Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
747
Views
0
Helpful
0
Replies

Cisco does not support MS-CHAP for vpn authentication

Vishal.Seetal
Level 1
Level 1

‎04-09-2012 07:42 PM - edited ‎03-04-2019 03:58 PM

HI all,

I have a cisco 2951 ISR G2 router on which I set up a l2tp/IPSEC vpn server. I was having trouble setting up the vpn and had to call support for helping me out. The problem that the support guy found is that the router or the l2tp vpn server does not support MS-CHAP or MS-CHAPv2 authentication protocol. So, with the router configured to use MS-CHAP or MS-CHAPv2 as the authentication protocol for authenticating vpn users, when an external user tries to connect to the vpn server using Microsoft's inbuilt vpn client, which uses ms-chap and ms-chap v2 for authentication by default, he would not be able to connect and the error message (Error 691) was "vpn server could not authenticate username and password with the authentication method". However, when the  router is configured to use PAP as the authentication method, then vpn connections were successful. The support guy told me MS-CHAP is not supported by Cisco. Has anyone ever come across this issue?

The problem is PAP is an unencrypted protocol and I don't think anybody uses it nowadays..I still can't believe that Cisco does not support MS-CHAP authentication protocols..I would like somebody to tell me that it's not true..

If anyone has ever tried to set up an L2TP/IPSEC vpn server on a Cisco router and use Microsoft's inbuilt vpn client to connect to the server, please help me get a working configuration for the vpn server.

Any help would be greatly appreciated.

Thanks.

Kind regards,

Vishal

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card