Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2163
Views
0
Helpful
5
Replies

ASA 5505 - PPPoE error

Velos1987
Level 1
Level 1

‎04-28-2011 01:58 PM - edited ‎03-04-2019 12:13 PM

Hi everybody!

I am using ASA 5505 with firmware 8.2(2).

My ISP uses PPPoE as a WAN connection protocol.

There is a problem with getting PPPoE session started on my ASA 5505.

The debug output says that after negotiation of PPP-authentication protocol ASA receives a PADT packet from ISP’s concentrator. To get more information I captured all packets on outside interface with WireShark. Packet-dumps (in .pcap format) are attached in this post.

I have tried all possible combinations of PAP/CHAP/MSCHAP values in “vpdn group MYGROUP ppp authentication” command. If you take a look at the packet-dumps you can see, that in case of “PAP” – ISP’s concentrator rejects negotiation (PAP is not supported by my ISP). In case of CHAP/MSCHAP (that ARE supported by my ISP) – ASA acknowledges the using of MSCHAP v.2 PPP-auth protocol, which is actually not supported by it…

Judging by MAC-addresses of ISP’s concentrators it is visible that Cisco’s equipment also is used.

The questions is: Why ASA acknowledges using of unsupported ppp-auth protocol during negotiation and what I need to do to resolve this issue? (ISP’s support says, that they cannot change PPP-auth protocol negotiation order. Also they says that I need to contact with manufacturer of my equipment).

Thanks for any help and sorry for my English

Labels:
85592-ASA_PPPoE_MSCHAP.pcap.zip
85594-ASA_PPPoE_PAP.pcap.zip
85595-ASA_pppoe_debug.txt.zip
85593-ASA_PPPoE_CHAP.pcap.zip
0 Helpful
5 Replies 5

Velos1987
Level 1
Level 1

‎05-02-2011 12:36 PM

Upd.: ISP's support gave me some information about their PPPoE concentrators:

Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-ADVENTERPRISEK9-M),  Version 15.0(1)S2, RELEASE SOFTWARE (fc1)

PS: May be this forum - is not the best place to discuss this issue. It is clear, that ASA 5505 has a bug. This bug is in it's PPP-auth neg. phase.. I will be grateful if someone point me the best place to put this post to.

0 Helpful

Velos1987
Level 1
Level 1
In response to Velos1987

‎06-25-2011 01:53 AM

UP...

0 Helpful

dudre345frontru
Level 1
Level 1

‎01-02-2012 08:37 AM

The same problem with ASA 5505, PPPoE doesn't work even in 8.4 version, the same symptoms from previous post.

But PPPoE doesn't work only with ASA, with other equipment (cisco routers, other consumer routers) it works fine.

ASA cannot establish PPPoE session with the provider.

By the way the provider name is NETBYNET. http://www.netbynet.ru/

So you should be careful, if you plan to use ASA 5505 with NETBYNET, as the tech support of the provider says that ASA is unsupported to be used in its network.

It is obviously the ASA bug, because on other equipment it works well.

Is it possible to fix this bug or I only need to use TAC, which is the problem, because I don’t have service contract?

0 Helpful

vladimir.marakshin
Level 1
Level 1
In response to dudre345frontru

‎11-03-2013 05:53 AM

A previous versions working (asa OS) success?

0 Helpful

paolo bevilacqua
Hall of Fame
Hall of Fame

‎11-03-2013 05:54 AM

Wrong forum, post in "Security - firewalling-". You can move your posting with the Actions panel on the right.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card