hi everyone.

im doing a cisco 1720 site to site vpn using 3 des

i am unable to get to pipex site and am being blocked for some reason.

within the config you will see three usernames

the pipex is the one id like to connect to. the other two are made up based upon the authentication problems im receiving. i tried to put a user in to try and get through.

in the interface dialer0 i put no ip access-group 150 in and then seemed to get challenge and response (part 3) but no success although this is not the id i wish to use. i run a dsl modem at home and have tried to connect from site using this and the pipex log in details and had no problems getting authenticated and int access.

please help

00:51:33: Vi1 CHAP: Unable to authenticate for peer

00:51:37: Vi1 CHAP: O CHALLENGE id 3 len 29 from "hertford"

00:51:37: Vi1 CHAP: I CHALLENGE id 119 len 39 from "sms1.dsl.pipex.net"

00:51:37: Vi1 CHAP: Username sms1.dsl.pipex.net not found

00:51:37: Vi1 CHAP: Unable to authenticate for peer

00:51:41: Vi1 CHAP: O CHALLENGE id 4 len 29 from "hertford"

00:51:41: Vi1 CHAP: I CHALLENGE id 120 len 39 from "sms1.dsl.pipex.net"

00:51:41: Vi1 CHAP: Username sms1.dsl.pipex.net not found

00:51:41: Vi1 CHAP: Unable to authenticate for peer

00:51:45: Vi1 CHAP: O CHALLENGE id 5 len 29 from "hertford"

00:51:45: Vi1 CHAP: I CHALLENGE id 121 len 39 from "sms1.dsl.pipex.net"

00:51:45: Vi1 CHAP: Username sms1.dsl.pipex.net not found

00:51:45: Vi1 CHAP: Unable to authenticate for peer

00:51:49: Vi1 CHAP: O CHALLENGE id 6 len 29 from "hertford"

00:51:49: Vi1 CHAP: I CHALLENGE id 122 len 39 from "sms1.dsl.pipex.net"

00:51:49: Vi1 CHAP: Username sms1.dsl.pipex.net not found

00:51:49: Vi1 CHAP: Unable to authenticate for peer

00:51:53: Vi1 CHAP: O CHALLENGE id 7 len 29 from "hertford"

00:51:53: Vi1 CHAP: I CHALLENGE id 123 len 39 from "sms1.dsl.pipex.net"

00:51:53: Vi1 CHAP: Username sms1.dsl.pipex.net not found

00:51:53: Vi1 CHAP: Unable to authenticate for peer

Current configuration : 2576 bytes

!

version 12.1

no service single-slot-reload-enable

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname hertford

!

logging rate-limit console 10 except errors

enable secret 5 $1$d6OJ$JU.yzY/g6lGebq0i.gD5H0

!

username ******@xtreme.pipex.net password 7 0200014F020F172456

username sms1.dsl.pipex.net password 7 0115031052021E0A3B

username RASB4NRP3.Ealing password 7 07092458470001000D

memory-size iomem 25

ip subnet-zero

no ip source-route

!

!

no ip finger

ip dhcp excluded-address 192.168.1.2

ip dhcp excluded-address 192.168.1.1

ip dhcp excluded-address 192.168.1.254

ip dhcp excluded-address 192.168.1.3

ip dhcp excluded-address 192.168.1.4

ip dhcp excluded-address 192.168.1.5

ip dhcp excluded-address 192.168.1.6

ip dhcp excluded-address 192.168.1.7

ip dhcp excluded-address 192.168.1.8

ip dhcp excluded-address 192.168.1.9

!

ip dhcp pool hertford

network 192.168.1.0 255.255.255.0

dns-server 158.43.240.4 158.43.240.3

default-router 192.168.1.254

!

no ip dhcp-client network-discovery

!

!

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

crypto isakmp key ********** address 52.168.35.118

!

!

crypto ipsec transform-set strong esp-3des esp-sha-hmac

!

crypto map vpn 10 ipsec-isakmp

set peer 52.168.35.118

set transform-set strong

match address 101

!

!

!

!

interface ATM0

no ip address

ip nat outside

atm vc-per-vp 256

no atm ilmi-keepalive

pvc 0/38

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

dsl operating-mode auto

no fair-queue

crypto map vpn

!

interface FastEthernet0

ip address 192.168.1.254 255.255.255.0

ip nat inside

speed auto

no cdp enable

!

interface Dialer0

ip address 52.168.35.126 255.255.255.248

ip access-group 150 in

ip nat outside

encapsulation ppp

dialer pool 1

no cdp enable

ppp authentication chap

crypto map vpn

!

ip nat pool vpn 52.168.35.121 52.168.35.121 prefix-length 29

ip nat inside source list 10 pool vpn overload

ip nat inside source static 192.168.1.2 52.168.35.122

ip nat outside source static 52.168.35.122 192.168.1.2

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer0

no ip http server

!

access-list 10 deny 192.168.1.2

access-list 10 permit 192.168.1.0 0.0.0.255

access-list 101 permit ip host 52.168.35.122 host 52.168.35.113

access-list 150 permit ip 52.168.35.112 0.0.0.7 52.168.35.120 0.0.0.7

access-list 150 permit tcp any any established

no cdp run

!

!

!

line con 0

password 7 045219561E34495A01

login

transport input none

line aux 0

password 7 020F160B1A130A3544

login

line vty 0 4

login

!

end

--------------------------------------------------------------------------------

Part: 3

05:53:40: Vi1 CHAP: O CHALLENGE id 45 len 29 from "hertford"

05:53:40: Vi1 CHAP: I CHALLENGE id 150 len 37 from "RASB4NRP3.Ealing"

05:53:40: Vi1 CHAP: O RESPONSE id 150 len 29 from "hertford"

05:53:42: Vi1 CHAP: O CHALLENGE id 46 len 29 from "hertford"

05:53:42: Vi1 CHAP: I CHALLENGE id 151 len 37 from "RASB4NRP3.Ealing"

05:53:42: Vi1 CHAP: O RESPONSE id 151 len 29 from "hertford"

05:53:44: Vi1 CHAP: O CHALLENGE id 47 len 29 from "hertford"

05:53:44: Vi1 CHAP: I CHALLENGE id 152 len 37 from "RASB4NRP3.Ealing"

05:53:44: Vi1 CHAP: O RESPONSE id 152 len 29 from "hertford"no debug

05:53:46: Vi1 CHAP: O CHALLENGE id 48 len 29 from "hertford"

05:53:46: Vi1 CHAP: I CHALLENGE id 153 len 37 from "RASB4NRP3.Ealing"

05:53:46: Vi1 CHAP: O RESPONSE id 153 len 29 from "hertford"all

All possible debugging has been turned off

hertford#

05:53:48: Vi1 CHAP: O CHALLENGE id 49 len 29 from "hertford"

05:53:48: Vi1 CHAP: I CHALLENGE id 154 len 37 from "RASB4NRP3.Ealing"

05:53:48: Vi1 CHAP: O RESPONSE id 154 len 29 from "hertford"

hertford#ping 80.193.223.56

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 80.193.223.56, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

hertford#