Хочу настроить cisco 1751 на "приземление" pptpных клиентов (windows 2000). Если использую ms-chap для аутентификации, то все работает как из пушки. Как только говорю использовать только ms-chap v2 - не коннектится. Может кто сталкивался с проблемой. Аутентификация через microsoft IAS.
http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/produ...
В дополнение кусок дебага
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2004.01.11 12:03:17 =~=~=~=~=~=~=~=~=~=~=~=Jan 11 08:53:00.175: AAA/BIND(0000008D): Bind i/f
Jan 11 08:53:00.175: AAA/BIND(0000008D): Bind i/f Virtual-Template1
Jan 11 08:53:00.179: ppp62 PPP: Using vpn set call direction
Jan 11 08:53:00.179: ppp62 PPP: Treating connection as a callin
Jan 11 08:53:00.179: ppp62 PPP: Phase is ESTABLISHING, Passive Open
Jan 11 08:53:00.179: ppp62 LCP: State is Listen
Jan 11 08:53:00.407: ppp62 LCP: I CONFREQ [Listen] id 0 len 44
Jan 11 08:53:00.411: ppp62 LCP: MagicNumber 0x7F450F1A (0x05067F450F1A)
Jan 11 08:53:00.411: ppp62 LCP: PFC (0x0702)
Jan 11 08:53:00.411: ppp62 LCP: ACFC (0x0802)
Jan 11 08:53:00.411: ppp62 LCP: Callback 6 (0x0D0306)
Jan 11 08:53:00.411: ppp62 LCP: MRRU 1614 (0x1104064E)
Jan 11 08:53:00.411: ppp62 LCP: EndpointDisc 1 Local
Jan 11 08:53:00.411: ppp62 LCP: (0x131701CF242A952D7C41E0A1D71187FA)
Jan 11 08:53:00.411: ppp62 LCP: (0x5B3AAD0000001F)
Jan 11 08:53:00.411: ppp62 PPP: Authorization required
Jan 11 08:53:00.411: ppp62 LCP: O CONFREQ [Listen] id 1 len 15
Jan 11 08:53:00.415: ppp62 LCP: AuthProto MS-CHAP-V2 (0x0305C22381)
Jan 11 08:53:00.415: ppp62 LCP: MagicNumber 0x42B6E36C (0x050642B6E36C)
Jan 11 08:53:00.415: ppp62 LCP: O CONFREJ [Listen] id 0 len 11
Jan 11 08:53:00.415: ppp62 LCP: Callback 6 (0x0D0306)
Jan 11 08:53:00.415: ppp62 LCP: MRRU 1614 (0x1104064E)
Jan 11 08:53:00.603: ppp62 LCP: I CONFACK [REQsent] id 1 len 15
Jan 11 08:53:00.603: ppp62 LCP: AuthProto MS-CHAP-V2 (0x0305C22381)
Jan 11 08:53:00.607: ppp62 LCP: MagicNumber 0x42B6E36C (0x050642B6E36C)
Jan 11 08:53:00.611: ppp62 LCP: I CONFREQ [ACKrcvd] id 1 len 37
Jan 11 08:53:00.611: ppp62 LCP: MagicNumber 0x7F450F1A (0x05067F450F1A)
Jan 11 08:53:00.611: ppp62 LCP: PFC (0x0702)
Jan 11 08:53:00.611: ppp62 LCP: ACFC (0x0802)
Jan 11 08:53:00.611: ppp62 LCP: EndpointDisc 1 Local
Jan 11 08:53:00.611: ppp62 LCP: (0x131701CF242A952D7C41E0A1D71187FA)
Jan 11 08:53:00.611: ppp62 LCP: (0x5B3AAD0000001F)
Jan 11 08:53:00.615: ppp62 LCP: O CONFACK [ACKrcvd] id 1 len 37
Jan 11 08:53:00.615: ppp62 LCP: MagicNumber 0x7F450F1A (0x05067F450F1A)
Jan 11 08:53:00.615: ppp62 LCP: PFC (0x0702)
Jan 11 08:53:00.615: ppp62 LCP: ACFC (0x0802)
Jan 11 08:53:00.615: ppp62 LCP: EndpointDisc 1 Local
Jan 11 08:53:00.615: ppp62 LCP: (0x131701CF242A952D7C41E0A1D71187FA)
Jan 11 08:53:00.615: ppp62 LCP: (0x5B3AAD0000001F)
Jan 11 08:53:00.615: ppp62 LCP: State is Open
Jan 11 08:53:00.615: ppp62 PPP: Phase is AUTHENTICATING, by this end
Jan 11 08:53:00.619: ppp62 MS-CHAP-V2: O CHALLENGE id 1 len 33 from "nas1"
Jan 11 08:53:00.823: ppp62 LCP: I IDENTIFY [Open] id 2 len 18 magic 0x7F450F1A MSRASV5.00
Jan 11 08:53:00.831: ppp62 LCP: I IDENTIFY [Open] id 3 len 24 magic 0x7F450F1A MSRAS-0-APORTNOV
Jan 11 08:53:00.859: ppp62 MS-CHAP-V2: I RESPONSE id 1 len 69 from "test\test"
Jan 11 08:53:00.859: ppp62 PPP: Phase is FORWARDING, Attempting Forward
Jan 11 08:53:00.859: ppp62 PPP: Phase is AUTHENTICATING, Unauthenticated User
Jan 11 08:53:00.859: AAA/AUTHEN/PPP (0000008D): Pick method list 'auth'
Jan 11 08:53:00.859: ppp62 PPP: Sent MSCHAP_V2 LOGIN Request
Jan 11 08:53:00.887: ppp62 PPP: Received LOGIN Response PASS
Jan 11 08:53:00.891: ppp62 PPP/AAA: Check Attr: Framed-Protocol
Jan 11 08:53:00.891: ppp62 PPP/AAA: Check Attr: service-type
Jan 11 08:53:00.891: ppp62 PPP/AAA: Check Attr: mschap-v2-success
Jan 11 08:53:00.891: ppp62 PPP: Phase is FORWARDING, Attempting Forward
Jan 11 08:53:00.895: Vi2.1 Tnl/Sn 70/63 PPTP: Virtual interface created for unknown, bandwidth 100000 Kbps
Jan 11 08:53:00.895: AAA/BIND(0000008D): Bind i/f Virtual-Access2.1
Jan 11 08:53:00.895: Vi2.1 Tnl/Sn 70/63 PPTP: VPDN session up
Jan 11 08:53:00.899: Vi2.1 PPP: Phase is AUTHENTICATING, Authenticated User
Jan 11 08:53:00.899: Vi2.1 AAA/AUTHOR/LCP: Process Author
Jan 11 08:53:00.899: Vi2.1 MS-CHAP-V2: O SUCCESS id 1 len 46 msg is "S=581319A1ABCDCD57DD4B3B7634889ADD24B6F"
Jan 11 08:53:00.899: Vi2.1 PPP: Phase is UP
Jan 11 08:53:00.899: Vi2.1 AAA/AUTHOR/IPCP: FSM authorization not needed
Jan 11 08:53:00.903: Vi2.1 AAA/AUTHOR/FSM: We can start IPCP
Jan 11 08:53:00.903: Vi2.1 IPCP: O CONFREQ [Closed] id 1 len 10
Jan 11 08:53:00.903: Vi2.1 IPCP: Address 117.10.27.2 (0x0306D9961B02)
Jan 11 08:53:00.903: Vi2.1 PPP: Process pending packets
Jan 11 08:53:01.115: Vi2.1 CCP: I CONFREQ [Not negotiated] id 4 len 10
Jan 11 08:53:01.115: Vi2.1 CCP: MS-PPC supported bits 0x010000E1 (0x1206010000E1)
Jan 11 08:53:01.115: Vi2.1 LCP: O PROTREJ [Open] id 2 len 16 protocol CCP (0x80FD0104000A1206010000E1)
Jan 11 08:53:01.127: Vi2.1 IPCP: I CONFREQ [REQsent] id 5 len 34
Jan 11 08:53:01.127: Vi2.1 IPCP: Address 0.0.0.0 (0x030600000000)
Jan 11 08:53:01.127: Vi2.1 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)
Jan 11 08:53:01.127: Vi2.1 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000)
Jan 11 08:53:01.127: Vi2.1 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)
Jan 11 08:53:01.127: Vi2.1 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000)
Jan 11 08:53:01.127: Vi2.1 AAA/AUTHOR/IPCP: Start. Her address 0.0.0.0, we want 117.10.27.143
Jan 11 08:53:01.131: Vi2.1 AAA/AUTHOR/IPCP: Authorization succeeded
Jan 11 08:53:01.131: Vi2.1 AAA/AUTHOR/IPCP: Done. Her address 0.0.0.0, we want 117.10.27.143
Jan 11 08:53:01.131: Vi2.1 AAA/AUTHOR/IPCP: no author-info for primary dns
Jan 11 08:53:01.131: Vi2.1 AAA/AUTHOR/IPCP: no author-info for primary wins
Jan 11 08:53:01.131: Vi2.1 AAA/AUTHOR/IPCP: no author-info for seconday dns
Jan 11 08:53:01.131: Vi2.1 AAA/AUTHOR/IPCP: no author-info for seconday wins
Jan 11 08:53:01.131: Vi2.1 IPCP: O CONFREJ [REQsent] id 5 len 16
Jan 11 08:53:01.131: Vi2.1 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000)
Jan 11 08:53:01.131: Vi2.1 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000)
Jan 11 08:53:01.135: Vi2.1 IPCP: I CONFACK [REQsent] id 1 len 10
Jan 11 08:53:01.135: Vi2.1 IPCP: Address 117.10.27.2 (0x0306D9961B02)
Jan 11 08:53:01.967: Vi2.1 LCP: I TERMREQ [Open] id 6 len 16 (0x7F450F1A003CCD74000002E6)
Jan 11 08:53:01.971: Vi2.1 LCP: O TERMACK [Open] id 6 len 4
Jan 11 08:53:01.971: Vi2.1 PPP: Sending Acct Event[Down] id[8D]
Jan 11 08:53:01.971: Vi2.1 PPP: Phase is TERMINATING
Jan 11 08:53:02.579: Vi2.1 VPDN: Reseting interface
Jan 11 08:53:02.579: Vi2.1 PPP: Block vaccess from being freed [0x1A]
Jan 11 08:53:02.579: Vi2.1 LCP: State is Closed
Jan 11 08:53:02.583: Vi2.1 PPP: Phase is DOWN
Jan 11 08:53:02.583: Vi2.1 IPCP: State is Closed
Jan 11 08:53:02.583: Vi2.1 PPP: Unlocked by [0x10] Still Locked by [0xA]
Jan 11 08:53:02.583: Vi2.1 PPP: Unlocked by [0x8] Still Locked by [0x2]
Jan 11 08:53:02.583: Vi2.1 PPP: Unlocked by [0x2] Still Locked by [0x0]
Jan 11 08:53:02.583: Vi2.1 PPP: Free previously blocked vaccess
версия ios какая?
>версия ios какая?C1700 Software (C1700-ADVSECURITYK9-M), Version 12.3(2)T3
В итоге копаний удалось запустить следующие комбинации: ms-chap с mppe, ms-chap без mppe, ms-chap-v2 без mppe. Ms-chap-v2 с шифрацией так и не заработал. Может он у cisco принципиально не работает? А то во всех доках по настройке pptp с mppe есть только упоминания pap, chap и ms-chap, а о ms-chap-v2 ни слова.