IAS authentication using PPTP

donlon · ‎02-19-2004

Has anyone had success in getting a PPTP VPN user to authenticate against either win2k or win2003 IAS ?

I spent hours today doing just that. IPSEC/VPN client/XAUTH authentication easily worked on both OS versions, but no matter how I adjusted configurations I couldn't get PPTP to work against IAS.

PPTP did work fine when authenticating to the PIX's local user accounts. I followed Cisco's configs for RADIUS/PPTP. Still,IAS logging didn't even show the PPTP authentication attempts (however IPSEC logons attempts logged every time).

I'm using 6.3 code.

Please let me know if it's ever worked for you.

Don

nikhil_m · ‎02-25-2004

But, in the first place, I wonder if PPTP agains IAS?

bob.forster · ‎03-09-2004

Don,

It works if you turn 'require encryption' off on the

W2K/XP Dial PPTP Client.

It will NOT work with this turned on. MPPE is an issue between the IOS and W2K IAS.

aaa new-model

!

aaa authentication login default group radius local

aaa authentication login console line

aaa authentication login vty local

aaa authentication ppp default group radius local

aaa authorization network default group radius local

!

vpdn enable

!

vpdn-group pptp

! Default L2TP VPDN group

! Default PPTP VPDN group

accept-dialin

protocol any

virtual-template 1

session-limit 20

!

interface Virtual-Template1

description USER VPN INTERFACE

ip unnumbered FastEthernet0/0

peer default ip address pool vpn-pool

ppp authentication ms-chap-v2

* IAS only allows MS-CHAP-V2

Hope this helps,

Bob

(I fought with this for 2 days!!)

bob.forster · ‎03-15-2004

IOS Issue for MPPE.

MPPE will work with newer (12.3.x) IOS.(26xx)

Issue shown in CSCdv50861.

Bob