _____:_____: PROTO DB: removed session: rIP 82.198.184.194, rSession id 1024 (total 218959117)
Sep 4 14:16:18.799: L2X _____:_____: PROTO DB: removed session with id 406 (total 0)
Sep 4 14:16:18.799: PPTP tnl 1683866:_____: no-sess -> state change estabd to wt-stprp
Sep 4 14:16:18.799: PPTP _____:_____: Invalid session received from SSM
Sep 4 14:16:18.803: PPTP:(Tnl0:Sn406)L2X s/w switching session unprovisioned
Sep 4 14:16:18.803: L2X:Session DB (Tnl/Sn: 0/406): Removed the switching session from the session DB
Sep 4 14:16:18.803: VPDN Received L2TUN socket message <CDN - Session Disconnected>
Sep 4 14:16:18.803: %LINK-3-UPDOWN: Interface Virtual-Access30, changed state to down
Sep 4 14:16:18.899: PPTP tnl 1683866:_____: tcp-disc -> state change wt-stprp to terminal
Sep 4 14:16:18.899: PPTP tnl 1683866:_____: Destroy tunnel
Sep 4 14:16:18.899: PPTP _____:_____: No l2x in cc
Sep 4 14:16:18.899: L2X _____:_____: PROTO DB: removed cc with id 412 (total 1)
Sep 4 14:17:12.465: %ALIGN-3-SPURIOUS: Spurious memory access made at 0x4374F1FC reading 0x0
Sep 4 14:17:12.465: %ALIGN-3-TRACE: -Traceback= 0x4374F1FC 0x42A18FCC 0x42A1B4D0 0x42A1B6F4 0x42A1BB1C 0x42BAD63C 0x42BAD944 0x415DECCC
Sep 4 14:17:12.465: %ALIGN-3-TRACE: -Traceback= 0x4374F204 0x42A18FCC 0x42A1B4D0 0x42A1B6F4 0x42A1BB1C 0x42BAD63C 0x42BAD944 0x415DECCC
Sep 4 14:17:12.465: %ALIGN-3-TRACE: -Traceback= 0x4374F1FC 0x42A17B64 0x42A1B108 0x42A1B738 0x42A1BB1C 0x42BAD63C 0x42BAD944 0x415DECCC
Sep 4 14:17:12.465: %ALIGN-3-TRACE: -Traceback= 0x4374F204 0x42A17B64 0x42A1B108 0x42A1B738 0x42A1BB1C 0x42BAD63C 0x42BAD944 0x415DECCC
Sep 4 14:19:31.382: L2X _____:_____: class [l2tp_default_class]
Sep 4 14:19:31.382: L2X _____:_____: Exec locked 0->1
Sep 4 14:19:31.382: L2X _____:_____: class [l2tp_default_class]
Sep 4 14:19:31.382: L2X _____:_____: Exec unlocked 1->0
>[оверквотинг удален]
>Sep 4 14:17:12.465: %ALIGN-3-TRACE: -Traceback= 0x4374F1FC 0x42A17B64 0x42A1B108 0x42A1B738 0x42A1BB1C 0x42BAD63C
>0x42BAD944 0x415DECCC
>Sep 4 14:17:12.465: %ALIGN-3-TRACE: -Traceback= 0x4374F204 0x42A17B64 0x42A1B108 0x42A1B738 0x42A1BB1C 0x42BAD63C
>0x42BAD944 0x415DECCC
>Sep 4 14:19:31.382: L2X
>_____:_____: class [l2tp_default_class]
>Sep 4 14:19:31.382: L2X _____:_____: Exec locked 0->1
>Sep 4 14:19:31.382: L2X
>_____:_____: class [l2tp_default_class]
>Sep 4 14:19:31.382: L2X _____:_____: Exec unlocked 1->0radius работающем на win2003 надо настроить
ищите на цискоком или гуглите что там надо прописать
странно, но люди использующие cisco vpn client нормально работают через радиус...хотя...надо глянуть на циско.ком>[оверквотинг удален]
>>0x42BAD944 0x415DECCC
>>Sep 4 14:19:31.382: L2X
>>_____:_____: class [l2tp_default_class]
>>Sep 4 14:19:31.382: L2X _____:_____: Exec locked 0->1
>>Sep 4 14:19:31.382: L2X
>>_____:_____: class [l2tp_default_class]
>>Sep 4 14:19:31.382: L2X _____:_____: Exec unlocked 1->0
>
>radius работающем на win2003 надо настроить
>ищите на цискоком или гуглите что там надо прописать
>>radius работающем на win2003 надо настроить
>>ищите на цискоком или гуглите что там надо прописатьНастроил согласно http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/produc...
та же проблема, 734 ошибка у клиента при подключении.
>>>radius работающем на win2003 надо настроить
>>>ищите на цискоком или гуглите что там надо прописать
>
>Настроил согласно http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/produc...
>та же проблема, 734 ошибка у клиента при подключении.Аналогично, решили?
Аналогичная проблема, только RADIUS CISCO ACS 4.2
Подскажите, где смотреть.
>Аналогичная проблема, только RADIUS CISCO ACS 4.2
>Подскажите, где смотреть.Поторопился с вопросом.
Ответ нашелся по адресу
http://www.cisco.com/en/US/products/sw/secursw/ps2086/produc...