Connection fails between a PPTP (XP) client and VPN 3000 concentrator

s.ferrol · ‎01-08-2008

Hi there,

I am trying to set up a VPN 3080 concentrator to support PPTP clients. Authentication is done through a RADIUS server that supports MS-CHAPv2. Using the built in PPTP client in Windows XP, I have set up the security parameters to use MS-CHAPv2.

Looking at the concentrator logs, authentication is successful:

User [s8803964]

Authenticated successfully with MSCHAP-V2

However, the client closes the connection. A window appears in the XP client showing the error:

Error 778: It was not possible to verify the identity of the server.

With the same concentrator, I can connect successfully using PAP and pointing to a different authentication server that only supports PAP.

Need to know how to enable the client to accept the identity of the concentrator.

Many thanks.

JORGE RODRIGUEZ · ‎01-08-2008

I think this could be a setting in the concentrator.

In our MS-RADIUS server I have three authentication methods setup under remote access policy for vpn users : MSCHAOP-V2, MSCHAP, PAP SPAP, but all our PPTP clients get through via MSCHAP-V2 because this is the one we instruct the concentrator to only accept..

log to concentrator and go to :

user management>base group> and pick PPTP/L2TP tab and then under PPTP authentication protocol check-mark MSCHAP-V2

for PPTP encryption check-mark :

Required

40 bit

128 bit

and for L2TP have the same settings as above.

As for your PPTP clients just accept defualts in their configuration, I strongly believe is settings in your concetrator.

Also make sure you have ruled out RADIUS server configuration discrepancies, for example ensure the RADIUS clients "the concentrator itself " is set for "Client vendor type" to be Microsoft

See if this helps

Rgds

Jorge

Jorge Rodriguez