Adsl chap failure - 887va

Hi all,
hoping someone can shed some light on this,
i have an 887va configured to connect to my isp on my test bed. I have configured the router to connect using PPPoA as usual but i am getting LCP TERMREQ packets from my ISP in response to my CHAP responses. no other errors, just a termreq.
Strange thing is , from time to time it does connect but can take hours. I know the username and password are correct as they work straight away when i use a little netgear adsl modem i have here so clearly something else is wrong, i suspect the ISP end but thought i would check here first.
I am not getting any clue as to the reason why im getting termreq back from the ISP , sh ppp stats shows the disconnect reasons as entirely due to '17 received LCP TERMREQ from peer'. Its almost like it doesnt understand my response rather than it being incorrect. i wondered if the secret is being hashed correctly but i cant think of a reason why it wouldnt be I have a crypto map confiured buy not applied as yet..
here is the debug output for the failed session (debug ppp auth, neg and errors)
*Jul 2 06:50:59.837: PPP: Alloc Context [86E2C804]
*Jul 2 06:50:59.837: ppp975 PPP: Phase is ESTABLISHING
*Jul 2 06:50:59.837: Vi2 PPP: Using dialer call direction
*Jul 2 06:50:59.837: Vi2 PPP: Treating connection as a callout
*Jul 2 06:50:59.837: Vi2 PPP: Session handle[F3000030] Session id[975]
*Jul 2 06:50:59.837: Vi2 LCP: Event[OPEN] State[Initial to Starting]
*Jul 2 06:50:59.837: Vi2 PPP: No remote authentication for call-out
*Jul 2 06:50:59.837: Vi2 LCP: O CONFREQ [Starting] id 1 len 10
*Jul 2 06:50:59.837: Vi2 LCP:    MagicNumber 0x14194245 (0x050614194245)
*Jul 2 06:50:59.837: Vi2 LCP: Event[UP] State[Starting to REQsent]
*Jul 2 06:51:00.089: Vi2 LCP: I CONFREQ [REQsent] id 103 len 19
*Jul 2 06:51:00.089: Vi2 LCP:    MRU 1500 (0x010405DC)
*Jul 2 06:51:00.089: Vi2 LCP:    AuthProto CHAP (0x0305C22305)
*Jul 2 06:51:00.089: Vi2 LCP:    MagicNumber 0x23918A01 (0x050623918A01)
*Jul 2 06:51:00.089: Vi2 LCP: O CONFACK [REQsent] id 103 len 19
*Jul 2 06:51:00.089: Vi2 LCP:    MRU 1500 (0x010405DC)
*Jul 2 06:51:00.089: Vi2 LCP:    AuthProto CHAP (0x0305C22305)
*Jul 2 06:51:00.089: Vi2 LCP:    MagicNumber 0x23918A01 (0x050623918A01)
*Jul 2 06:51:00.089: Vi2 LCP: Event[Receive ConfReq+] State[REQsent to ACKsent]
*Jul 2 06:51:00.093: Vi2 LCP: I CONFACK [ACKsent] id 1 len 10
*Jul 2 06:51:00.093: Vi2 LCP:    MagicNumber 0x14194245 (0x050614194245)
*Jul 2 06:51:00.093: Vi2 LCP: Event[Receive ConfAck] State[ACKsent to Open]
*Jul 2 06:51:00.097: Vi2 PPP: Queue CHAP code[1] id[1]
*Jul 2 06:51:00.117: Vi2 PPP: No authorization without authentication
*Jul 2 06:51:00.117: Vi2 PPP: Phase is AUTHENTICATING, by the peer
*Jul 2 06:51:00.117: Vi2 CHAP: Redirect packet to Vi2
*Jul 2 06:51:00.117: Vi2 CHAP: I CHALLENGE id 1 len 35 from "bras-xxxxx"
*Jul 2 06:51:00.117: Vi2 PPP: Sent CHAP SENDAUTH Request
*Jul 2 06:51:00.117: Vi2 LCP: State is Open
*Jul 2 06:51:00.117: Vi2 PPP: Received SENDAUTH Response FAIL
*Jul 2 06:51:00.117: Vi2 CHAP: Using hostname from interface CHAP
*Jul 2 06:51:00.117: Vi2 CHAP: Using password from interface CHAP
*Jul 2 06:51:00.117: Vi2 CHAP: O RESPONSE id 1 len 37 from "[email protected]"
*Jul 2 06:51:00.861: Vi2 LCP: I TERMREQ [Open] id 104 len 4
*Jul 2 06:51:00.861: Vi2 PPP DISC: Received LCP TERMREQ from peer
*Jul 2 06:51:00.861: PPP: NET STOP send to AAA.
*Jul 2 06:51:00.861: Vi2 PPP: Phase is TERMINATING
*Jul 2 06:51:00.861: Vi2 LCP: O TERMACK [Open] id 104 len 4
*Jul 2 06:51:00.861: Vi2 LCP: Event[Receive TermReq] State[Open to Stopping]
*Jul 2 06:51:02.869: Vi2 PPP: No remote authentication for call-out
*Jul 2 06:51:02.869: Vi2 LCP: Event[Timeout-] State[Stopping to Stopped]
*Jul 2 06:51:02.869: Vi2 LCP: Event[DOWN] State[Stopped to Starting]
*Jul 2 06:51:02.869: Vi2 PPP: Phase is DOWN
here are the relevant parts of the config, dialer 1 is bound to virtual-access 2
controller VDSL 0
interface Ethernet0
no ip address
shutdown
interface ATM0
description BT-Circuit-No...
no ip address
no atm ilmi-keepalive
interface ATM0.1 point-to-point
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface Dialer1
description Connection-To-BT-number-ATM0
ip address negotiated
no ip redirects
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin optional
ppp chap hostname [email protected]
ppp chap password 0 mypassword
ppp pap sent-username [email protected] password 0 mypassword
ppp ipcp dns request accept
ppp ipcp route default
ppp ipcp address accept
no cdp enable
dialer-list 1 protocol ip permit
ip nat inside source list PUBLIC-PAT interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
any ideas appreciated.
Cheers
Shaun

Is it possible that MS-CHAP has a limit on the size of usernames and/or password!? Can't we get a better error code than "CHAP Failure id=0x6f" which doesn't seem to be documented anywhere on the Internet?

Similar Messages

L2TP / CHAP Authentication Faliure OS X Server Yosemite 10.10.1

Hello everyone, I saw this problem come up in older versions of server and solutions revolved around group manager but its not available for Yosesmite.
Here is the log I get
Fri Jan 23 02:05:24 2015 : L2TP incoming call in progress from '192.168.0.13'...
Fri Jan 23 02:05:24 2015 : L2TP received SCCRQ
Fri Jan 23 02:05:24 2015 : L2TP sent SCCRP
Fri Jan 23 02:05:24 2015 : L2TP received SCCCN
Fri Jan 23 02:05:24 2015 : L2TP received ICRQ
Fri Jan 23 02:05:24 2015 : L2TP sent ICRP
Fri Jan 23 02:05:24 2015 : L2TP received ICCN
Fri Jan 23 02:05:24 2015 : L2TP connection established.
Fri Jan 23 02:05:24 2015 : using link 0
Fri Jan 23 02:05:24 2015 : Using interface ppp0
Fri Jan 23 02:05:24 2015 : Connect: ppp0 <--> socket[34:18]
Fri Jan 23 02:05:24 2015 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x359a7585> <pcomp> <accomp>]
Fri Jan 23 02:05:24 2015 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xd74787e> <pcomp> <accomp>]
Fri Jan 23 02:05:24 2015 : lcp_reqci: returning CONFACK.
Fri Jan 23 02:05:24 2015 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0xd74787e> <pcomp> <accomp>]
Fri Jan 23 02:05:27 2015 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x359a7585> <pcomp> <accomp>]
Fri Jan 23 02:05:27 2015 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x359a7585> <pcomp> <accomp>]
Fri Jan 23 02:05:27 2015 : sent [LCP EchoReq id=0x0 magic=0x359a7585]
Fri Jan 23 02:05:27 2015 : sent [CHAP Challenge id=0x66 <0e68752c580b611f2a31274224020b62>, name = "Balazs-Toths-MacBook-Pro.local"]
Fri Jan 23 02:05:27 2015 : rcvd [LCP EchoReq id=0x0 magic=0xd74787e]
Fri Jan 23 02:05:27 2015 : sent [LCP EchoRep id=0x0 magic=0x359a7585]
Fri Jan 23 02:05:27 2015 : rcvd [LCP EchoRep id=0x0 magic=0xd74787e]
Fri Jan 23 02:05:27 2015 : rcvd [CHAP Response id=0x66 <fd352d7f198c134b3a976260b88a9dd70000000000000000eaaf1a981aea56bf7c083a9a2f8935 ce580d3b2c532da72700>, name = "testuser"]
Fri Jan 23 02:05:27 2015 : sent [CHAP Failure id=0x66 ""]
Fri Jan 23 02:05:27 2015 : CHAP peer authentication failed for testuser
Fri Jan 23 02:05:27 2015 : sent [LCP TermReq id=0x2 "Authentication failed"]
Fri Jan 23 02:05:27 2015 : Connection terminated.
Fri Jan 23 02:05:27 2015 : L2TP disconnecting...
Fri Jan 23 02:05:27 2015 : L2TP sent CDN
Fri Jan 23 02:05:27 2015 : L2TP sent StopCCN
Fri Jan 23 02:05:27 2015 : L2TP disconnected
2015-01-23 02:05:27 CET --> Client with address = 192.168.1.1 has hungup
I get the same error when trying to log in with the admin.
All help is appreciated!
Thank you

When using klist, do you get an entry where the principal starts with imap?
In Server.app, what authentication option(s) do you have selected for Mail?
Tim
p.s., I see I was wrong and you actually had commented on another thread. Please start a new thread for your situation.

VPN - CHAP authentication failed

I am currently running a Mac mini server with 10.8.2 installed. I can connect to my VPN when connected to the internal network with the same credentials I'm trying when connecting externally, however I am not able to connect externally. The VPN server log says...
Wed Jan 9 19:05:45 2013 : PPTP incoming call in progress from 'XXX.XXX.XXX.XXX'...Wed Jan 9 19:05:45 2013 : PPTP connection established.
Wed Jan 9 19:05:45 2013 : using link 0
Wed Jan 9 19:05:45 2013 : Using interface ppp0
Wed Jan 9 19:05:45 2013 : Connect: ppp0 <--> socket[34:17]
Wed Jan 9 19:05:45 2013 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x41729571> <pcomp> <accomp>]
Wed Jan 9 19:05:45 2013 : rcvd [LCP ConfReq id=0x1 <mru 1400> <asyncmap 0x0> <magic 0x76af3698> <pcomp> <accomp>]
Wed Jan 9 19:05:45 2013 : lcp_reqci: returning CONFACK.
Wed Jan 9 19:05:45 2013 : sent [LCP ConfAck id=0x1 <mru 1400> <asyncmap 0x0> <magic 0x76af3698> <pcomp> <accomp>]
Wed Jan 9 19:05:48 2013 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x41729571> <pcomp> <accomp>]
Wed Jan 9 19:05:48 2013 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x41729571> <pcomp> <accomp>]
Wed Jan 9 19:05:48 2013 : sent [LCP EchoReq id=0x0 magic=0x41729571]
Wed Jan 9 19:05:48 2013 : sent [CHAP Challenge id=0xcc <1b0470764c2477634532244f7056405b>, name = "server.robertsteeter.private"]
Wed Jan 9 19:05:48 2013 : rcvd [LCP ConfReq id=0x2 <mru 1400> <asyncmap 0x0> <magic 0x5fbceae0> <pcomp> <accomp>]
Wed Jan 9 19:05:48 2013 : sent [LCP ConfReq id=0x2 <asyncmap 0x0> <auth chap MS-v2> <magic 0x772dcec9> <pcomp> <accomp>]
Wed Jan 9 19:05:48 2013 : lcp_reqci: returning CONFACK.
Wed Jan 9 19:05:48 2013 : sent [LCP ConfAck id=0x2 <mru 1400> <asyncmap 0x0> <magic 0x5fbceae0> <pcomp> <accomp>]
Wed Jan 9 19:05:48 2013 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x41729571> <pcomp> <accomp>]
Wed Jan 9 19:05:48 2013 : rcvd [LCP ConfAck id=0x2 <asyncmap 0x0> <auth chap MS-v2> <magic 0x772dcec9> <pcomp> <accomp>]
Wed Jan 9 19:05:48 2013 : sent [LCP EchoReq id=0x0 magic=0x772dcec9]
Wed Jan 9 19:05:48 2013 : sent [CHAP Challenge id=0x6a <65334e292e400860457a3e710278142e>, name = "server.robertsteeter.private"]
Wed Jan 9 19:05:48 2013 : rcvd [LCP EchoRep id=0x0 magic=0x5fbceae0]
Wed Jan 9 19:05:48 2013 : rcvd [CHAP Response id=0x6a <3c2c0bb90568f62f5ada84294038e828000000000000000032bf450620bf278e54e8d70b5ed48a 4a5567f528df9194bd00>, name = "matt"]
Wed Jan 9 19:05:48 2013 : DSAuth plugin: unsupported authen authority: recved ShadowHash;HASHLIST:<SMB-NT,CRAM-MD5,RECOVERABLE,SALTED-SHA512-PBKDF2>, want ApplePasswordServer
Wed Jan 9 19:05:48 2013 : DSAuth plugin: MPPE key required, but its retrieval failed.
Wed Jan 9 19:05:48 2013 : sent [CHAP Failure id=0x6a "S=D43D9FBA673744184953601DBB181A5E9B2FF9C9 M=Access granted"]
Wed Jan 9 19:05:48 2013 : CHAP peer authentication failed for matt
Wed Jan 9 19:05:48 2013 : sent [LCP TermReq id=0x3 "Authentication failed"]
Wed Jan 9 19:05:48 2013 : Connection terminated.
Wed Jan 9 19:05:48 2013 : PPTP disconnecting...
Wed Jan 9 19:05:48 2013 : PPTP disconnected
2013-01-09 19:05:48 EST --> Client with address = 192.168.100.241 has hungup
Not sure what the issue is, however I'm sure I have the username/password and shared secret all correct since I can connect internally. Any suggestions?

I have a similar problem:
OS X Server 10.3.9 running on a G3; clients running OS X 10.4.8.
I used Server Admin to set up the server with L2TP and set the shared secret[1]; I used Internet Connect to try to get a client to connect to the server. The result is always the same: The client says "Authentication Failed" and the server's logs record the conversation (Here's the relevant part):
...Tue Jan 16 15:55:08 2007 : sent [CHAP Challenge id=0x1 <c9af9d6375c13e5657d49c44c6ab8259>, name = "inside"]
Tue Jan 16 15:55:08 2007 : rcvd [LCP EchoReq id=0x0 magic=0x9101c22f]
Tue Jan 16 15:55:08 2007 : sent [LCP EchoRep id=0x0 magic=0xf01aa2]
Tue Jan 16 15:55:08 2007 : rcvd [LCP EchoRep id=0x0 magic=0x9101c22f]
Tue Jan 16 15:55:08 2007 : rcvd [CHAP Response id=0x1 <f27c5a611e1e9cf68c17d04d37448b6d00000000000000000f035bba35b5a714589e7292c1fba0 78d57fb3640b62a08e00>, name = "timberwoof"]
Tue Jan 16 15:55:08 2007 : sent [CHAP Failure id=0x1 "E=691 R=1 C=C9AF9D6375C13E5657D49C44C6AB8259 V=0 M=Access denied."]
Tue Jan 16 15:55:08 2007 : CHAP peer authentication failed for remote host timberwoof
Tue Jan 16 15:55:08 2007 : sent [LCP TermReq id=0x2 "Authentication failed"]
Tue Jan 16 15:55:08 2007 : rcvd [LCP TermReq id=0x2 "Failed to authenticate ourselves to peer"]
The user 'timberwoof' exists on the server. I tried changing password type to Advanced, but there's a catch-22 situtation: no user is set up with Advanced password, and it can only be changed to that by a user using Advanced password.
[1] Has anyone else noticed that the dialog box for setting this in Server Admin 10.4.7 is broken? It always forgets the shared secret and then complains that none has been entered.

I can't start a open directory, it gives an error saying: check network config

Hi,
to begin with, i'm dutch so sorry for my bad writing.
Setup:
Mac mini OSX server mountion lion 10.8.5
local users
cisco rvs4000
I'm having an issue since i changed my networks WANIP because we got a new and better internet line.
Also the new inviroment comes with a new router.
Now here's the problem, since this change i couldn't set up a VPN L2TP connection anymore..
So i looked at the VPN log, but there wasn't any text referring to a VPN L2TP connection. And yes i forwarded ervery port,
UDP 1701,500,4500 and the ESP 50 protocol is forwarded by the cisco router with the standard VPN passtrough option.
The next thing i tried is setting up an PPTP connection, after this i got the error: identity is not accepted. this time the VPN log gives me
an error:
0x0> <magic 0x628df8e6> <pcomp> <accomp>]
Thu Oct 17 12:42:33 2013 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x2b13fb41> <pcomp> <accomp>]
Thu Oct 17 12:42:33 2013 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x2b13fb41> <pcomp> <accomp>]
Thu Oct 17 12:42:33 2013 : sent [LCP EchoReq id=0x0 magic=0x2b13fb41]
Thu Oct 17 12:42:33 2013 : sent [CHAP Challenge id=0x2f <7b651c211c2065155c574d41732c394e>, name = "server.xxxxxx.private"]
Thu Oct 17 12:42:33 2013 : rcvd [LCP EchoReq id=0x0 magic=0x628df8e6]
Thu Oct 17 12:42:33 2013 : sent [LCP EchoRep id=0x0 magic=0x2b13fb41]
Thu Oct 17 12:42:33 2013 : rcvd [LCP EchoRep id=0x0 magic=0x628df8e6]
Thu Oct 17 12:42:33 2013 : rcvd [CHAP Response id=0x2f <eb158db194714bbd1f17f0aeae993927000000000000000012f827aea75c2b6cb2dbcbbd3bfabb 1bb6a7534d96d956f300>, name = "vpnuser"]
Thu Oct 17 12:42:33 2013 : DSAuth plugin: unsupported authen authority: recved Kerberosv5;;vpnuser@LKDC:SHA1.F0E4A62A66239C74E50793F3F30997F086074A1E;LKDC:SHA1 .F0E4A62A66239C74E50793F3F30997F086074A1E, want ApplePasswordServer
Thu Oct 17 12:42:33 2013 : DSAuth plugin: MPPE key required, but its retrieval failed.
Thu Oct 17 12:42:34 2013 : sent [CHAP Failure id=0x2f "S=4E4083190FD57B13DA38015F52FE14F8F594766A M=Access granted"]
Thu Oct 17 12:42:34 2013 : CHAP peer authentication failed for vpnuser
Thu Oct 17 12:42:34 2013 : sent [LCP TermReq id=0x2 "Authentication failed"]
Thu Oct 17 12:42:34 2013 : Connection terminated.
Thu Oct 17 12:42:34 2013 : PPTP disconnecting...
Thu Oct 17 12:42:34 2013 : PPTP disconnected
2013-10-17 12:42:34 CEST --> Client with address = 192.168.1.205 has hungup
When i googled for this problem all the awnsers were based on OD users and my in situation there were only local users.
So i thought if i just add all my users ( 10 local users ) to an OD it should fix my problem but here comes the next thing.
When i tried to configure an Open directory it gives me an error that the OD couldn't finish and to check my network settings.
sudo changeip -checkhostname gives me the right adress, dns seems to be ok. The error that console constantly gives is:
servermgd: servermgr_accounts: got error 5000 trying to auth to local LDAP node
and
WARING found KDC certificate
and
ntdp: GetConfig: Couldn't open </private/etc/ntp_opendirectory.conf
I'm stuck at this point, never seen this problem before.. someone knows a fix or work around for this??
thanks in advance

To check the local network for some of the common configuration problems, launch Terminal.app and issue the following diagnostic command:
sudo changeip -checkhostname
That'll report some local configuration information and then either no errors detected and no changes required, or it'll point to whatever configuration errors or issues it might detect. That doesn't catch everything, but it catches the common errors.
FWIW, 192.168.0.0/24 and 192.168.1.0/24 are poor choices for the local network, as VPNs are based on IP routing and IP routing gets tangled when the same subnet is used on both ends of the VPN. 192.168.0.0/24 and 192.168.1.0/24 are near ubiquitous in home networks and coffee shops.

OS X server: VPN setup

Hi,
   I am using OS X server (10.9.1).   I try to setup VPN service.    But, I do not know what went wrong.    Below is the log.    Any tips?
1st time:   I use wwmm.wwmmhome.private...
2013-12-31 14:23:19 SGT     Incoming call... Address given to client = 192.168.1.240Tue Dec 31 14:23:19 2013 : Directory Services Authentication plugin initialized
Tue Dec 31 14:23:19 2013 : Directory Services Authorization plugin initialized
Tue Dec 31 14:23:19 2013 : publish_entry SCDSet() failed: Success!
Tue Dec 31 14:23:19 2013 : publish_entry SCDSet() failed: Success!
Tue Dec 31 14:23:19 2013 : publish_entry SCDSet() failed: Success!
Tue Dec 31 14:23:19 2013 : PPTP incoming call in progress from '183.90.37.225'...
Tue Dec 31 14:23:19 2013 : PPTP connection established.
Tue Dec 31 14:23:19 2013 : using link 0
Tue Dec 31 14:23:19 2013 : Using interface ppp0
Tue Dec 31 14:23:19 2013 : Connect: ppp0 <--> socket[34:17]
Tue Dec 31 14:23:19 2013 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x729c77b1> <pcomp> <accomp>]
Tue Dec 31 14:23:19 2013 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x38d3186b> <pcomp> <accomp>]
Tue Dec 31 14:23:19 2013 : lcp_reqci: returning CONFACK.
Tue Dec 31 14:23:19 2013 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x38d3186b> <pcomp> <accomp>]
Tue Dec 31 14:23:22 2013 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x729c77b1> <pcomp> <accomp>]
Tue Dec 31 14:23:22 2013 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x38d3186b> <pcomp> <accomp>]
Tue Dec 31 14:23:22 2013 : lcp_reqci: returning CONFACK.
Tue Dec 31 14:23:22 2013 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x38d3186b> <pcomp> <accomp>]
Tue Dec 31 14:23:22 2013 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x729c77b1> <pcomp> <accomp>]
Tue Dec 31 14:23:22 2013 : sent [LCP EchoReq id=0x0 magic=0x729c77b1]
Tue Dec 31 14:23:22 2013 : sent [CHAP Challenge id=0xd5 <663e256443001f6c0163674232734908>, name = "wwmm.wwmmhome.private"]
Tue Dec 31 14:23:22 2013 : rcvd [LCP EchoReq id=0x0 magic=0x38d3186b]
Tue Dec 31 14:23:22 2013 : sent [LCP EchoRep id=0x0 magic=0x729c77b1]
Tue Dec 31 14:23:22 2013 : rcvd [LCP EchoRep id=0x0 magic=0x38d3186b]
Tue Dec 31 14:23:22 2013 : rcvd [CHAP Response id=0xd5 <63847a83bdb04f9fba56d82397d7213e00000000000000003d68f95fbd5d9f5e90ad10d4e8403c f53e5940402f913a6b00>, name = "test"]
Tue Dec 31 14:23:22 2013 : sent [CHAP Failure id=0xd5 ""]
Tue Dec 31 14:23:22 2013 : CHAP peer authentication failed for walter
Tue Dec 31 14:23:22 2013 : sent [LCP TermReq id=0x2 "Authentication failed"]
Tue Dec 31 14:23:22 2013 : Connection terminated.
Tue Dec 31 14:23:22 2013 : PPTP disconnecting...
Tue Dec 31 14:23:22 2013 : PPTP disconnected
2013-12-31 14:23:22 SGT       --> Client with address = 192.168.1.240 has hung up
2nd time, I use wwmm.dyndns.org
2013-12-31 14:38:38 SGT     Incoming call... Address given to client = 192.168.1.240Tue Dec 31 14:38:38 2013 : Directory Services Authentication plugin initialized
Tue Dec 31 14:38:38 2013 : Directory Services Authorization plugin initialized
Tue Dec 31 14:38:38 2013 : publish_entry SCDSet() failed: Success!
Tue Dec 31 14:38:38 2013 : publish_entry SCDSet() failed: Success!
Tue Dec 31 14:38:38 2013 : publish_entry SCDSet() failed: Success!
Tue Dec 31 14:38:38 2013 : PPTP incoming call in progress from '183.90.37.225'...
Tue Dec 31 14:38:39 2013 : PPTP connection established.
Tue Dec 31 14:38:39 2013 : using link 0
Tue Dec 31 14:38:39 2013 : Using interface ppp0
Tue Dec 31 14:38:39 2013 : Connect: ppp0 <--> socket[34:17]
Tue Dec 31 14:38:39 2013 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x5b1829ce> <pcomp> <accomp>]
Tue Dec 31 14:38:39 2013 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x3298b0f1> <pcomp> <accomp>]
Tue Dec 31 14:38:39 2013 : lcp_reqci: returning CONFACK.
Tue Dec 31 14:38:39 2013 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x3298b0f1> <pcomp> <accomp>]
Tue Dec 31 14:38:42 2013 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x5b1829ce> <pcomp> <accomp>]
Tue Dec 31 14:38:42 2013 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x3298b0f1> <pcomp> <accomp>]
Tue Dec 31 14:38:42 2013 : lcp_reqci: returning CONFACK.
Tue Dec 31 14:38:42 2013 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x3298b0f1> <pcomp> <accomp>]
Tue Dec 31 14:38:42 2013 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x5b1829ce> <pcomp> <accomp>]
Tue Dec 31 14:38:42 2013 : sent [LCP EchoReq id=0x0 magic=0x5b1829ce]
Tue Dec 31 14:38:42 2013 : sent [CHAP Challenge id=0x5a <4a753b2e091d155a1414337d40401750>, name = "wwmm.dyndns.org"]
Tue Dec 31 14:38:42 2013 : rcvd [LCP EchoReq id=0x0 magic=0x3298b0f1]
Tue Dec 31 14:38:42 2013 : sent [LCP EchoRep id=0x0 magic=0x5b1829ce]
Tue Dec 31 14:38:42 2013 : rcvd [LCP EchoRep id=0x0 magic=0x3298b0f1]
Tue Dec 31 14:38:42 2013 : rcvd [CHAP Response id=0x5a <2f54770187524125079b5d74e01b09e800000000000000004359e904d9814bc5e0eb4bb880e7e5 23181a0d22b9164e2400>, name = "test"]
Tue Dec 31 14:38:42 2013 : DSAuth plugin: unsupported authen authority: recved ShadowHash;HASHLIST:<SALTED-SHA512,SMB-NT,CRAM-MD5,RECOVERABLE,SALTED-SHA512-PB KDF2>, want ApplePasswordServer
Tue Dec 31 14:38:42 2013 : DSAuth plugin: MPPE key required, but its retrieval failed.
Tue Dec 31 14:38:42 2013 : sent [CHAP Failure id=0x5a "S=8DDCFFC7EA287D3A141E5594392BCBD87C35F76B M=Access granted"]
Tue Dec 31 14:38:42 2013 : CHAP peer authentication failed for walter
Tue Dec 31 14:38:42 2013 : sent [LCP TermReq id=0x2 "Authentication failed"]
Tue Dec 31 14:38:42 2013 : Connection terminated.
Tue Dec 31 14:38:42 2013 : PPTP disconnecting...
Tue Dec 31 14:38:42 2013 : PPTP disconnected
2013-12-31 14:38:42 SGT       --> Client with address = 192.168.1.240 has hungup

The VPN server in Server.app is these days pretty feeble, it only does PPTP and L2TP and does not support using security certificates or VPN on demand. (Which requires security certificates.) As a result the security of Apples VPN server is only capable of functions which have all been successfully cracked. Now for most people that might not be too much of a concern but if your a law, health, finance, or government customer then it should be a concern.
However...
While the VPN server itself does not support clustering nor in fact do any of the services in Server.app there might be a way to achieve what you want. If you have a DNS load-balancer then you can point all the clients to the load-balancer and it will distribute the requests to two or more Apple VPN servers. You just need to make sure each Apple VPN server gives out a different range of IP addresses with no overlaps.

VPN 10.4.7 - CAN'T AUTHENTICATE ANY USER

Cannot get VPN to work on server 10.4.7.
Port is open on router, server answers request for session but fails to authenticate.
Here's the server log:
2006-06-28 08:58:25 EST Loading plugin /System/Library/Extensions/PPTP.ppp
2006-06-28 08:58:32 EST Listening for connections...
2006-06-28 16:49:40 EST Incoming call... Address given to client = 192.168.1.40
Wed Jun 28 16:49:40 2006 : Directory Services Authentication plugin initialized
Wed Jun 28 16:49:40 2006 : Directory Services Authorization plugin initialized
Wed Jun 28 16:49:40 2006 : PPTP incoming call in progress from '60.240.245.35'...
Wed Jun 28 16:49:40 2006 : PPTP connection established.
Wed Jun 28 16:49:40 2006 : using link 0
Wed Jun 28 16:49:40 2006 : Using interface ppp0
Wed Jun 28 16:49:40 2006 : Connect: ppp0 <--> socket[34:17]
Wed Jun 28 16:49:40 2006 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x436447ba> <pcomp> <accomp>]
Wed Jun 28 16:49:42 2006 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x519e69a4> <pcomp> <accomp>]
Wed Jun 28 16:49:42 2006 : lcp_reqci: returning CONFACK.
Wed Jun 28 16:49:42 2006 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x519e69a4> <pcomp> <accomp>]
Wed Jun 28 16:49:43 2006 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x436447ba> <pcomp> <accomp>]
Wed Jun 28 16:49:44 2006 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x436447ba> <pcomp> <accomp>]
Wed Jun 28 16:49:44 2006 : sent [LCP EchoReq id=0x0 magic=0x436447ba]
Wed Jun 28 16:49:44 2006 : sent [CHAP Challenge id=0x12 <51bf5b3bd7c3c82024a81d45ff4f2047>, name = "myserver.THESERVER.com"]
Wed Jun 28 16:49:44 2006 : rcvd [LCP EchoReq id=0x0 magic=0x519e69a4]
Wed Jun 28 16:49:44 2006 : sent [LCP EchoRep id=0x0 magic=0x436447ba]
Wed Jun 28 16:49:44 2006 : rcvd [LCP EchoRep id=0x0 magic=0x519e69a4]
Wed Jun 28 16:49:44 2006 : rcvd [CHAP Response id=0x12 <89ab64798d8a6ef5c300ddac2be6c34f000000000000000007115c79a856153facdc9af3e02778 bf8e6b09e4b6b098a100>, name = "[email protected]"]
Wed Jun 28 16:49:44 2006 : Peer [email protected] failed CHAP authentication
Wed Jun 28 16:49:44 2006 : sent [CHAP Failure id=0x12 "\37777777677\37777777777\377777777720"]
Wed Jun 28 16:49:44 2006 : sent [LCP TermReq id=0x2 "Authentication failed"]
Wed Jun 28 16:49:44 2006 : rcvd [LCP TermReq id=0x2 "Failed to authenticate ourselves to peer"]
Wed Jun 28 16:49:44 2006 : sent [LCP TermAck id=0x2]
Wed Jun 28 16:49:44 2006 : rcvd [LCP TermAck id=0x2]
Wed Jun 28 16:49:44 2006 : Connection terminated.
Wed Jun 28 16:49:44 2006 : PPTP disconnecting...
Wed Jun 28 16:49:44 2006 : PPTP disconnected
2006-06-28 16:49:44 EST --> Client with address = 192.168.1.40 has hungup
Any ideas how to get this setup properly?

Brian,
this is not tech support. People are doing this in their spare time! This is just a discussion board no tech support company or official Apple support! This ist just a place where many Mac guys and girls hang out to discuss their experience.
I did not see a question in your original posting. Maybe this is why nobody answered.
So, you do have a problem with VPN not authenticating. For us to help you, you need to help us out with a few details about your setup.
What I can tell from the log is that you're running Mac OS X Server (10.4.7 as you mentioned) and that the necessary ports seem to be correctly forwarded to the server.
What client are you using? Do you have VPN access restricted to groups? Is the user in question in this group? Did you double and triple check the password? Is the user allowed to login and created at all?
MacLemon

VPN Access via LDAP authentication

Hello everyone,
I have setup an OS X server to serve as our department's VPN server. I am attempting to configure it to use an existing linux LDAP server for authentication, so that we don't need to have local accounts on the server. In the Directory Utility I have entered the information to point to our LDAP, and have it configured as RFC 2307 (Unix) for LDAP mappings. Everything in the Directory Utility appears that it considers the LDAP connection to be valid. In fact, from a terminal I can successfully finger users in LDAP.
In the Server Admin, I have selected the users that I wish to have VPN access (the LDAP users also show up in this list). However, when I try to connect to it, it fails almost immediately. Here is a snippet of the server's VPN log file (I have changed the IP addresses and hostname in the logfile to "*"):
2010-05-11 20:37:13 EDT Incoming call... Address given to client = **.***.***.**
Tue May 11 20:37:14 2010 : Directory Services Authentication plugin initialized
Tue May 11 20:37:14 2010 : Directory Services Authorization plugin initialized
Tue May 11 20:37:14 2010 : PPTP incoming call in progress from '**.***.***.**'...
Tue May 11 20:37:14 2010 : PPTP connection established.
Tue May 11 20:37:14 2010 : using link 0
Tue May 11 20:37:14 2010 : Using interface ppp0
Tue May 11 20:37:14 2010 : Connect: ppp0 <--> socket[34:17]
Tue May 11 20:37:14 2010 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xaef8a1b5> <pcomp> <accomp>]
Tue May 11 20:37:14 2010 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xaef8a1b5> <pcomp> <accomp>]
Tue May 11 20:37:17 2010 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xaef8a1b5> <pcomp> <accomp>]
Tue May 11 20:37:17 2010 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x1b8adf3d> <pcomp> <accomp>]
Tue May 11 20:37:17 2010 : lcp_reqci: returning CONFACK.
Tue May 11 20:37:17 2010 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x1b8adf3d> <pcomp> <accomp>]
Tue May 11 20:37:17 2010 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xaef8a1b5> <pcomp> <accomp>]
Tue May 11 20:37:17 2010 : sent [LCP EchoReq id=0x0 magic=0xaef8a1b5]
Tue May 11 20:37:17 2010 : sent [CHAP Challenge id=0xc6 <7636b1bad668b175a847d43875397f99>, name = "***.*****.edu"]
Tue May 11 20:37:17 2010 : rcvd [LCP EchoReq id=0x0 magic=0x1b8adf3d]
Tue May 11 20:37:17 2010 : sent [LCP EchoRep id=0x0 magic=0xaef8a1b5]
Tue May 11 20:37:17 2010 : rcvd [LCP EchoRep id=0x0 magic=0x1b8adf3d]
Tue May 11 20:37:17 2010 : rcvd [CHAP Response id=0xc6 <4a2f0f54d4ce55fe6d1308a8206c4b02000000000000000046f6233c5bb9ea82f6ef2164eb55ed a3355a931a6762101300>, name = "mouck"]
Tue May 11 20:37:17 2010 : sent [CHAP Failure id=0xc6 "\37777777677:\r\002"]
Tue May 11 20:37:17 2010 : CHAP peer authentication failed for mouck
Tue May 11 20:37:17 2010 : sent [LCP TermReq id=0x2 "Authentication failed"]
Tue May 11 20:37:17 2010 : rcvd [LCP TermReq id=0x2 "Failed to authenticate ourselves to peer"]
Tue May 11 20:37:17 2010 : sent [LCP TermAck id=0x2]
Tue May 11 20:37:17 2010 : Connection terminated.
Tue May 11 20:37:17 2010 : PPTP disconnecting...
Tue May 11 20:37:17 2010 : PPTP disconnected
I am unsure why the authentication is not working. In the past, I have tried to configure the Open Directory service to be "Connected to a Directory System" but could never get the service to start. To be honest, I'm not even positive I need to have the Open Directory service running, since the authentication should hopefully be passed to our existing LDAP.
Any thoughts or suggestions would be greatly appreciated. Thanks very much!

Hi oleg,
It's a very common issue and generally happens when you try to connect the VPN client from the same location which has a site to site VPN with the device. For example if you try to connect the VPN client to the ASA and your public Ip is 1.1.1.1 and on the same ASA if you have a Site to Site VPN already connnect with an IP address 1.1.1.1 you will see the following error in the debug:
"cannot match peerless map when peer found in previous map entry."
Please check for the same, if thats the case you are hitting the following bug:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCuc75090
You needed a Cisco CCO id to check the link.
Thanks
Jeet Kumar

VPN stopped working with 10.5.3

I'm not longer able to connect to my PPTP VPN since "upgrading" to 10.5.3. The following series entries show up in /var/log/system.log every time I try to connect:
Jun 5 21:40:18 stubb pppd\[3393\]: pppd 2.4.2 (Apple version 314) started by root, uid 501
Jun 5 21:40:18 stubb pppd\[3393\]: PPTP connecting to server 'xxx.yyy.zzz' (1.2.3.4)...
Jun 5 21:40:18 stubb pppd\[3393\]: PPTP connection established.
Jun 5 21:40:18 stubb pppd\[3393\]: Connect: ppp0 <--> socket\[34:17\]
Jun 5 21:40:51 stubb pppd\[3393\]: MS-CHAP authentication failed:
Jun 5 21:40:51 stubb pppd\[3393\]: Connection terminated.
Jun 5 21:40:51 stubb pppd\[3393\]: PPTP disconnecting...
Jun 5 21:40:51 stubb pppd\[3393\]: PPTP disconnected
I've verified that my username and password are correct.
Anyone have any ideas?
Thanks,
Andreas

I have the exact same problem connecting to PPTP VPN since I upgraded to 10.5.3, and my log looks identical. I've included my verbose pppd log below, in case it helps anyone.
I'm not really sure about the details of the server I'm connecting to, but I've read about others on the web having trouble with 10.5.3 on some cisco VPN products.
I'm hoping Apple will want to fix this quickly - I imagine that the new iphone os has the same problem...
pppd 2.4.2 (Apple version 314)
Fri Jun 6 19:23:25 2008 : PPTP connecting to server 'pptp.xxx.com' (x.x.x.x)...
Fri Jun 6 19:23:26 2008 : PPTP connection established.
Fri Jun 6 19:23:26 2008 : using link 0
Fri Jun 6 19:23:26 2008 : Using interface ppp0
Fri Jun 6 19:23:26 2008 : Connect: ppp0 <--> socket\[34:17\]
Fri Jun 6 19:23:26 2008 : sent \[LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x______> <pcomp> <accomp>\]
Fri Jun 6 19:23:26 2008 : rcvd \[LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x______> <pcomp> <accomp>\]
Fri Jun 6 19:23:29 2008 : rcvd \[LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x______> <pcomp> <accomp>\]
Fri Jun 6 19:23:29 2008 : lcp_reqci: returning CONFACK.
Fri Jun 6 19:23:29 2008 : sent \[LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x______> <pcomp> <accomp>\]
Fri Jun 6 19:23:29 2008 : sent \[LCP EchoReq id=0x0 magic=0x______\]
Fri Jun 6 19:23:29 2008 : rcvd \[LCP EchoReq id=0x0 magic=0x______\]
Fri Jun 6 19:23:29 2008 : sent \[LCP EchoRep id=0x0 magic=0x______\]
Fri Jun 6 19:23:29 2008 : rcvd \[CHAP Challenge id=0x62 <...>, name = "localhost"\]
Fri Jun 6 19:23:29 2008 : sent \[CHAP Response id=0x62 <...>, name = "username"\]
Fri Jun 6 19:23:29 2008 : rcvd \[LCP EchoRep id=0x0 magic=0x______\]
...wait 20 seconds...
Fri Jun 6 19:23:49 2008 : sent \[LCP EchoReq id=0x1 magic=0x______\]
...wait 10 seconds...
Fri Jun 6 19:23:59 2008 : rcvd \[CHAP Failure id=0x62 ""\]
Fri Jun 6 19:23:59 2008 : MS-CHAP authentication failed:
Fri Jun 6 19:23:59 2008 : sent \[LCP TermReq id=0x2 "Failed to authenticate ourselves to peer"\]
Fri Jun 6 19:23:59 2008 : rcvd \[LCP TermReq id=0x2 "Authentication failed"\]
Fri Jun 6 19:23:59 2008 : sent \[LCP TermAck id=0x2\]
Fri Jun 6 19:24:00 2008 : rcvd \[LCP TermAck id=0x2\]
Fri Jun 6 19:24:00 2008 : Connection terminated.
Fri Jun 6 19:24:00 2008 : PPTP disconnecting...
Fri Jun 6 19:24:00 2008 : PPTP disconnected

ML VPN MSCHAP

ok so im having an issue with VPN. BOTH l2tp and pptp. I have right secret and the right password verified everything and yet i still recieve this error.
Please HELP!!!!!!!!
Mac mini with 10.8.2 ML server
2012-10-13 21:44:57 EDT
Incoming call... Address given to client = 10.0.0.213
Sat Oct 13 21:44:57 2012 : Directory Services Authentication plugin initialized
Sat Oct 13 21:44:57 2012 : Directory Services Authorization plugin initialized
Sat Oct 13 21:44:57 2012 : PPTP incoming call in progress from '173.9.246.69'...
Sat Oct 13 21:44:58 2012 : PPTP connection established.
Sat Oct 13 21:44:58 2012 : using link 0
Sat Oct 13 21:44:58 2012 : Using interface ppp0
Sat Oct 13 21:44:58 2012 : Connect: ppp0 <--> socket[34:17]
Sat Oct 13 21:44:58 2012 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x7e9598a5> <pcomp> <accomp>]
Sat Oct 13 21:44:58 2012 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x7c0cb316> <pcomp> <accomp>]
Sat Oct 13 21:44:58 2012 : lcp_reqci: returning CONFACK.
Sat Oct 13 21:44:58 2012 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x7c0cb316> <pcomp> <accomp>]
Sat Oct 13 21:44:58 2012 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x7e9598a5> <pcomp> <accomp>]
Sat Oct 13 21:44:58 2012 : sent [LCP EchoReq id=0x0 magic=0x7e9598a5]
Sat Oct 13 21:44:58 2012 : sent [CHAP Challenge id=0x7a <6a21354c082f363f146e611a63214248>, name = "SERVER"]
Sat Oct 13 21:44:58 2012 : rcvd [LCP EchoReq id=0x0 magic=0x7c0cb316]
Sat Oct 13 21:44:58 2012 : sent [LCP EchoRep id=0x0 magic=0x7e9598a5]
Sat Oct 13 21:44:58 2012 : rcvd [LCP EchoRep id=0x0 magic=0x7c0cb316]
Sat Oct 13 21:44:58 2012 : rcvd [CHAP Response id=0x7a <25197d2e70e269a0b1e674542c13f8170000000000000000de45ce4b3fc7d0ae5026e26467c948 b8451816e6d05365e900>, name = "ME"]
Sat Oct 13 21:44:58 2012 : sent [CHAP Failure id=0x7a ""]
Sat Oct 13 21:44:58 2012 : CHAP peer authentication failed for ME
Sat Oct 13 21:44:58 2012 : sent [LCP TermReq id=0x2 "Authentication failed"]
Sat Oct 13 21:44:58 2012 : Connection terminated.
Sat Oct 13 21:44:58 2012 : PPTP disconnecting...
Sat Oct 13 21:44:58 2012 : PPTP disconnected
2012-10-13 21:44:58 EDT
--> Client with address = 10.0.0.213 has hungup

OK, I go that the Mac Mini, OS X Server and MBP are all Apple products HOWEVER VPN client is not. I would strongly recommend 1 of 2 things either contact your VPN administrator at the company you work for, they should be able to assist you on how to set up VPN. If that doesn't work then your next step is to call AppleCare to see if they can help you out.

Slow ADSL speed since power failure during trainin...

Hi all,
When our BT total broadband was installed, we had a power failure during the 10 day training period (back in June).
At the start of the training period, we had a speed of 3936 kbps downstream:
16:32:27, 28 Jun. ( 76.590000) DSL noise margin: 20.00 dB upstream, 6.00 dB downstream
16:32:27, 28 Jun. ( 76.520000) DSL line rate: 448 Kbps upstream, 3936 Kbps downstream
which was within the speeds we expected prior to installation (from the BT website for our phoneline):
You can choose BT Broadband now offering:
3Mb *
Estimate download speed
1.5Mb-5.5Mb
Download speed range
However, since the power failure during training (June 2013) we have never managed to get close to that speed, even after consecutive weeks of the HH4 being connected. Our current ADSL stats are pretty representative of what we have achieved ever since:
DSL noise margin: 21.00 dB upstream, 6.10 dB downstream
DSL line rate: 448 Kbps upstream, 1344 Kbps downstream
The connection sometimes holds for weeks on end - other times it cuts out without any cause (from our end at least). For example, earlier today (after an uptime of 11680 mins):
12:11:13, 27 Oct.
(3862269.900000) DSL noise margin: 21.00 dB upstream, 6.10 dB downstream
12:11:13, 27 Oct.
(3862269.830000) DSL line rate: 448 Kbps upstream, 1344 Kbps downstream
12:10:42, 27 Oct.
(3862239.140000) DSL is down after 11680 minutes uptime
12:10:42, 27 Oct.
(3862239.140000) ETHoA is down after 11680 minutes uptime
12:10:41, 27 Oct.
(3862238.020000) PPPoA is down after 11680 minutes uptime [Waiting for Underlying Connection (WAN DSL - Up)]
12:10:39, 27 Oct.
(3862235.790000) PPP LCP Send Termination Request [User request]
We have an external NTE box outside the house so no 'master' socket inside the house.
Any help you can offer would be much appreciated - the internet literally crawls along sometimes!
Rich

Results from the BTW speedtest:
Download speedachieved during the test was - 1.13 Mbps
For your connection, the acceptable range of speeds is 0.8 Mbps-2 Mbps.
IP Profile for your line is - 1.16 Mbps
Upload speed achieved during the test was - 0.37Mbps
Additional Information:
Upstream Rate IP profile on your line is - 0.45 Mbps

Help with CISCO-887VA adsl over pots and PPPoE with dynamic IP

Hi
I've got problem trying to connect the CISCO-887VDSL/ADSL OVER POTS ROUTER to internet. Only got the LAN part working.
I'm trying to setup PPPoE with dynamic IP
Followed CISCO's documentations but the commands used were not recognized by the router. Any simple working config for me to follow will be enough.
I'll appreciate any help. Thanks a lot!
here's my config.
! Last configuration change at 08:31:51 UTC Sat Feb 11 2012
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname router
boot-start-marker
boot-end-marker
no aaa new-model
memory-size iomem 10
crypto pki token default removal timeout 0
ip source-route
ip dhcp excluded-address 10.0.0.1 10.0.0.149
ip dhcp excluded-address 10.0.0.199 10.0.0.254
ip dhcp pool sdm-pool
import all
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
dns-server x.x.x.x x.x.x.x.x
lease 0 2
ip cef
no ipv6 cef
license udi pid CISCO887VA-K9 sn FGLxxxxxxx
controller VDSL 0
ip ftp username cisco
ip ftp password cisco
interface Ethernet0
pppoe enable group global
pppoe-client dial-pool-number 1
no ip address
shutdown
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/35
pppoe-client dial-pool-number 1
interface FastEthernet0
no ip address
interface FastEthernet1
no ip address
interface FastEthernet2
no ip address
interface FastEthernet3
no ip address
interface Vlan1
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip directed-broadcast
ip virtual-reassembly in
ip tcp adjust-mss 1452
interface Dialer1
mtu 1492
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname xxxx
ppp chap password 0 xxxx
ppp pap sent-username xxxx password 0 xxxx
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat inside source list 1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
ip access-list standard 1
permit 10.0.0.0 0.0.0.255
no cdp run
line con 0
line aux 0
line vty 0 4
login
transport input all
end

Try to check with your ISP the modem string to use for VDSL
and some ISP support direct dhcp on Ethernet0 without PPPoE.
An equivalent config is working for me in Switzerland with Swisscom.
N.B. "modem" under VDSL controller is enable using service internal !
service internal
controller VDSL 0
operating mode vdsl2
modem co5
ip source-route
ip cef
ip dhcp excluded-address 10.0.0.1 10.0.0.149
ip dhcp excluded-address 10.0.0.199 10.0.0.254
ip dhcp pool sdm-pool
import all
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
dns-server 8.8.8.8
lease 0 2
interface Ethernet0
ip address dhcp
ip nat outside
interface Vlan1
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip tcp adjust-mss 1452
ip nat inside source list 23 interface Ethernet0 overload
access-list 23 permit 10.0.0.0 0.0.0.255
end

Cisco 887va on Eircom ADSL

Hi
I am new to the Cisco routers but am trying to get a Cisco 887va working on a Eircom ADSL2 connection.
I was using the config of an old Cisco router as a guide, basically this has encapsulation aal5snap under the ATM interface, I am unable to set this in the 887va, I did read that this needs to be set under the VDSL controller however it will not take the commands.
Also how can I set the the dsl operating-mode to auto.
Here is my config
Building configuration...
Current configuration : 1958 bytes
! Last configuration change at 13:20:03 UTC Tue Jul 17 2012
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Router
boot-start-marker
boot-end-marker
no logging buffered
enable secret 4 ??????????
no aaa new-model
memory-size iomem 10
crypto pki token default removal timeout 0
ip source-route
ip cef
ip name-server 159.134.0.1
ip name-server 159.134.0.2
no ipv6 cef
--More--
Jul 17 13:31:10.871: %DIALER-6-UNBIND: Interface Vi1 unbound from profile Di0
Jul 17 13:31:10.875: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Acc
ess1, changed sta!        n
multilink bundle-name authenticated
vpdn enable
vpdn-group 1
license udi pid CISCO887VA-SEC-K9 sn FCZ1623C5QY
username admin privilege 15 secret 4 ??????????
g
controller VDSL 0
interface Ethernet0
no ip address
shutdown
no fair-queue
interface ATM0
no ip address
no atm ilmi-keepalive
interface ATM0.1 point-to-point
pvc 8/35
pppoe-client dial-pool-number 1
interface FastEthernet0
no ip address
interface FastEthernet1
no ip address
interface FastEthernet2
no ip address
interface FastEthernet3
no ip address
interface Vlan1
ip address X.X.X.X X.X.X.X
ip tcp adjust-mss 1412
interface Dialer0
ip unnumbered Vlan1
ip mtu 1452
encapsulation ppp
dialer pool 1
dialer remote-name redback
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname ?????
ppp chap password 0 ?????
ppp pap sent-username ???? password 0 ????
ip forward-protocol nd
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip route 0.0.0.0 0.0.0.0 Dialer0
dialer-list 1 protocol ip permit
control-plane
line con 0
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
transport output telnet ssh
end
Here is the output of sh controller VDSL 0
Controller VDSL 0 is UP
Daemon Status:           Up
                        XTU-R (DS)              XTU-C (US)
Chip Vendor ID:         'BDCM'                   'BDCM'
Chip Vendor Specific:   0x0000                   0xA325
Chip Vendor Country:    0xB500                   0xB500
Modem Vendor ID:        'CSCO'                   '    '
Modem Vendor Specific: 0x4602                   0x0000
Modem Vendor Country:   0xB500                   0x0000
Serial Number Near:    FCZ1623C5QY 887VA-SE 15.1(4)M
Serial Number Far:
Modem Version Near:    15.1(4)M
Modem Version Far:     0xa325
Modem Status:            TC Sync (Showtime!)
DSL Config Mode:         AUTO
Trained Mode:            G.992.5 (ADSL2+) Annex A
TC Mode:                 ATM
Selftest Result:         0x00
DELT configuration:      disabled
DELT state:              not running
Trellis:                 ON                       ON
Line Attenuation:        25.5 dB                 14.1 dB
Signal Attenuation:      25.5 dB                 13.6 dB
Noise Margin:             8.8 dB                  8.9 dB
Attainable Rate:        19176 kbits/s            1214 kbits/s
Actual Power:            18.3 dBm                12.1 dBm
Total FECS:             53332                    0
Total ES:               1                        0
Total SES:              0                        0
Total LOSS:             0                        0
Total UAS:              0                        0
Total LPRS:             0                        0
Total LOFS:             0                        0
Total LOLS:             0                        0
Bit swap:               0                        814
Full inits:             1
Failed full inits:      0
Short inits:            0
Failed short inits:     0
Firmware        Source          File Name (version)
VDSL            embedded        VDSL_LINUX_DEV_01212008 (1)
Modem FW Version:      110506_1916-4.02L.03.A2pv6C032b.d23i
Modem PHY Version:      A2pv6C032b.d23i
                  DS Channel1     DS Channel0   US Channel1       US Channel0
Speed (kbps):             0            12286             0              1117
Previous Speed:           0                0             0                 0
Total Cells:              0         98006305             0           8900131
User Cells:               0             2115             0              2000
Reed-Solomon EC:          0            53333             0                 0
CRC Errors:               0                4             0                 0
Header Errors:            0               74             0                 0
Interleave (ms):       0.00            10.70          0.00              7.26
Actual INP:            0.00             5.80          0.00              1.61
Training Log : Stopped
Training Log Filename : flash:vdsllog.bin

Hi Paolo
Thank you for taking your time to reply to me basically I adjusted the MTU and set the Dialer ip address to negotiated and it came up, I was given a /32 IP address from the ISP it had a mask of 255.255.255.255, the router kept complaining about this, once I set to negotiated and set the MTU it came up fine.
Many Thanks
Declan

Strange issue - unable to establish PPP with Cisco 887 VAG router on one particular ADSL line

I have a strange problem that I’m struggling to get to the bottom of with my ISP and wondered if anyone could help.
We have a site with an older Cisco 877 ADSL router which was working happily until a few weeks ago when the connection dropped suddenly (out-of-hours at 2am if that’s of any significance – made me think most likely something carrier/ISP related?)    When connectivity was lost, the router could sync with the BT exchange (we are in the UK) but could not establish PPP.
We logged fault with our ISP – after some to’ing and fro’ing, they passed it onto BT and their engineers visited site, they fixed “a line fault” (we don’t get much detail on what was actually fixed) but we still could not establish connectivity – same thing, solid CD light but no PPP.
So, we replaced the router with another 877 – same again, solid CD but no PPP. We replaced all the cables and microfilter etc but no difference.
We tried a different Cisco router (a newer Cisco 887VAG) which, as I understand, uses a different modem chipset but no matter – PPP could still not be established. We tested this router on another ADSL line with the same ISP and it worked without issue, using the same ADSL account details, it was able to establish connectivity. So we figured this must still be a BT/ISP issue.
Since then we’ve had BT out again twice but they say there is no fault. The ISP say there is no issue with them. But we still cannot establish ADSL connectivity on this line, despite having tried 3 different ADSL routers and despite the fact the routers work with the same account details on another ADSL line.
The 887VAG router we have currently connected has 3G backup so that is keeping us going in the meantime and also means I can login to the router remotely to check on the ADSL status.
But I’m struggling to pinpoint where the problem may lie.   Strangely, if I turn on PPP negotiation and authentication debug then I’m not actually seeing any output from it at all?
Yet, the ATM interface is up and shows packets being sent and received:
ATM0 is up, line protocol is up
Hardware is MPC ATMSAR, address is bc16.6596.9b00 (bia bc16.6596.9b00)
MTU 1600 bytes, sub MTU 1600, BW 704 Kbit/sec, DLY 520 usec,
     reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ATM, loopback not set
Keepalive not supported
Encapsulation(s): AAL5
4 maximum active VCs, 1024 VCs per VP, 1 current VCCs
VC Auto Creation Disabled.
VC idle disconnect time: 300 seconds
Last input 00:00:28, output 00:00:07, output hang never
Last clearing of "show interface" counters 6d23h
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: Per VC Queueing
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
     23886 packets input, 1676964 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     56469 packets output, 4418592 bytes, 0 underruns
     0 output errors, 0 collisions, 6 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out
Does anyone have any ideas on where the problem may be and what more I can do to troubleshoot and provide the relevant evidence to our ISP (assuming it is an ISP/BT issue though the fact the same router works ok with the exact same details etc would seem to indicate it must be their issue!)

Hi Jody,
thanks for the suggestions. Here's what I see from the ppp debugs (but I'm not sure how to interpret?)
Jan 6 14:50:22.838: pppoe_send_padi:
contiguous pak, size 74
00 01 09 00 AA AA 03 00 80 C2 00 07 00 00 FF FF
FF FF FF FF BC 16 65 96 9B 00 88 63 11 09 00 00
00 10 01 01 00 00 01 03 00 08 0C 00 00 01 00 00
04 A3 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 ...
Jan 6 14:50:22.878: PPPoE 0: I PADO R:0030.8810.000b L:bc16.6596.9b00 0/38 ATM0.1
contiguous pak, size 71
BC 16 65 96 9B 00 00 30 88 10 00 0B 88 63 11 07
00 00 00 33 01 03 00 08 0C 00 00 01 00 00 04 A3
01 02 00 1F 62 72 61 73 2D 72 65 64 37 2E 6C 73
2D 62 61 73 2D 42 32 32 36 45 34 37 30 39 45 30
31 34 5A 01 01 00 00
Jan 6 14:50:24.885: OUT PADR from PPPoE Session
contiguous pak, size 85
00 01 09 00 AA AA 03 00 80 C2 00 07 00 00 00 30
88 10 00 0B BC 16 65 96 9B 00 88 63 11 19 00 00
00 33 01 03 00 08 0C 00 00 01 00 00 04 A3 01 02
00 1F 62 72 61 73 2D 72 65 64 37 2E 6C 73 2D 62
61 73 2D 42 32 32 36 45 ...
Jan 6 14:50:35.125: OUT PADR from PPPoE Session
contiguous pak, size 85
00 01 09 00 AA AA 03 00 80 C2 00 07 00 00 00 30
88 10 00 0B BC 16 65 96 9B 00 88 63 11 19 00 00
00 33 01 03 00 08 0C 00 00 01 00 00 04 A3 01 02
00 1F 62 72 61 73 2D 72 65 64 37 2E 6C 73 2D 62
61 73 2D 42 32 32 36 45 ...
Jan 6 14:50:45.364: OUT PADR from PPPoE Session
contiguous pak, size 85
00 01 09 00 AA AA 03 00 80 C2 00 07 00 00 00 30
88 10 00 0B BC 16 65 96 9B 00 88 63 11 19 00 00
00 33 01 03 00 08 0C 00 00 01 00 00 04 A3 01 02
00 1F 62 72 61 73 2D 72 65 64 37 2E 6C 73 2D 62
61 73 2D 42 32 32 36 45 ...
Jan 6 14:50:55.603: OUT PADR from PPPoE Session
contiguous pak, size 85
00 01 09 00 AA AA 03 00 80 C2 00 07 00 00 00 30
88 10 00 0B BC 16 65 96 9B 00 88 63 11 19 00 00
00 33 01 03 00 08 0C 00 00 01 00 00 04 A3 01 02
00 1F 62 72 61 73 2D 72 65 64 37 2E 6C 73 2D 62
61 73 2D 42 32 32 36 45 ...
Jan 6 14:51:05.843: OUT PADR from PPPoE Session
contiguous pak, size 85
00 01 09 00 AA AA 03 00 80 C2 00 07 00 00 00 30
88 10 00 0B BC 16 65 96 9B 00 88 63 11 19 00 00
00 33 01 03 00 08 0C 00 00 01 00 00 04 A3 01 02
00 1F 62 72 61 73 2D 72 65 64 37 2E 6C 73 2D 62
61 73 2D 42 32 32 36 45 ...
Jan 6 14:51:16.114: OUT PADR from PPPoE Session
contiguous pak, size 85
00 01 09 00 AA AA 03 00 80 C2 00 07 00 00 00 30
88 10 00 0B BC 16 65 96 9B 00 88 63 11 19 00 00
00 33 01 03 00 08 0C 00 00 01 00 00 04 A3 01 02
00 1F 62 72 61 73 2D 72 65 64 37 2E 6C 73 2D 62
61 73 2D 42 32 32 36 45 ...
Jan 6 14:51:26.353: [0]PPPoE 0: O PADT R:0000.0000.0000 L:0000.0000.0000 0/38 ATM0.1
contiguous pak, size 74
00 01 09 00 AA AA 03 00 80 C2 00 07 00 00 00 00
00 00 00 00 00 00 00 00 00 00 88 63 11 A7 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 ...
Jan 6 14:51:46.576: pppoe_send_padi:
contiguous pak, size 74
00 01 09 00 AA AA 03 00 80 C2 00 07 00 00 FF FF
FF FF FF FF BC 16 65 96 9B 00 88 63 11 09 00 00
00 10 01 01 00 00 01 03 00 08 0C 00 00 01 00 00
04 A3 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 ...
Jan 6 14:51:46.608: PPPoE 0: I PADO R:0030.8810.000b L:bc16.6596.9b00 0/38 ATM0.1
contiguous pak, size 71
BC 16 65 96 9B 00 00 30 88 10 00 0B 88 63 11 07
00 00 00 33 01 03 00 08 0C 00 00 01 00 00 04 A3
01 02 00 1F 62 72 61 73 2D 72 65 64 37 2E 6C 73
2D 62 61 73 2D 42 32 32 36 45 34 37 30 39 45 30
31 34 5A 01 01 00 00
Provider wouldn't have bumped us from ADSL to VDSL - but here's the output of show controller vdsl 0:
Controller VDSL 0 is UP
Daemon Status: Up
XTU-R (DS) XTU-C (US)
Chip Vendor ID: 'BDCM' 'IFTN'
Chip Vendor Specific: 0x0000 0x71C8
Chip Vendor Country: 0xB500 0xB500
Modem Vendor ID: 'CSCO' ' '
Modem Vendor Specific: 0x4602 0x0000
Modem Vendor Country: 0xB500 0x0000
Serial Number Near: FCZ1111C08V C887VAG 15.2(4)M
Serial Number Far:
Modem Version Near: 15.2(4)M
Modem Version Far: 0x71c8
Modem Status: TC Sync (Showtime!)
DSL Config Mode: AUTO
Trained Mode: G.992.1 (ADSL) Annex A
TC Mode: ATM
Selftest Result: 0x00
DELT configuration: disabled
DELT state: not running
Trellis: ON ON
SRA: disabled disabled
SRA count: 0 0
Bit swap: enabled enabled
Bit swap count: 1 8
Line Attenuation: 54.5 dB 31.5 dB
Signal Attenuation: 54.5 dB 0.0 dB
Noise Margin: 6.7 dB 11.0 dB
Attainable Rate: 2132 kbits/s 888 kbits/s
Actual Power: 16.7 dBm 12.7 dBm
Total FECC: 546 0
Total ES: 6 0
Total SES: 0 0
Total LOSS: 0 0
Total UAS: 486 486
Total LPRS: 0 0
Total LOFS: 0 0
Total LOLS: 0 0
Full inits: 14
Failed full inits: 1
Short inits: 0
Failed short inits: 1
Firmware Source File Name (version)
VDSL user config flash:vdsl.bin-A2pv6C035d_d23j (10)
Modem FW Version: 110802_1752-4.02L.03.A2pv6C035d.d23j
Modem PHY Version: A2pv6C035d.d23j
Vendor Version:
DS Channel1 DS Channel0 US Channel1 US Channel0
Speed (kbps): 0 1664 0 704
SRA Previous Speed: 0 0 0 0
Previous Speed: 0 1600 0 736
Total Cells: 0 2786872 0 0
User Cells: 0 68 0 0
Reed-Solomon EC: 0 546 0 0
CRC Errors: 0 9 0 0
Header Errors: 0 10 0 0
Interleave (ms): 0.00 8.00 0.00 8.00
Actual INP: 0.00 1.12 0.00 1.28
Training Log : Stopped
Training Log Filename : flash:vdsllog.bin
And here's the output from the ATM and dialer interfaces:
interface ATM0
no ip address
ip flow ingress
no atm ilmi-keepalive
end
interface ATM0.1 point-to-point
ip flow ingress
pvc 0/38
pppoe-client dial-pool-number 2
end
interface Dialer2
description OUTSIDE
ip address negotiated
ip access-group firewall in
ip mtu 1492
ip flow ingress
ip nat outside
ip inspect DEFAULT100 out
ip virtual-reassembly in
encapsulation ppp
dialer pool 2
dialer-group 2
ppp authentication chap callin
ppp chap hostname ###removed###
ppp chap password ###removed###
no cdp enable
crypto map dcvpn
end
As I say though, config-wise, everything should be correct - the same router works fine on another line (which should also confirm the authentication details are correct - at least in as far as it matches what the ISP have on their RADIUS)
Any further thoughts?

Cisco 1921 Dual ADSL Load Balancing/Failover?

Hello,
We have purchased a Cisco 1921 with twin ADSL after advice from a Cisco sales rep. However I am having trouble working out the load balancing/fail over config for the device.
I would like traffic to balance over both ADSL lines and if one goes down not to interrupt connectivity.
I had a look at ppp multilink but I am unsure our ISP (BT) support this?
This is my current config which I think only one ADSL line is being used. Some input would be appreciated
Robbie
! Last configuration change at 13:18:34 UTC Tue Mar 29 2011
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname xxxxxx
boot-start-marker
boot-end-marker
no logging buffered
enable secret 5 xxxxx
enable password xxxx
no aaa new-model
no ipv6 cef
ip source-route
ip cef
ip name-server 194.74.65.68
ip name-server 194.72.0.114
multilink bundle-name authenticated
crypto pki trustpoint TP-self-signed-xxxxxx
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-xxxxx0
revocation-check none
rsakeypair TP-self-signed-xxxxx!
crypto pki certificate chain TP-self-signed-xxxxxx
certificate self-signed 02 nvram:IOS-Self-Sig#4.cer
license udi pid CISCO1921/K9 xxxxx
username admin privilege 15 secret 5 xxxxxxxxxx/
interface GigabitEthernet0/0
description lan$ETH-LAN$
ip address 10.0.8.1 255.255.248.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
interface ATM0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
dsl operating-mode adsl2
interface ATM0/0/0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
ip flow ingress
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface ATM0/1/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
dsl operating-mode adsl2
interface ATM0/1/0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
ip flow ingress
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface Dialer0
mtu 1483
ip address negotiated
ip access-group spalding in
ip access-group spalding out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname xxxxx
ppp chap password 0 xxxxx
ppp multilink
ppp multilink links minimum 2
ppp multilink fragment disable
ppp timeout multilink link add 2
no cdp enable
interface Dialer1
mtu 1483
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname xxxxx
ppp chap password 0 xxxxx
ppp link reorders
ppp multilink
ppp multilink links minimum 2
ppp multilink fragment disable
ppp timeout multilink link add 2
no cdp enable
ip forward-protocol nd
no ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 10.0.15.201 3389 interface Dialer0 3389
ip nat outside source static tcp 195.194.75.218 3389 10.0.15.200 3389 extendable
ip route 0.0.0.0 0.0.0.0 Dialer0
access-list 1 remark INSIDE_IF=GigabitEthernet0/0
access-list 1 permit 10.0.0.0 0.254.255.255
dialer-list 1 protocol ip permit
control-plane
line con 0
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
scheduler allocate 20000 1000
end

Hi,
Can anyone help me with this config? not very reliable.
Building configuration...
Current configuration : 17349 bytes
! Last configuration change at 06:08:06 UTC Sun Apr 5 2015 by Shawn
version 15.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname Router
boot-start-marker
boot system flash0:c2900-universalk9-mz.SPA.154-3.M2.bin
boot-end-marker
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5 $1$sNeA$GB6.SMrcsxPf51tK2Eo9Z.
aaa new-model
aaa authentication login local_authen local
aaa authorization exec local_author local
aaa session-id common
no ip source-route
ip port-map user-protocol--8 port udp 3392
ip port-map user-protocol--9 port tcp 3397
ip port-map user-protocol--2 port udp 3391
ip port-map user-protocol--3 port tcp 14000
ip port-map user-protocol--1 port tcp 3391
ip port-map user-protocol--6 port udp 3394
ip port-map user-protocol--7 port tcp 3392
ip port-map user-protocol--4 port udp 14100
ip port-map user-protocol--5 port tcp 3394
ip port-map user-protocol--10 port udp 3397
ip dhcp excluded-address 192.168.1.1 192.168.1.49
ip dhcp excluded-address 192.168.10.1 192.168.10.49
ip dhcp pool DHCP_POOL1
import all
network 192.168.1.0 255.255.255.0
dns-server 139.130.4.4 203.50.2.71
default-router 192.168.1.1
lease infinite
ip dhcp pool ccp-pool1
import all
network 192.168.10.0 255.255.255.0
dns-server 139.130.4.4 203.50.2.71
default-router 192.168.10.1
lease infinite
no ip bootp server
ip host SHAWN-PC 192.168.1.10
ip host DIAG 192.168.1.5
ip host MSERV 192.168.1.13
ip name-server 139.130.4.4
ip name-server 203.50.2.71
ip cef
ip cef load-sharing algorithm include-ports source destination
no ipv6 cef
multilink bundle-name authenticated
cts logging verbose
crypto pki trustpoint TP-self-signed-1982477479
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1982477479
revocation-check none
rsakeypair TP-self-signed-1982477479
license udi pid
license boot module c2900 technology-package securityk9
license boot module c2900 technology-package datak9
redundancy
controller VDSL 0/0/0
operating mode adsl2+
controller VDSL 0/1/0
operating mode adsl2+
no cdp run
track timer interface 5
track 1 interface Dialer0 ip routing
delay down 15 up 10
track 2 interface Dialer1 ip routing
delay down 15 up 10
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
class-map type inspect match-all sdm-nat-user-protocol--7-1
match access-group 104
match protocol user-protocol--7
match access-group 102
class-map type inspect match-all sdm-nat-user-protocol--4-2
match access-group 101
match protocol user-protocol--4
class-map type inspect match-all sdm-nat-user-protocol--6-1
match access-group 103
match protocol user-protocol--6
class-map type inspect match-all sdm-nat-user-protocol--5-1
match access-group 103
match protocol user-protocol--5
class-map type inspect match-all sdm-nat-user-protocol--4-1
match access-group 102
match protocol user-protocol--4
class-map type inspect match-all sdm-nat-user-protocol--7-2
match access-group 101
match protocol user-protocol--7
class-map type inspect match-all sdm-nat-user-protocol--3-1
match access-group 102
match protocol user-protocol--3
class-map type inspect match-all sdm-nat-user-protocol--2-1
match access-group 101
match protocol user-protocol--2
class-map type inspect match-all sdm-nat-user-protocol--1-2
match access-group 102
match protocol user-protocol--1
class-map type inspect match-all sdm-nat-user-protocol--1-1
match access-group 101
match protocol user-protocol--1
class-map type inspect match-all sdm-nat-user-protocol--2-2
match access-group 102
match protocol user-protocol--2
class-map type inspect match-all sdm-nat-user-protocol--3-2
match access-group 101
match protocol user-protocol--3
class-map type inspect match-all sdm-nat-user-protocol--8-2
match access-group 101
match protocol user-protocol--8
class-map type inspect match-all sdm-nat-user-protocol--9-2
match access-group 104
match protocol user-protocol--9
class-map type inspect match-any ccp-skinny-inspect
match protocol skinny
class-map type inspect match-all sdm-nat-user-protocol--9-1
match access-group 101
match protocol user-protocol--9
match access-group 104
class-map type inspect match-all sdm-nat-user-protocol--8-1
match access-group 104
match protocol user-protocol--8
match access-group 102
class-map type inspect match-any ccp-h323nxg-inspect
match protocol h323-nxg
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all sdm-nat-user-protocol--10-2
match access-group 104
match protocol user-protocol--10
class-map type inspect match-all sdm-nat-user-protocol--10-1
match access-group 101
match protocol user-protocol--10
match access-group 104
class-map type inspect match-any ccp-h225ras-inspect
match protocol h225ras
class-map type inspect match-any ccp-h323annexe-inspect
match protocol h323-annexe
class-map type inspect match-any ccp-cls-insp-traffic
match protocol pptp
match protocol dns
match protocol ftp
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all SDM_GRE
match access-group name SDM_GRE
class-map type inspect match-any ccp-h323-inspect
match protocol h323
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-any ccp-sip-inspect
match protocol sip
class-map type inspect match-all ccp-protocol-http
match protocol http
class-map type inspect match-any CCP_PPTP
match class-map SDM_GRE
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-protocol-http
inspect
class type inspect ccp-insp-traffic
inspect
class type inspect ccp-sip-inspect
inspect
class type inspect ccp-h323-inspect
inspect
class type inspect ccp-h323annexe-inspect
inspect
class type inspect ccp-h225ras-inspect
inspect
class type inspect ccp-h323nxg-inspect
inspect
class type inspect ccp-skinny-inspect
inspect
class class-default
drop
policy-map type inspect sdm-pol-NATOutsideToInside-1
class type inspect sdm-nat-user-protocol--1-1
inspect
class type inspect sdm-nat-user-protocol--2-1
inspect
class type inspect sdm-nat-user-protocol--3-1
inspect
class type inspect sdm-nat-user-protocol--4-1
inspect
class type inspect sdm-nat-user-protocol--5-1
inspect
class type inspect sdm-nat-user-protocol--6-1
inspect
class type inspect sdm-nat-user-protocol--7-1
inspect
class type inspect sdm-nat-user-protocol--8-1
inspect
class type inspect sdm-nat-user-protocol--9-1
inspect
class type inspect sdm-nat-user-protocol--10-1
inspect
class type inspect CCP_PPTP
pass
class type inspect sdm-nat-user-protocol--7-2
inspect
class type inspect sdm-nat-user-protocol--8-2
inspect
class type inspect sdm-nat-user-protocol--1-2
inspect
class type inspect sdm-nat-user-protocol--2-2
inspect
class type inspect sdm-nat-user-protocol--9-2
inspect
class type inspect sdm-nat-user-protocol--10-2
inspect
class type inspect sdm-nat-user-protocol--3-2
inspect
class type inspect sdm-nat-user-protocol--4-2
inspect
class class-default
drop log
policy-map type inspect ccp-permit
class class-default
drop
policy-map type inspect ccp-permit-icmpreply
class type inspect ccp-icmp-access
inspect
class class-default
pass
zone security in-zone
zone security out-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
service-policy type inspect sdm-pol-NATOutsideToInside-1
interface Null0
no ip unreachables
interface Embedded-Service-Engine0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
interface GigabitEthernet0/0
description $ETH-LAN$
ip address 192.168.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
duplex auto
speed auto
no mop enabled
interface GigabitEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
duplex auto
speed auto
no mop enabled
interface ATM0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
interface ATM0/0/0.1 point-to-point
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface ATM0/0/0.2 point-to-point
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
interface Ethernet0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
no mop enabled
interface ATM0/1/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
interface ATM0/1/0.1 point-to-point
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 2
interface Ethernet0/1/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
no mop enabled
interface GigabitEthernet0/3/0
no ip address
interface GigabitEthernet0/3/1
no ip address
interface GigabitEthernet0/3/2
no ip address
interface GigabitEthernet0/3/3
no ip address
interface GigabitEthernet0/3/4
no ip address
interface GigabitEthernet0/3/5
no ip address
interface GigabitEthernet0/3/6
no ip address
interface GigabitEthernet0/3/7
no ip address
interface Vlan1
description $FW_INSIDE$
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip nat inside
ip virtual-reassembly in
zone-member security in-zone
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip nat outside
ip virtual-reassembly in
zone-member security out-zone
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname [email protected]
ppp chap password 7 1444405858557A
ppp pap sent-username [email protected] password 7 135645415F5D54
ppp multilink
interface Dialer1
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip nat outside
ip virtual-reassembly in
zone-member security out-zone
encapsulation ppp
dialer pool 2
dialer-group 2
ppp authentication chap pap callin
ppp chap hostname [email protected]
ppp chap password 7 01475E540E5D55
ppp pap sent-username [email protected] password 7 055F5E5F741A1D
ppp multilink
router eigrp as#
router eigrp 10
network 192.168.1.1 0.0.0.0
router rip
version 2
network 192.168.1.0
no auto-summary
ip forward-protocol nd
ip http server
ip http access-class 3
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip dns server
ip nat inside source static tcp 192.168.1.10 3392 interface Dialer1 3392
ip nat inside source static udp 192.168.1.10 3392 interface Dialer1 3392
ip nat inside source static tcp 192.168.1.35 3391 interface Dialer0 3391
ip nat inside source static udp 192.168.1.35 3391 interface Dialer0 3391
ip nat inside source static tcp 192.168.1.5 3394 interface Dialer0 3394
ip nat inside source static udp 192.168.1.5 3394 interface Dialer0 3394
ip nat inside source static tcp 192.168.1.17 3397 interface Dialer0 3397
ip nat inside source static udp 192.168.1.17 3397 interface Dialer0 3397
ip nat inside source static tcp 192.168.1.10 14000 interface Dialer0 14000
ip nat inside source static udp 192.168.1.10 14100 interface Dialer0 14100
ip nat inside source route-map ADSL0 interface Dialer0 overload
ip nat inside source route-map ADSL1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer0 track 1
ip route 0.0.0.0 0.0.0.0 Dialer1 track 2
ip access-list extended NAT
remark CCP_ACL Category=18
permit ip 192.0.0.0 0.255.255.255 any
ip access-list extended SDM_GRE
remark CCP_ACL Category=1
permit gre any any
remark CCP_ACL Category=1
ip access-list extended STATIC-NAT-SERVICES
permit ip host 192.168.1.35 any
permit ip host 192.168.1.5 any
permit ip host 192.168.1.10 any
permit ip host 192.168.1.17 any
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
route-map ADSL0 permit 10
match ip address NAT
match interface Dialer0
route-map ADSL1 permit 10
match ip address NAT
match interface Dialer1
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 remark HTTP Access-class list
access-list 2 remark CCP_ACL Category=1
access-list 2 permit 192.168.1.0 0.0.0.255
access-list 2 deny any
access-list 2 remark HTTP Access-class list
access-list 2 remark CCP_ACL Category=1
access-list 3 remark HTTP Access-class list
access-list 3 remark CCP_ACL Category=1
access-list 3 permit 192.168.1.0 0.0.0.255
access-list 3 deny any
access-list 10 remark INSIDE_IF=NAT
access-list 10 remark CCP_ACL Category=2
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip 139.130.227.0 0.0.0.255 any
access-list 100 permit ip 203.45.106.0 0.0.0.255 any
access-list 101 remark CCP_ACL Category=0
access-list 101 permit ip any host 192.168.1.10
access-list 101 remark CCP_ACL Category=0
access-list 101 permit ip any host 192.168.1.35
access-list 101 permit tcp any any eq www
access-list 102 remark CCP_ACL Category=0
access-list 102 permit ip any host 192.168.1.35
access-list 102 remark CCP_ACL Category=0
access-list 102 permit ip any host 192.168.1.10
access-list 103 remark CCP_ACL Category=0
access-list 103 permit ip any host 192.168.1.5
access-list 104 remark CCP_ACL Category=0
access-list 104 permit ip any host 192.168.1.17
control-plane
banner login ^CCE-Rescue Systems^C
line con 0
login authentication local_authen
transport output telnet
line aux 0
login authentication local_authen
transport output telnet
line 2
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
authorization exec local_author
login authentication local_authen
transport input telnet ssh
line vty 5 15
authorization exec local_author
login authentication local_authen
transport input telnet ssh
scheduler allocate 20000 1000
end
Thanks
Shawn

ACS 5.3.0.40 with Bluecoat Packetshaper via Radius Auth using PAP/CHAP

Hi,
We have a strange issue may be an known issue. We have the ACS 5.3.0.40 with Bluecoat Packetshaper (Packeteer) as the Radius Client and tried with PAP as well as CHAP with the suggested VSA. But once we try to authenticate with GUI in the PS end we get authentication failed. i.e its says invalid password but in the ACS end we get it as the Auth success log. We are not able to login to the PS as well. Anyone have any idea what is the issue anything to be done with the patch upgrade or any issue with the packetshaper??????
below is the logs in ACS server.
Logged At:        September 4,2012 4:10:26.250 PM
RADIUS Status: Authentication        succeeded
NAS Failure:
Username: knpdtf
MAC/IP Address:
Network        Device: Test-PS : 10.187.115.83:
Access Service: Radius Network
Identity        Store: Internal Users
Authorization Profiles: Permit Access
CTS        Security Group:
Authentication Method: PAP_ASCII
By
Karthik

Hi,
Do you have any special characters in the password? I would see if you can create an internal user in ACS and use a basic password (like cisco123) and see if the authentication will succeed. I have seen with some GUI based products that some special characters can cause some headaches.
thanks,
Tarik Admani
*Please rate helpful posts*

Adsl chap failure - 887va

Similar Messages

Maybe you are looking for