Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2555
Views
0
Helpful
2
Replies

Cisco 877: encryption not working on PPTP VPN

MassimoPascucci
Level 1
Level 1

‎07-03-2011 10:44 AM

I have a Cisco 877 router and I configured it to act as a VPN server, supporting both PPTP and L2TP VPNs. I can succesfully connect to it from Windows computers using the built-in VPN software.

There is only one problem: when using a PPTP VPN, encryption doesn't work. If I configure the client to require encryption (default setting), the connection fails with an error about the remote endpoint not supporting it. If I remove the encryption requirement, the connection succeeds. I've also tried tweaking the encryption settings (40/128 bits), but this didn't work either.

This is the relevant part of the router's configuration:

vpdn enable
vpdn-group VPN_Clients
 accept-dialin
  protocol any
  virtual-template 1

ip local pool VPN_Pool 192.168.42.250 192.168.42.254

interface Virtual-Template1
 ip unnumbered Vlan1
 ip nat inside
 peer default ip address pool VPN_Pool
 ppp encrypt mppe auto required
 ppp authentication ms-chap-v2 ms-chap chap

The router's IOS version is 15, and it fully supports encryption.

The strangest thing is, encryption is actually required in the router config; but not only the router doesn't seem to offer it... it also accepts unencrypted connections, which it shouldn't. It's like the ppp encrypt mppe auto required command is completely ignored.

How can I fix this?

Labels:
0 Helpful
2 Replies 2

MassimoPascucci
Level 1
Level 1

‎07-03-2011 02:40 PM

Looks like it was a bug.

I updated the router's IOS from version 15.0(1) to 15.1(3) and now the problem is gone.

0 Helpful

sylvain.munaut
Level 1
Level 1
In response to MassimoPascucci

‎07-14-2011 07:38 AM

Might be related to CSCtq59239 "MPPE data packets not flowing in RADIUS authen case again"

0 Helpful
Customers Also Viewed These Support Documents