Prev: FLASH Write Error #5 on Aironet 350
Next: Client 4.7 installation error with DNE
From: Dan Lanciani on 22 Nov 2006 03:28
In article <t6Cdneqr67M82_7YRVnysw(a)kpnqwest.it>, admin(a)NOSPAMspadhausen.com (E. S.) writes:
| I will try your infos when I got the correct logins for the PPTP link.
|
|
| Another question:
|
| My PPTP accentrator I need to connect has a pool of IP Address (a
| roundrobin).
|
| Can I put hostnames in the Config files, so the C1721 can resolve it time by
| time ?

I don't think so, but in theory you can have multiple IP addresses for
the vpdn group's "initiate-to ip" statement. I've not had much luck
with such configurations--possibly because it doesn't fail over for
the particular failures that I was interested in. :)

Dan Lanciani
ddl(a)danlan.*com
From: E. S. on 24 Nov 2006 22:21
> This question comes up from time to time and the usual answer is "no";
> however, most versions of IOS >= 12.2 do support it if "service internal"
> is enabled. You will notice that with "service internal" request-dialin
> vpdn groups allow rotary-group and pool-member commands. Here is a
> sample configuration for a PPTP client:
>
> service internal
> !
> no ip gratuitous-arps ! recommended
> !
> ip multicast-routing
> !
> vpdn enable
> !
> vpdn-group 1
> request-dialin
> protocol pptp
> rotary-group 0
> initiate-to ip 1.1.1.1 ! target PPTP server address
>
> interface Dialer0
> mtu 1450 ! allows for mppe and one PPPoE layer just in case
> ip address 2.2.2.2 255.255.255.252
> ip pim dense-mode
> encapsulation ppp
> dialer in-band
> dialer idle-timeout 0
> dialer string 123 ! required, but value seems to be ignored
> dialer vpdn
> dialer-group 1
> no cdp enable
> ppp pfc local request
> ppp pfc remote apply
> ppp encrypt mppe auto
> ppp chap hostname vpnuser
> ppp chap password 0 vpnpassword
> !
> dialer-list 1 protocol ip permit
>
> Several notes:
>
> -Pim is there merely to provide a source of activity to force the dialer
> to connect without requiring you to point any routes at the interface.
> This is useful since dialer interfaces are always "up" in some sense and
> you can achieve better control of fallbacks by routing to the specific
> /32 that will be installed when ipcp is up.
>
> -Mppe requires (well, at least if you don't want to involve authentication
> servers) that a version of MSCHAP be used to authenticate the ppp
> connection.
> Cisco has supported MSCHAPv1 for a while, but v2 support is somewhat
> newer.
> Either is fine as far as mppe is concerned, but you can get into
> situations
> where no MSCHAP is used even though both ends support a common version.
> For
> example, the if the server proposes the use of MSCHAPv2 and the Cisco does
> not support v2 it will NAK to normal CHAP. If the server agrees then the
> connection will come up but there will be no encryption. I think you will
> be fine with IOS 12.4, but for others this can be a problem that requires
> some tweaking.
>
> -Many PPTP servers expect to assign the client's IP address. Modify the


I tried your config
replacing the initiate to with the ip address and the username and the
password
all seem ok, except that the dial interface wont dial.

it is up but with no ip address, i dont see in the log that the cisco is
calling the pptp server.

can u help me?


From: E. S. on 24 Nov 2006 23:08
Update :)

I managed to let the router connect to the PPTP accentrator, it receive an
ip address (i can ping it from outside).

I am not able to let the lan client to go outside via the dial0 interface.

if i route everything ip route 0.0.0.0 0.0.0.0 dial0 all stop working.

can you help me?


From: E. S. on 24 Nov 2006 23:38
IT WORKED.

The only problem wich lasts now is that the connection stays up and then
drops every minute or two.

How can I configure the vpn to keepalive, or to stay connected all the time?
I tried with no shutdown but It doesnt work.



From: Dan Lanciani on 25 Nov 2006 04:36
In article <MYidnQsPj5ZcU_rYnZ2dnUVZ8qSdnZ2d(a)kpnqwest.it>, admin(a)NOSPAMspadhausen.com (E. S.) writes:

| IT WORKED.

What did you change to fix the previous two problems you posted about?

| The only problem wich lasts now is that the connection stays up and then
| drops every minute or two.

Are you sure that it is working correctly when it is up? That kind of
cycling is a typical symptom of the routing loop issue I mentioned.

| How can I configure the vpn to keepalive, or to stay connected all the time?
| I tried with no shutdown but It doesnt work.

Keepalive (in the sense of LCP echo) is on by default. You need to turn
on debugging to see exactly why the connection is being shut down. Try
"debug ppp negotiation" and "debug ppp errors" for a start.

Dan Lanciani
ddl(a)danlan.*com
 |  Next  |  Last
Pages: 1 2 3 4 5
Prev: FLASH Write Error #5 on Aironet 350
Next: Client 4.7 installation error with DNE