отмена
Отображаются результаты для 
Вместо этого искать 
Вы имели в виду: 
cancel
230
Просмотры
0
Полезный материал
1
Ответы
Anton84
Beginner

cisco pptp перестал поднимать сессию

Добрый день, на cisco 2921 pptp и l2tp сервер с авторизацией по radius.

l2tp работает, а pptp с недавнего времени перестал

228693: Apr 22 12:13:37.955 SMR: PPP: Alloc Context [21ABE58C]
228694: Apr 22 12:13:37.955 SMR: ppp754 PPP: Phase is ESTABLISHING
228695: Apr 22 12:13:37.955 SMR: ppp754 PPP: Using AAA Unique Id = 375E
228696: Apr 22 12:13:37.955 SMR: ppp754 PPP: Authorization required
228697: Apr 22 12:13:37.955 SMR: ppp754 PPP: Using vpn set call direction
228698: Apr 22 12:13:37.955 SMR: ppp754 PPP: Treating connection as a callin
228699: Apr 22 12:13:37.955 SMR: ppp754 PPP: Session handle[8B000059] Session id[754]
228700: Apr 22 12:13:37.955 SMR: ppp754 PPP LCP: negotiation authorized = 1, tacacs author = 0
228701: Apr 22 12:13:37.955 SMR: ppp754 LCP: Event[OPEN] State[Initial to Starting]
228702: Apr 22 12:13:37.955 SMR: ppp754 PPP LCP: Enter passive mode, state[Stopped]
228703: Apr 22 12:13:38.095 SMR: ppp754 LCP: I CONFREQ [Stopped] id 1 len 24
228704: Apr 22 12:13:38.095 SMR: ppp754 LCP: MRU 1400 (0x01040578)
228705: Apr 22 12:13:38.095 SMR: ppp754 LCP: ACCM 0x00000000 (0x020600000000)
228706: Apr 22 12:13:38.095 SMR: ppp754 LCP: MagicNumber 0x00B82CDB (0x050600B82CDB)
228707: Apr 22 12:13:38.095 SMR: ppp754 LCP: PFC (0x0702)
228708: Apr 22 12:13:38.095 SMR: ppp754 LCP: ACFC (0x0802)
228709: Apr 22 12:13:38.095 SMR: ppp754 PPP LCP: neg is authorized, processing incoming CONFREQ
228710: Apr 22 12:13:38.095 SMR: ppp754 LCP: O CONFREQ [Stopped] id 1 len 19
228711: Apr 22 12:13:38.095 SMR: ppp754 LCP: MRU 1464 (0x010405B8)
228712: Apr 22 12:13:38.095 SMR: ppp754 LCP: AuthProto MS-CHAP-V2 (0x0305C22381)
228713: Apr 22 12:13:38.095 SMR: ppp754 LCP: MagicNumber 0xAFB091A4 (0x0506AFB091A4)
228714: Apr 22 12:13:38.099 SMR: ppp754 LCP: O CONFNAK [Stopped] id 1 len 8
228715: Apr 22 12:13:38.099 SMR: ppp754 LCP: MRU 1464 (0x010405B8)
228716: Apr 22 12:13:38.099 SMR: ppp754 LCP: Event[Receive ConfReq-] State[Stopped to REQsent]
228717: Apr 22 12:13:40.091 SMR: ppp754 LCP: O CONFREQ [REQsent] id 2 len 19
228718: Apr 22 12:13:40.091 SMR: ppp754 LCP: MRU 1464 (0x010405B8)
228719: Apr 22 12:13:40.091 SMR: ppp754 LCP: AuthProto MS-CHAP-V2 (0x0305C22381)
228720: Apr 22 12:13:40.091 SMR: ppp754 LCP: MagicNumber 0xAFB091A4 (0x0506AFB091A4)
228721: Apr 22 12:13:40.091 SMR: ppp754 LCP: Event[Timeout+] State[REQsent to REQsent]
228722: Apr 22 12:13:41.095 SMR: ppp754 LCP: I CONFREQ [REQsent] id 1 len 24
228723: Apr 22 12:13:41.095 SMR: ppp754 LCP: MRU 1400 (0x01040578)
228724: Apr 22 12:13:41.095 SMR: ppp754 LCP: ACCM 0x00000000 (0x020600000000)
228725: Apr 22 12:13:41.095 SMR: ppp754 LCP: MagicNumber 0x00B82CDB (0x050600B82CDB)
228726: Apr 22 12:13:41.095 SMR: ppp754 LCP: PFC (0x0702)
228727: Apr 22 12:13:41.095 SMR: ppp754 LCP: ACFC (0x0802)
228728: Apr 22 12:13:41.095 SMR: ppp754 PPP LCP: neg is authorized, processing incoming CONFREQ
228729: Apr 22 12:13:41.095 SMR: ppp754 LCP: O CONFNAK [REQsent] id 1 len 8
228730: Apr 22 12:13:41.095 SMR: ppp754 LCP: MRU 1464 (0x010405B8)
228731: Apr 22 12:13:41.095 SMR: ppp754 LCP: Event[Receive ConfReq-] State[REQsent to REQsent]
228732: Apr 22 12:13:42.107 SMR: ppp754 LCP: O CONFREQ [REQsent] id 3 len 19
228733: Apr 22 12:13:42.107 SMR: ppp754 LCP: MRU 1464 (0x010405B8)
228734: Apr 22 12:13:42.107 SMR: ppp754 LCP: AuthProto MS-CHAP-V2 (0x0305C22381)
228735: Apr 22 12:13:42.107 SMR: ppp754 LCP: MagicNumber 0xAFB091A4 (0x0506AFB091A4)
228736: Apr 22 12:13:42.107 SMR: ppp754 LCP: Event[Timeout+] State[REQsent to REQsent]
228737: Apr 22 12:13:44.095 SMR: ppp754 LCP: I CONFREQ [REQsent] id 1 len 24
228738: Apr 22 12:13:44.095 SMR: ppp754 LCP: MRU 1400 (0x01040578)
228739: Apr 22 12:13:44.095 SMR: ppp754 LCP: ACCM 0x00000000 (0x020600000000)
228740: Apr 22 12:13:44.095 SMR: ppp754 LCP: MagicNumber 0x00B82CDB (0x050600B82CDB)
228741: Apr 22 12:13:44.095 SMR: ppp754 LCP: PFC (0x0702)
228742: Apr 22 12:13:44.095 SMR: ppp754 LCP: ACFC (0x0802)
228743: Apr 22 12:13:44.095 SMR: ppp754 PPP LCP: neg is authorized, processing incoming CONFREQ
228744: Apr 22 12:13:44.095 SMR: ppp754 LCP: O CONFNAK [REQsent] id 1 len 8
228745: Apr 22 12:13:44.095 SMR: ppp754 LCP: MRU 1464 (0x010405B8)
228746: Apr 22 12:13:44.095 SMR: ppp754 LCP: Event[Receive ConfReq-] State[REQsent to REQsent]
228747: Apr 22 12:13:44.123 SMR: ppp754 LCP: O CONFREQ [REQsent] id 4 len 19
228748: Apr 22 12:13:44.123 SMR: ppp754 LCP: MRU 1464 (0x010405B8)
228749: Apr 22 12:13:44.123 SMR: ppp754 LCP: AuthProto MS-CHAP-V2 (0x0305C22381)
228750: Apr 22 12:13:44.123 SMR: ppp754 LCP: MagicNumber 0xAFB091A4 (0x0506AFB091A4)
228751: Apr 22 12:13:44.123 SMR: ppp754 LCP: Event[Timeout+] State[REQsent to REQsent]
228752: Apr 22 12:13:46.139 SMR: ppp754 LCP: O CONFREQ [REQsent] id 5 len 19
228753: Apr 22 12:13:46.139 SMR: ppp754 LCP: MRU 1464 (0x010405B8)
228754: Apr 22 12:13:46.139 SMR: ppp754 LCP: AuthProto MS-CHAP-V2 (0x0305C22381)
228755: Apr 22 12:13:46.139 SMR: ppp754 LCP: MagicNumber 0xAFB091A4 (0x0506AFB091A4)
228756: Apr 22 12:13:46.139 SMR: ppp754 LCP: Event[Timeout+] State[REQsent to REQsent]
228757: Apr 22 12:13:47.087 SMR: ppp754 LCP: I CONFREQ [REQsent] id 1 len 24
228758: Apr 22 12:13:47.087 SMR: ppp754 LCP: MRU 1400 (0x01040578)
228759: Apr 22 12:13:47.087 SMR: ppp754 LCP: ACCM 0x00000000 (0x020600000000)
228760: Apr 22 12:13:47.087 SMR: ppp754 LCP: MagicNumber 0x00B82CDB (0x050600B82CDB)
228761: Apr 22 12:13:47.087 SMR: ppp754 LCP: PFC (0x0702)
228762: Apr 22 12:13:47.087 SMR: ppp754 LCP: ACFC (0x0802)
228763: Apr 22 12:13:47.087 SMR: ppp754 PPP LCP: neg is authorized, processing incoming CONFREQ
228764: Apr 22 12:13:47.087 SMR: ppp754 LCP: O CONFNAK [REQsent] id 1 len 8
228765: Apr 22 12:13:47.087 SMR: ppp754 LCP: MRU 1464 (0x010405B8)
228766: Apr 22 12:13:47.087 SMR: ppp754 LCP: Event[Receive ConfReq-] State[REQsent to REQsent]
228767: Apr 22 12:13:48.155 SMR: ppp754 LCP: O CONFREQ [REQsent] id 6 len 19
228768: Apr 22 12:13:48.155 SMR: ppp754 LCP: MRU 1464 (0x010405B8)
228769: Apr 22 12:13:48.155 SMR: ppp754 LCP: AuthProto MS-CHAP-V2 (0x0305C22381)
228770: Apr 22 12:13:48.155 SMR: ppp754 LCP: MagicNumber 0xAFB091A4 (0x0506AFB091A4)
228771: Apr 22 12:13:48.155 SMR: ppp754 LCP: Event[Timeout+] State[REQsent to REQsent]
228772: Apr 22 12:13:50.107 SMR: ppp754 LCP: I CONFREQ [REQsent] id 1 len 24
228773: Apr 22 12:13:50.107 SMR: ppp754 LCP: MRU 1400 (0x01040578)
228774: Apr 22 12:13:50.107 SMR: ppp754 LCP: ACCM 0x00000000 (0x020600000000)
228775: Apr 22 12:13:50.107 SMR: ppp754 LCP: MagicNumber 0x00B82CDB (0x050600B82CDB)
228776: Apr 22 12:13:50.107 SMR: ppp754 LCP: PFC (0x0702)
228777: Apr 22 12:13:50.107 SMR: ppp754 LCP: ACFC (0x0802)
228778: Apr 22 12:13:50.107 SMR: ppp754 PPP LCP: neg is authorized, processing incoming CONFREQ
228779: Apr 22 12:13:50.107 SMR: ppp754 LCP: O CONFNAK [REQsent] id 1 len 8
228780: Apr 22 12:13:50.107 SMR: ppp754 LCP: MRU 1464 (0x010405B8)
228781: Apr 22 12:13:50.107 SMR: ppp754 LCP: Event[Receive ConfReq-] State[REQsent to REQsent]
228782: Apr 22 12:13:50.171 SMR: ppp754 LCP: O CONFREQ [REQsent] id 7 len 19
228783: Apr 22 12:13:50.171 SMR: ppp754 LCP: MRU 1464 (0x010405B8)
228784: Apr 22 12:13:50.171 SMR: ppp754 LCP: AuthProto MS-CHAP-V2 (0x0305C22381)
228785: Apr 22 12:13:50.171 SMR: ppp754 LCP: MagicNumber 0xAFB091A4 (0x0506AFB091A4)
228786: Apr 22 12:13:50.171 SMR: ppp754 LCP: Event[Timeout+] State[REQsent to REQsent]
228787: Apr 22 12:13:52.187 SMR: ppp754 LCP: O CONFREQ [REQsent] id 8 len 19
228788: Apr 22 12:13:52.187 SMR: ppp754 LCP: MRU 1464 (0x010405B8)
228789: Apr 22 12:13:52.187 SMR: ppp754 LCP: AuthProto MS-CHAP-V2 (0x0305C22381)
228790: Apr 22 12:13:52.187 SMR: ppp754 LCP: MagicNumber 0xAFB091A4 (0x0506AFB091A4)
228791: Apr 22 12:13:52.187 SMR: ppp754 LCP: Event[Timeout+] State[REQsent to REQsent]
228792: Apr 22 12:13:53.099 SMR: ppp754 LCP: I CONFREQ [REQsent] id 1 len 24
228793: Apr 22 12:13:53.099 SMR: ppp754 LCP: MRU 1400 (0x01040578)
228794: Apr 22 12:13:53.099 SMR: ppp754 LCP: ACCM 0x00000000 (0x020600000000)
228795: Apr 22 12:13:53.099 SMR: ppp754 LCP: MagicNumber 0x00B82CDB (0x050600B82CDB)
228796: Apr 22 12:13:53.099 SMR: ppp754 LCP: PFC (0x0702)
228797: Apr 22 12:13:53.099 SMR: ppp754 LCP: ACFC (0x0802)
228798: Apr 22 12:13:53.099 SMR: ppp754 PPP LCP: neg is authorized, processing incoming CONFREQ
228799: Apr 22 12:13:53.099 SMR: ppp754 LCP: Sent too many CONFNAKs. Switch to CONFREJ
228800: Apr 22 12:13:53.099 SMR: ppp754 LCP: O CONFREJ [REQsent] id 1 len 8
228801: Apr 22 12:13:53.099 SMR: ppp754 LCP: MRU 1400 (0x01040578)
228802: Apr 22 12:13:53.099 SMR: ppp754 LCP: Event[Receive ConfReq-] State[REQsent to REQsent]
228803: Apr 22 12:13:54.203 SMR: ppp754 LCP: O CONFREQ [REQsent] id 9 len 19
228804: Apr 22 12:13:54.203 SMR: ppp754 LCP: MRU 1464 (0x010405B8)
228805: Apr 22 12:13:54.203 SMR: ppp754 LCP: AuthProto MS-CHAP-V2 (0x0305C22381)
228806: Apr 22 12:13:54.203 SMR: ppp754 LCP: MagicNumber 0xAFB091A4 (0x0506AFB091A4)
228807: Apr 22 12:13:54.203 SMR: ppp754 LCP: Event[Timeout+] State[REQsent to REQsent]
228808: Apr 22 12:13:56.103 SMR: ppp754 LCP: I CONFREQ [REQsent] id 1 len 24
228809: Apr 22 12:13:56.103 SMR: ppp754 LCP: MRU 1400 (0x01040578)
228810: Apr 22 12:13:56.103 SMR: ppp754 LCP: ACCM 0x00000000 (0x020600000000)
228811: Apr 22 12:13:56.103 SMR: ppp754 LCP: MagicNumber 0x00B82CDB (0x050600B82CDB)
228812: Apr 22 12:13:56.103 SMR: ppp754 LCP: PFC (0x0702)
228813: Apr 22 12:13:56.103 SMR: ppp754 LCP: ACFC (0x0802)
228814: Apr 22 12:13:56.103 SMR: ppp754 PPP LCP: neg is authorized, processing incoming CONFREQ
228815: Apr 22 12:13:56.103 SMR: ppp754 LCP: Sent too many CONFNAKs. Switch to CONFREJ
228816: Apr 22 12:13:56.103 SMR: ppp754 LCP: O CONFREJ [REQsent] id 1 len 8
228817: Apr 22 12:13:56.103 SMR: ppp754 LCP: MRU 1400 (0x01040578)
228818: Apr 22 12:13:56.103 SMR: ppp754 LCP: Event[Receive ConfReq-] State[REQsent to REQsent]
228819: Apr 22 12:13:56.219 SMR: ppp754 LCP: O CONFREQ [REQsent] id 10 len 19
228820: Apr 22 12:13:56.219 SMR: ppp754 LCP: MRU 1464 (0x010405B8)
228821: Apr 22 12:13:56.219 SMR: ppp754 LCP: AuthProto MS-CHAP-V2 (0x0305C22381)
228822: Apr 22 12:13:56.219 SMR: ppp754 LCP: MagicNumber 0xAFB091A4 (0x0506AFB091A4)
228823: Apr 22 12:13:56.219 SMR: ppp754 LCP: Event[Timeout+] State[REQsent to REQsent]
228824: Apr 22 12:13:58.235 SMR: ppp754 PPP DISC: LCP failed to negotiate
228825: Apr 22 12:13:58.235 SMR: ppp754 PPP: Sending Acct Event[Down] id[375E]
228826: Apr 22 12:13:58.235 SMR: PPP: NET STOP send to AAA.
228827: Apr 22 12:13:58.235 SMR: ppp754 LCP: Event[Timeout-] State[REQsent to Stopped]
228828: Apr 22 12:13:58.235 SMR: ppp754 LCP: Event[DOWN] State[Stopped to Starting]
228829: Apr 22 12:13:58.235 SMR: ppp754 PPP: Clearing AAA Unique Id = 375E
228830: Apr 22 12:13:58.235 SMR: ppp754 PPP: Phase is DOWN

 

 

Настройка pptp:

!
aaa group server radius server1
server-private 192.168.1.3 auth-port 1812 acct-port 1813 key 7 XXXXXXXXX
!
aaa group server radius cdr-logs-from-cme
server-private 192.168.1.200 auth-port 1812 acct-port 1813 key 7 XXXXXXXXX

 

aaa accounting network VPN-USERS start-stop group cdr-logs-from-cme

aaa authentication ppp default group server1 local

 

vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
pptp tunnel echo 10
ip pmtu
ip mtu adjust

 

interface Virtual-Template1
ip unnumbered GigabitEthernet0/1
autodetect encapsulation ppp
peer default ip address dhcp-pool dialin3
no keepalive
ppp encrypt mppe auto
ppp authentication ms-chap-v2
ppp accounting VPN-USERS
ppp ipcp dns 192.168.1.3
ppp ipcp username unique
ppp timeout idle 7200

 

 

пока не ясно, почему не могут стороны договориться, кто-нибудь сталкивался?

1 УТВЕРЖДЕННОЕ РЕШЕНИЕ

Утвержденные решения
Leonid Voronkin
VIP Collaborator

Чудес не бывает. Значит произошли какие-то изменения. Может клиенты обновились, или сам роутер.

У вас видите маршрутизатор отправляет CONFNAK. Это значит что все параметры LCP распознаны, но значения некоторых параметров неприемлемы. Это сообщение включает параметры, вызывающие нарушение, и их допустимые значения. Но со стороны клиента на них как-то особо не реагируют.

Не исключу что у вас провайдер, к которому подключена cisco 2921, режет PPP, поэтому CONFNAK до клиентов не долетает.

________________________________________________________
Если ответ понравился, ставь звёздочку. Если ответ помог решить твою проблему, утверди его в качестве решения

Просмотреть решение в исходном сообщении

1 ОТВЕТ 1
Leonid Voronkin
VIP Collaborator

Чудес не бывает. Значит произошли какие-то изменения. Может клиенты обновились, или сам роутер.

У вас видите маршрутизатор отправляет CONFNAK. Это значит что все параметры LCP распознаны, но значения некоторых параметров неприемлемы. Это сообщение включает параметры, вызывающие нарушение, и их допустимые значения. Но со стороны клиента на них как-то особо не реагируют.

Не исключу что у вас провайдер, к которому подключена cisco 2921, режет PPP, поэтому CONFNAK до клиентов не долетает.

________________________________________________________
Если ответ понравился, ставь звёздочку. Если ответ помог решить твою проблему, утверди его в качестве решения

Просмотреть решение в исходном сообщении

Не удалось отобразить этот виджет.