L2tp and pptp...

hi...in windows server creating lt2p and pptp server is really no brain. how to setup l2tp and pptp in cisco router? tx :)

Similar Messages

Can a Cisco 2600 router do PPTP,L2TP, and IPSec?

General question.

2600 supports L2TP and PPTP with MPPE with an IP PLUS version, and IPsec with a firewall version.

L2TP over PPTP

Hi!
Is there any solution to use L2TP over PPTP?
I use connection to Internet via PPTP and want to use L2TP to connect to VPN server. How can I do this?

Is anyone live here?

10.6 VPN client - 10.5.8 VPN server - Cant ping past server on l2tp or pptp

Since installing 10.6 on my macbook and my mini, i can authenticate to MacPro 10.5.8 server over either l2tp or pptp. I cannot access any clients or ping any ip past the server on the local net.
I can connect and ping from win machine at work and ping and connect to all machines on local net.
Server vpn log shows authentification and connected with 10.6 machines. 10.5.8 machines work fine. Win machines work fine. Only 10.6 machines have issues.
Any help would be appreciated

After a complete rebuild of the sever, I have determined that the problem is related to setting client information. I rebuilt the server, added the vpn, and it worked with L2TP from 10.6 machines. I went back and added the client information exactly the way it worked with 10.5 machines and the vpn would fail. I have removed the information from the client information screen on the server, and it is workin fine with both 10.5 and 10.6 machines.

2 ISPs with addresses /32 and PPtP Server onboard of Cisco 3825

First of all, excuse me for my bad English, it's not my native language.
A couple of years ago our company changed our central router Cisco 1841 with more powerfull 3825 ISR.
Here is show ver
Cisco IOS Software, 3800 Software (C3825-ADVENTERPRISEK9-M), Version 12.4(24)T7
This Cisco 3825 contains 2 DIMMs - 256Mb and 512 Mb of RAM onboard.
Now it works with 2 ISPs (take a glance on pdf picture http://www.intelcom-ug.ru/scheme.pdf or in the attached file). We're using the failover scheme, the ISP1 with statically assigned IP address 85.20.20.20/32 (Dialer 1) is used as Backup link. The ISP2 L2TP link is main.
Now our authorities organize the remote office with Cisco 1841. And we face with the problem, we cannot connect via PPtP from anywhere to the 85.20.20.20/32 (Dialer 1). And we need some help or advise. The config of Cisco 3825 is like this:
version 12.4
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime localtime
service password-encryption
hostname CENTRAL-OFFICE
boot-start-marker
warm-reboot
boot-end-marker
security authentication failure rate 3 log
logging message-counter syslog
logging buffered 64000
enable secret 5 HEREISTHESECRETPASSWORD
aaa new-model
aaa local authentication attempts max-fail 3
aaa authentication login default local
aaa authentication ppp default local
aaa authentication ppp vpn-users local
aaa authorization exec default local
aaa authorization exec vpn-users local
aaa authorization network vpn-users local
aaa session-id common
clock timezone MSK 4
ip source-route
no ip gratuitous-arps
ip cef
no ip domain lookup
ip domain name somewhere.net
ip name-server 8.8.8.8
no ipv6 cef
multilink bundle-name authenticated
vpdn enable
vpdn-group 239
accept-dialin
protocol pptp
virtual-template 100
vpdn-group global
! Default L2TP VPDN group
! Default PPTP VPDN group
accept-dialin
protocol any
password encryption aes
voice-card 0
username administrator privilege 15 password 7 737364645252414571
username vpnuser password 7 85956353413120384645373930
archive
log config
hidekeys
ip tcp selective-ack
ip tcp timestamp
ip tcp synwait-time 5
ip tcp path-mtu-discovery
ip ssh version 2
l2tp-class beeline
pseudowire-class pw-beeline
encapsulation l2tpv2
protocol l2tpv2 beeline
buffers tune automatic
interface Loopback0
ip address 10.111.111.111 255.255.255.255
interface GigabitEthernet0/0
descrition --Our Local Network--
ip address 192.168.7.2 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
media-type rj45
interface GigabitEthernet0/1
description --Trunk Connection--
no ip address
duplex auto
speed auto
media-type rj45
interface GigabitEthernet0/1.10
description --Connection to ISP1 through vlan on our managed switch--
encapsulation dot1Q 10
pppoe enable group global
pppoe-client dial-pool-number 2
interface GigabitEthernet0/1.20
description --Connection to ISP2 through vlan on our managed switch--
encapsulation dot1Q 20
ip address dhcp
ip virtual-reassembly
interface Virtual-PPP5
description --Interface for ISP2--
ip address negotiated
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1380
no peer neighbor-route
no cdp enable
ppp authentication chap callin
ppp chap hostname 8282828282828
ppp chap password 7 theSecretForISP2
pseudowire 10.255.255.242 10 pw-class pw-beeline
interface Virtual-Template100
description --TEMPLATE for incoming PPtP connections of our users--
ip unnumbered Dialer1
autodetect encapsulation ppp
peer default ip address pool for-vpn
no keepalive
ppp authentication ms-chap ms-chap-v2 vpn-users
ppp authorization vpn-users
interface Dialer1
description --Interface for ISP1. PPPoE--
bandwidth 10240
ip address negotiated
ip accounting output-packets
ip nbar protocol-discovery
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1400
load-interval 30
dialer pool 2
dialer-group 2
no fair-queue
ppp authentication chap callin
ppp pap sent-username reteretere password 7 PasswordForISP1
ip local policy route-map External_VPN
ip local pool for-vpn 172.16.135.1 172.16.135.10
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1 100 track 1
ip route 0.0.0.0 0.0.0.0 Virtual-PPP5 track 2
ip route 192.168.239.0 255.255.255.0 172.16.135.1 name C1841-Rossiyskaya70
ip route 194.87.0.8 255.255.255.255 Dialer1
ip route 194.87.0.9 255.255.255.255 Virtual-PPP5
ip route 10.255.255.242 255.255.255.255 dhcp
ip route 10.255.255.247 255.255.255.255 dhcp
no ip http server
no ip http secure-server
ip nat inside source route-map Beeline interface Virtual-PPP5 overload
ip nat inside source route-map UTK interface Dialer1 overload
! This access-list is for local Network proxy
ip access-list standard fwd-squid
permit 192.168.7.100
permit 192.168.7.0 0.0.0.255
! This access-list is for ip local policy
ip access-list extended External_VPN_access
permit tcp host 85.20.20.20 eq 1723 any
permit tcp host 85.20.20.20 eq 22 any
permit tcp host 85.20.20.20 eq telnet any
permit icmp host 85.20.20.20 any echo-reply
track 1 ip sla 1 reachability
ip sla 1
icmp-echo 194.87.0.8 source-interface Dialer1
timeout 7000
threshold 100
frequency 15
ip sla schedule 1 life forever start-time now
ip sla reaction-configuration 1 react timeout threshold-type immediate action-type triggerOnly
track 2 ip sla 2 reachability
ip sla 2
icmp-echo 194.87.0.9 source-interface Virtual-PPP5
timeout 7000
threshold 400
frequency 15
ip sla schedule 2 life forever start-time now
ip sla reaction-configuration 2 react timeout threshold-type immediate action-type triggerOnly
access-list 1 remark --SNMP Watching--
access-list 1 permit 192.168.7.0 0.0.0.255
access-list 100 permit ip 192.168.7.0 0.0.0.255 any
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
dialer-list 3 protocol ip permit
route-map External_VPN permit 10
match ip address External_VPN_access
set default interface Dialer1
route-map UTK permit 10
match ip address 100
match interface Dialer1
route-map Beeline permit 10
match ip address 100
match interface Virtual-PPP5
snmp-server community public RO 1
control-plane
line con 0
line aux 0
line vty 0 4
exec-timeout 30 0
line vty 5 15
exception memory ignore overflow processor
exception memory ignore overflow io
scheduler allocate 20000 1000
ntp update-calendar
ntp peer 194.33.84.1
event manager applet nat_clear_isp1
event track 1 state any
action 1 wait 5
action 2 cli command "enable"
action 3 cli command "clear ip nat translation *"
event manager applet nat_clear_isp2
event track 2 state any
action 1 wait 5
action 2 cli command "enable"
action 3 cli command "clear ip nat translation *"
end

Okay, you are not going to be able to do this using the interconnect between the switch and the router. The issue is -
1) if you make the interconnect a L2 trunk then you would have subinterfaces on the router interface connecting to the switch. But you cannot have multiple interfaces on the router configured from the same IP range so it won't work ie. you would need a subinterface using the same IP range as one of the other interfaces
2) if you make the interconnect L3 as you have then you cannot route to the same subnet ie. think of it as two separate devices, a L3 switch and a router. You connect the L3 switch to the router using a L3 connection.
On the switch you then configure a client with a public IP and on another interface on the router ie. not the interface used to connect to the switch, you use the same public IP range.
You cannot then route from the client to that other interface because you don't route to the same IP subnet and the client and the other interface are separated by a different IP subnet.
So neither will work. The L3 switch is usually used where you have multiple vlans/IP subnets and you create L3 vlan interfaces for these on the switch and then you route to other subnets that are reachable from the router, whether these are directly connected subnets or remote networks.
But you aren't doing that.
The only way i could see you doing what you need is to not configure the interconnect at all and instead run cables from the relevant router interfaces to the switch. Then you could configure vlans on the switch and have them route via the physical router interface.
The switch is then only acting as a L2 switch and all L3 is done on the router.
One thing i should say is i have never used the switch module this way so i can't guarantee it will work although i can't see why it wouldn't.
Jon

Z10 L2TP or PPTP, is it possible in anyway???

Hi,
I'm using Microsoft TMG as VPN Server using the Protocols (L2TP - PPTP) is there is anyway or any software to connect from my Blackberry Z10 ???
if no, i would have no solution but to sell it out and purchase Samsung Galaxy !!!!!!!

Hey icebird101,
Welcome to the BlackBerry Support Community Forums.
Thanks for the question.
I know you can add an email account through Microsoft TMG on the BlackBerry Z10. Do you get any specific errors when adding the ActiveSync account? Also do you have a BlackBerry Enterprise Server at the company?
I look forward to your reply.
Cheers.
-ViciousFerret
Come follow your BlackBerry Technical Team on Twitter! @BlackBerryHelp
Be sure to click Like! for those who have helped you.
Click Accept as Solution for posts that have solved your issue(s)!

L2TP and TACACS+

Hello.
I have PPTP server on my Cisco 3845 router with authentication on freeware TACACS+ server (Linux). TACACS set ACL and IP address for users.
Recently employers decide to migrate to L2TP over IPsec. Moreover old PPTP server should work.
Can I use TACACS server for authenticate L2TP users?
I have config like this on TACACS.
user = user1 {
        chap = cleartext "password"
        member = vpdn
        service = ppp protocol = ip {
        addr = 172.20.20.200
        inacl=2005
Sorry for my Enflish.

Please see the below documnet. This document describes how to configure Layer 2 Tunnel Protocol (L2TP)       with TACACS+. It includes sample configurations for L2TP Access Concentrator       (LAC) TACACS+ servers, L2TP Network Server (LNS) TACACS+ servers, and routers.
http://www.cisco.com/en/US/tech/tk827/tk369/technologies_configuration_example09186a0080118d5f.shtml

I cannot route to remote subnets from cisco vpn client and pptp client

Hi guys,
I've a big problem, I configured a 877 cisco router as a cisco vpn server (the customer use it to connect to his network from pc) and a pptp vpn server (he use it to connet to the network from a smartphone).
In this router I created 2 vlan, one for wired network (192.168.10.0/24) and the second one (10.0.0.0/24) for wireless clients and I use fastethernet 3 port to connect these to the router.
this is the issue, when the customer try to connect to a wireless network from both of vpn clients he cannot do this, but if he try to connect to a wired network client all working fine.
following the addresses taken from the router.
- encrypted vpn client -
ip address. 192.168.10.20
netmask 255.255.255.0
Default Gateway. none (blank)
- pptp vpn client -
ip address. 192.168.10.21
netmask. 255.255.255.255
Default Gateway. 192.168.10.21
Is possible that I cannot reach the remote subnet because the clients doesn't receive a gateway (in the first case) or receive the wrong subnet/gateway (in the second one)..?
There is anyone can help me..?
Thank you very much.
Many Kisses and Kindly Regards..
Ilaria

The default gateway on your PC is not the problem, it will always show as the same IP address (this is no different when you dial up to an ISP, your DG will again be set to your negotiated IP address).
The issue will be routing within the campus network and more importantly on the PIX itself. The campus network needs a route to the VPN pool of addresses that eventually points back to the PIX.
The issue here is that the PIX will have a default gateway pointing back out towards your laptop. When you establish a VPN and try and go to an Internet address, the PIX is going to route this packet according to its routing table and send it back out the interface it came in on. The PIX won't do this, and the packet will be dropped. Unless you can set the PIX's routing table to forward Internet packets to the campus network, there's no way around this. Of course if you do that then you'll break connectivity thru the PIX for all the internal users.
The only way to do this is to configure split tunnelling on the PIX, so that packets destined for the Internet are sent directly from your laptop in the clear just like normal, and any packet destined for the campus network is encrypted and sent over the tunnel.
Here's the format of the command:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/tz.htm#1048524

L2TP and fixed Framed IP Address for VPN user

Hi,
I have a running L2TP/IPsec VPN setup with authentification against a radius server (freeradius2 witch mysql). I would like to have some of my VPN users get a fixed IP address instead of the dynamically assigned IP Pool.
The radius server is returning the correct parameters, I think.
I hope someone can help me.
It´s a Cisco 892 Integrated Service Router.
Router Config:
=============================================================
Current configuration : 8239 bytes
! Last configuration change at 10:44:26 CEST Fri Mar 30 2012 by root
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service internal
hostname vpngw2
boot-start-marker
boot config usbflash0:CVO-BOOT.CFG
boot-end-marker
logging buffered 51200 warnings
enable secret 5 secret
aaa new-model
aaa authentication login default local group radius
aaa authentication login userauthen local group radius
aaa authentication ppp default group radius local
aaa authorization exec default local
aaa authorization network groupauthor local
aaa accounting delay-start
aaa accounting update newinfo
aaa accounting exec default
action-type start-stop
group radius
aaa accounting network default
action-type start-stop
group radius
aaa accounting resource default
action-type start-stop
group radius
aaa session-id common
clock timezone CET 1 0
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
ip domain name aspect-online.de
ip name-server 10.28.1.31
ip inspect WAAS flush-timeout 10
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip cef
no ipv6 cef
virtual-profile if-needed
multilink bundle-name authenticated
async-bootp dns-server 10.28.1.31
async-bootp nbns-server 10.28.1.31
vpdn enable
vpdn authen-before-forward
vpdn authorize directed-request
vpdn-group L2TP
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 1
no l2tp tunnel authentication
license udi pid -K9 sn FCZ
username root password 7 secret
ip ssh source-interface FastEthernet8
ip ssh version 2
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 3600
crypto isakmp key mykey address 0.0.0.0         no-xauth
crypto ipsec transform-set configl2tp esp-3des esp-sha-hmac
mode transport
crypto dynamic-map config-map-l2tp 10
set nat demux
set transform-set configl2tp
crypto map vpnl2tp 10 ipsec-isakmp dynamic config-map-l2tp
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
interface FastEthernet0
no ip address
spanning-tree portfast
interface FastEthernet1
no ip address
spanning-tree portfast
<snip>
interface FastEthernet7
no ip address
spanning-tree portfast
interface FastEthernet8
ip address 10.28.1.97 255.255.255.0
ip access-group vpn_to_lan out
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface Virtual-Template1
ip unnumbered GigabitEthernet0
ip access-group vpn_to_inet_lan in
ip nat inside
ip virtual-reassembly in
peer default ip address pool l2tpvpnpool
ppp encrypt mppe 128
ppp authentication chap
interface GigabitEthernet0
description WAN Port
ip address x.x.x.39 255.255.255.0
ip access-group from_inet in
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map vpnl2tp
interface Vlan1
no ip address
shutdown
ip local pool l2tpvpnpool 192.168.252.3 192.168.252.199
ip local pool remotepool 192.168.252.240 192.168.252.243
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat log translations syslog
ip nat inside source route-map natmap interface GigabitEthernet0 overload
ip route 0.0.0.0 0.0.0.0 x.x.x.33
ip access-list extended from_inet
<snip>
ip access-list extended nat_clients
permit ip 192.168.252.0 0.0.0.255 any
ip access-list extended vpn_to_inet_lan
<snip>
ip access-list extended vpn_to_lan
<snip>
deny   ip any any log-input
logging trap debugging
logging facility local2
logging 10.28.1.42
no cdp run
route-map natmap permit 10
match ip address nat_clients
radius-server attribute 8 include-in-access-req
radius-server host 10.27.1.228 auth-port 1812 acct-port 1813
radius-server key 7 mykey
radius-server vsa send accounting
radius-server vsa send authentication
control-plane
mgcp profile default
banner login ^C
Hostname: vpngw2
Model: Cisco 892 Integrated Service Router
Description: L2TP/IPsec VPN Gateway with Radius Auth
^C
line con 0
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
transport input telnet ssh
=============================================================
User Config in Radius (tying multiple attributes):
=============================================================
Attribute          | op | Value
Service-Type       | = | Framed-User
Cisco-AVPair       | = | vpdn:ip-addresses=192.168.252.220
Framed-IP-Address | := | 192.168.252.221
Cisco-AVPair       | = | ip:addr-pool=remotepool
=============================================================
Debug Log from freeradius2:
=============================================================
rad_recv: Access-Request packet from host 10.28.1.97 port 1645, id=7, length=100
        Framed-Protocol = PPP
        User-Name = "me1"
        CHAP-Password = 0x01b8b897de00317a75c68ee9ce473cf8b8
        Connect-Info = "100000000"
        NAS-Port-Type = Sync
        NAS-Port = 10007
        NAS-Port-Id = "Uniq-Sess-ID7"
        Service-Type = Framed-User
        NAS-IP-Address = 10.28.1.97
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "me1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry DEFAULT at line 172
++[files] returns ok
[sql]   expand: %{User-Name} -> me1
[sql] sql_set_user escaped user --> 'me1'
rlm_sql (sql): Reserving sql socket id: 4
[sql]   expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = 'me1'           ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radreply           WHERE username = 'me1'           ORDER BY id
[sql]   expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = 'me1'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = CHAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group CHAP {...}
[chap] login attempt by "me1" with CHAP password
[chap] Using clear text password "test" for user me1 authentication.
[chap] chap user me1 authenticated succesfully
++[chap] returns ok
Login OK: [me1/<CHAP-Password>] (from client vpngw2 port 10007)
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 7 to 10.28.1.97 port 1645
        Framed-Protocol = PPP
        Framed-Compression = Van-Jacobson-TCP-IP
        Framed-IP-Address := 192.168.252.221
        Cisco-AVPair = "vpdn:ip-addresses=192.168.252.220"
        Service-Type = Framed-User
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Accounting-Request packet from host 10.28.1.97 port 1646, id=19, length=213
        Acct-Session-Id = "00000011"
        Tunnel-Type:0 = L2TP
        Tunnel-Medium-Type:0 = IPv4
        Tunnel-Server-Endpoint:0 = "x.x.x.39"
        Tunnel-Client-Endpoint:0 = "x.x.x.34"
        Tunnel-Assignment-Id:0 = "L2TP"
        Tunnel-Client-Auth-Id:0 = "me1"
        Tunnel-Server-Auth-Id:0 = "vpngw2"
        Framed-Protocol = PPP
        Framed-IP-Address = 192.168.252.9
        User-Name = "me1"
        Cisco-AVPair = "connect-progress=LAN Ses Up"
        Acct-Authentic = RADIUS
        Acct-Status-Type = Start
        Connect-Info = "100000000"
        NAS-Port-Type = Sync
        NAS-Port = 10007
        NAS-Port-Id = "Uniq-Sess-ID7"
        Service-Type = Framed-User
        NAS-IP-Address = 10.28.1.97
        Acct-Delay-Time = 0
# Executing section preacct from file /etc/raddb/sites-enabled/default
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 10007,Client-IP-Address = 10.28.1.97,NAS-IP-Address = 10.28.1.97,Acct-Session-Id = "00000011",User-Name = "me1"'
[acct_unique] Acct-Unique-Session-ID = "1fdd95abea6cfac2".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "me1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
# Executing section accounting from file /etc/raddb/sites-enabled/default
+- entering group accounting {...}
[detail]        expand: %{Packet-Src-IP-Address} -> 10.28.1.97
[detail]        expand: /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /var/log/radius/radacct/10.28.1.97/detail-20120330
[detail] /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/radius/radacct/10.28.1.97/detail-20120330
[detail]        expand: %t -> Fri Mar 30 11:20:07 2012
++[detail] returns ok
++[unix] returns ok
[radutmp]       expand: /var/log/radius/radutmp -> /var/log/radius/radutmp
[radutmp]       expand: %{User-Name} -> me1
++[radutmp] returns ok
[sql]   expand: %{User-Name} -> me1
[sql] sql_set_user escaped user --> 'me1'
[sql]   expand: %{Acct-Delay-Time} -> 0
[sql]   expand:            INSERT INTO radacct             (acctsessionid,    acctuniqueid,     username,              realm,            nasipaddress,     nasportid,              nasporttype,      acctstarttime,    acctstoptime,              acctsessiontime, acctauthentic,    connectinfo_start,              connectinfo_stop, acctinputoctets, acctoutputoctets,              calledstationid, callingstationid, acctterminatecause,              servicetype,      framedprotocol,   framedipaddress,              acctstartdelay,   acctstopdelay,    xascendsessionsvrkey)           VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              '%{NAS-Port-Type}', '%S', NULL,              '0', '%{Acct-Authentic}', '%{Connect-Info}',              '', '0', '0',              '%{Called-Station-Id}', '%{Calling-Station-Id}', '',              '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[exec] returns noop
[attr_filter.accounting_response]       expand: %{User-Name} -> me1
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 19 to 10.28.1.97 port 1646
Finished request 1.
Cleaning up request 1 ID 19 with timestamp +53
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Accounting-Request packet from host 10.28.1.97 port 1646, id=20, length=407
        Acct-Session-Id = "00000011"
        Tunnel-Type:0 = L2TP
        Tunnel-Medium-Type:0 = IPv4
        Tunnel-Server-Endpoint:0 = "x.x.x.39"
        Tunnel-Client-Endpoint:0 = "x.x.x.34"
        Tunnel-Assignment-Id:0 = "L2TP"
        Tunnel-Client-Auth-Id:0 = "me1"
        Tunnel-Server-Auth-Id:0 = "vpngw2"
        Framed-Protocol = PPP
        Framed-IP-Address = 192.168.252.9
        Cisco-AVPair = "ppp-disconnect-cause=Received LCP TERMREQ from peer"
        User-Name = "me1"
        Acct-Authentic = RADIUS
        Cisco-AVPair = "connect-progress=LAN Ses Up"
        Cisco-AVPair = "nas-tx-speed=100000000"
        Cisco-AVPair = "nas-rx-speed=100000000"
        Acct-Session-Time = 5
        Acct-Input-Octets = 5980
        Acct-Output-Octets = 120
        Acct-Input-Packets = 47
        Acct-Output-Packets = 11
        Acct-Terminate-Cause = User-Request
        Cisco-AVPair = "disc-cause-ext=PPP Receive Term"
        Acct-Status-Type = Stop
        Connect-Info = "100000000"
        NAS-Port-Type = Sync
        NAS-Port = 10007
        NAS-Port-Id = "Uniq-Sess-ID7"
        Service-Type = Framed-User
        NAS-IP-Address = 10.28.1.97
        Acct-Delay-Time = 0
# Executing section preacct from file /etc/raddb/sites-enabled/default
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 10007,Client-IP-Address = 10.28.1.97,NAS-IP-Address = 10.28.1.97,Acct-Session-Id = "00000011",User-Name = "me1"'
[acct_unique] Acct-Unique-Session-ID = "1fdd95abea6cfac2".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "me1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
# Executing section accounting from file /etc/raddb/sites-enabled/default
+- entering group accounting {...}
[detail]        expand: %{Packet-Src-IP-Address} -> 10.28.1.97
[detail]        expand: /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /var/log/radius/radacct/10.28.1.97/detail-20120330
[detail] /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/radius/radacct/10.28.1.97/detail-20120330
[detail]        expand: %t -> Fri Mar 30 11:20:12 2012
++[detail] returns ok
++[unix] returns ok
[radutmp]       expand: /var/log/radius/radutmp -> /var/log/radius/radutmp
[radutmp]       expand: %{User-Name} -> me1
++[radutmp] returns ok
[sql]   expand: %{User-Name} -> me1
[sql] sql_set_user escaped user --> 'me1'
[sql]   expand: %{Acct-Input-Gigawords} ->
[sql]   ... expanding second conditional
[sql]   expand: %{Acct-Input-Octets} -> 5980
[sql]   expand: %{Acct-Output-Gigawords} ->
[sql]   ... expanding second conditional
[sql]   expand: %{Acct-Output-Octets} -> 120
[sql]   expand: %{Acct-Delay-Time} -> 0
[sql]   expand:            UPDATE radacct SET              acctstoptime       = '%S',              acctsessiontime    = '%{Acct-Session-Time}',              acctinputoctets    = '%{%{Acct-Input-Gigawords}:-0}' << 32 |                                   '%{%{Acct-Input-Octets}:-0}',              acctoutputoctets   = '%{%{Acct-Output-Gigawords}:-0}' << 32 |                                   '%{%{Acct-Output-Octets}:-0}',              acctterminatecause = '%{Acct-Terminate-Cause}',              acctstopdelay      = '%{%{Acct-Delay-Time}:-0}',              connectinfo_stop   = '%{Connect-Info}'           WHERE acctsessionid   = '%{Acct-Session-Id}'           AND username          = '%{SQL-User-Name}'           AND nasipaddress      = '%{NAS-IP-Address}' ->            UPDATE radacct SET              acctstoptime       = '2012-03-30 11:20:12',              acctsessiontime    = '5',              acctinputoctets    = '0' << 32 |                                   '5980',              acctoutputoctets   = '0' << 32 |
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[exec] returns noop
[attr_filter.accounting_response]       expand: %{User-Name} -> me1
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 20 to 10.28.1.97 port 1646
Finished request 2.
Cleaning up request 2 ID 20 with timestamp +58
Going to the next request
Waking up in 0.1 seconds.
Cleaning up request 0 ID 7 with timestamp +53
Ready to process requests.
=============================================================
Log From Cisco Router:
=============================================================
Mar 30 11:20:07 vpngw2 1217: Mar 30 09:21:51.414: RADIUS/ENCODE(00000015):Orig. component type = VPDN
Mar 30 11:20:07 vpngw2 1218: Mar 30 09:21:51.414: RADIUS: DSL line rate attributes successfully added
Mar 30 11:20:07 vpngw2 1219: Mar 30 09:21:51.414: RADIUS(00000015): Config NAS IP: 0.0.0.0
Mar 30 11:20:07 vpngw2 1220: Mar 30 09:21:51.414: RADIUS(00000015): Config NAS IPv6: ::
Mar 30 11:20:07 vpngw2 1221: Mar 30 09:21:51.414: RADIUS/ENCODE: No idb found! Framed IP Addr might not be included
Mar 30 11:20:07 vpngw2 1222: Mar 30 09:21:51.414: RADIUS/ENCODE(00000015): acct_session_id: 17
Mar 30 11:20:07 vpngw2 1223: Mar 30 09:21:51.414: RADIUS(00000015): sending
Mar 30 11:20:07 vpngw2 1224: Mar 30 09:21:51.418: RADIUS/ENCODE: Best Local IP-Address 10.28.1.97 for Radius-Server 10.27.1.228
Mar 30 11:20:07 vpngw2 1225: Mar 30 09:21:51.418: RADIUS(00000015): Send Access-Request to 10.27.1.228:1812 id 1645/7, len 100
Mar 30 11:20:07 vpngw2 1226: Mar 30 09:21:51.418: RADIUS: authenticator DE 5F 2E 3E EF BF 50 F4 - 49 C3 4F BE 1A 66 72 22
Mar 30 11:20:07 vpngw2 1227: Mar 30 09:21:51.418: RADIUS: Framed-Protocol     [7]   6   PPP                       [1]
Mar 30 11:20:07 vpngw2 1228: Mar 30 09:21:51.418: RADIUS: User-Name           [1]   5   "me1"
Mar 30 11:20:07 vpngw2 1229: Mar 30 09:21:51.418: RADIUS: CHAP-Password       [3]   19 *
Mar 30 11:20:07 vpngw2 1230: Mar 30 09:21:51.418: RADIUS: Connect-Info        [77] 11 "100000000"
Mar 30 11:20:07 vpngw2 1231: Mar 30 09:21:51.418: RADIUS: NAS-Port-Type       [61] 6   Sync                      [1]
Mar 30 11:20:07 vpngw2 1232: Mar 30 09:21:51.418: RADIUS: NAS-Port            [5]   6   10007
Mar 30 11:20:07 vpngw2 1233: Mar 30 09:21:51.418: RADIUS: NAS-Port-Id         [87] 15 "Uniq-Sess-ID7"
Mar 30 11:20:07 vpngw2 1234: Mar 30 09:21:51.418: RADIUS: Service-Type        [6]   6   Framed                    [2]
Mar 30 11:20:07 vpngw2 1235: Mar 30 09:21:51.418: RADIUS: NAS-IP-Address      [4]   6   10.28.1.97
Mar 30 11:20:07 vpngw2 1236: Mar 30 09:21:51.418: RADIUS(00000015): Sending a IPv4 Radius Packet
Mar 30 11:20:07 vpngw2 1237: Mar 30 09:21:51.418: RADIUS(00000015): Started 5 sec timeout
Mar 30 11:20:07 vpngw2 1238: Mar 30 09:21:51.422: RADIUS: Received from id 1645/7 10.27.1.228:1812, Access-Accept, len 85
Mar 30 11:20:07 vpngw2 1239: Mar 30 09:21:51.422: RADIUS: authenticator 25 CD 93 D5 78 2C F4 4F - F2 66 2C 45 8D D4 E1 16
Mar 30 11:20:07 vpngw2 1240: Mar 30 09:21:51.422: RADIUS: Framed-Protocol     [7]   6   PPP                       [1]
Mar 30 11:20:07 vpngw2 1241: Mar 30 09:21:51.422: RADIUS: Framed-Compression [13] 6   VJ TCP/IP Header Compressi[1]
Mar 30 11:20:07 vpngw2 1242: Mar 30 09:21:51.422: RADIUS: Framed-IP-Address   [8]   6   192.168.252.221
Mar 30 11:20:07 vpngw2 1243: Mar 30 09:21:51.422: RADIUS: Vendor, Cisco       [26] 41
Mar 30 11:20:07 vpngw2 1244: Mar 30 09:21:51.422: RADIUS:   Cisco AVpair       [1]   35 "vpdn:ip-addresses=192.168.252.220"
Mar 30 11:20:07 vpngw2 1245: Mar 30 09:21:51.422: RADIUS: Service-Type        [6]   6   Framed                    [2]
Mar 30 11:20:07 vpngw2 1246: Mar 30 09:21:51.426: RADIUS(00000015): Received from id 1645/7
Mar 30 11:20:07 vpngw2 1247: Mar 30 09:21:51.438: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to up
Mar 30 11:20:07 vpngw2 1248: Mar 30 09:21:51.442: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to up
Mar 30 11:20:07 vpngw2 1249: Mar 30 09:21:51.478: RADIUS/ENCODE(00000015):Orig. component type = VPDN
Mar 30 11:20:07 vpngw2 1250: Mar 30 09:21:51.478: RADIUS(00000015): Config NAS IP: 0.0.0.0
Mar 30 11:20:07 vpngw2 1251: Mar 30 09:21:51.478: RADIUS(00000015): Config NAS IPv6: ::
Mar 30 11:20:07 vpngw2 1252: Mar 30 09:21:51.478: RADIUS(00000015): sending
Mar 30 11:20:07 vpngw2 1253: Mar 30 09:21:51.478: RADIUS/ENCODE: Best Local IP-Address 10.28.1.97 for Radius-Server 10.27.1.228
Mar 30 11:20:07 vpngw2 1254: Mar 30 09:21:51.478: RADIUS(00000015): Send Accounting-Request to 10.27.1.228:1813 id 1646/19, len 213
Mar 30 11:20:07 vpngw2 1255: Mar 30 09:21:51.478: RADIUS: authenticator 1B E0 A3 DF 16 7F F1 8D - E5 7F BD 88 50 01 73 53
Mar 30 11:20:07 vpngw2 1256: Mar 30 09:21:51.478: RADIUS: Acct-Session-Id     [44] 10 "00000011"
Mar 30 11:20:07 vpngw2 1257: Mar 30 09:21:51.478: RADIUS: Tunnel-Type         [64] 6   00:
Mar 30 11:20:07 vpngw2 1258: L2TP                   [3]
Mar 30 11:20:07 vpngw2 1259: Mar 30 09:21:51.478: RADIUS: Tunnel-Medium-Type [65] 6   00:IPv4                   [1]
Mar 30 11:20:07 vpngw2 1260: Mar 30 09:21:51.478: RADIUS: Tunnel-Server-Endpoi[67] 16 "x.x.x.39"
Mar 30 11:20:07 vpngw2 1261: Mar 30 09:21:51.478: RADIUS: Tunnel-Client-Endpoi[66] 16 "x.x.x.34"
Mar 30 11:20:07 vpngw2 1262: Mar 30 09:21:51.478: RADIUS: Tunnel-Assignment-Id[82] 6   "L2TP"
Mar 30 11:20:07 vpngw2 1263: Mar 30 09:21:51.478: RADIUS: Tunnel-Client-Auth-I[90] 5   "me1"
Mar 30 11:20:07 vpngw2 1264: Mar 30 09:21:51.478: RADIUS: Tunnel-Server-Auth-I[91] 8   "vpngw2"
Mar 30 11:20:07 vpngw2 1265: Mar 30 09:21:51.478: RADIUS: Framed-Protocol     [7]   6   PPP                       [1]
Mar 30 11:20:07 vpngw2 1266: Mar 30 09:21:51.478: RADIUS: Framed-IP-Address   [8]   6   192.168.252.9
Mar 30 11:20:07 vpngw2 1267: Mar 30 09:21:51.478: RADIUS: User-Name           [1]   5   "me1"
Mar 30 11:20:07 vpngw2 1268: Mar 30 09:21:51.478: RADIUS: Vendor, Cisco       [26] 35
Mar 30 11:20:07 vpngw2 1269: Mar 30 09:21:51.478: RADIUS:   Cisco AVpair       [1]   29 "connect-progress=LAN Ses Up"
Mar 30 11:20:07 vpngw2 1270: Mar 30 09:21:51.478: RADIUS: Acct-Authentic      [45] 6   RADIUS                    [1]
Mar 30 11:20:07 vpngw2 1271: Mar 30 09:21:51.482: RADIUS: Acct-Status-Type    [40] 6   Start                     [1]
Mar 30 11:20:07 vpngw2 1272: Mar 30 09:21:51.482: RADIUS: Connect-Info        [77] 11 "100000000"
Mar 30 11:20:07 vpngw2 1273: Mar 30 09:21:51.482: RADIUS: NAS-Port-Type       [61] 6   Sync                      [1]
Mar 30 11:20:07 vpngw2 1274: Mar 30 09:21:51.482: RADIUS: NAS-Port            [5]   6   10007
Mar 30 11:20:08 vpngw2 1275: Mar 30 09:21:51.482: RADIUS: NAS-Port-Id         [87] 15 "Uniq-Sess-ID7"
Mar 30 11:20:08 vpngw2 1276: Mar 30 09:21:51.482: RADIUS: Service-Type        [6]   6   Framed                    [2]
Mar 30 11:20:08 vpngw2 1277: Mar 30 09:21:51.482: RADIUS: NAS-IP-Address      [4]   6   10.28.1.97
Mar 30 11:20:08 vpngw2 1278: Mar 30 09:21:51.482: RADIUS: Acct-Delay-Time     [41] 6   0
Mar 30 11:20:08 vpngw2 1279: Mar 30 09:21:51.482: RADIUS(00000015): Sending a IPv4 Radius Packet
Mar 30 11:20:08 vpngw2 1280: Mar 30 09:21:51.482: RADIUS(00000015): Started 5 sec timeout
Mar 30 11:20:08 vpngw2 1281: Mar 30 09:21:51.486: RADIUS: Received from id 1646/19 10.27.1.228:1813, Accounting-response, len 20
Mar 30 11:20:08 vpngw2 1282: Mar 30 09:21:51.486: RADIUS: authenticator 73 5E 95 46 5B 57 B1 4A - 44 4F 7C 71 F0 26 AA A4
Mar 30 11:20:12 vpngw2 1283: Mar 30 09:21:56.282: RADIUS/ENCODE(00000015):Orig. component type = VPDN
Mar 30 11:20:12 vpngw2 1284: Mar 30 09:21:56.282: RADIUS(00000015): Config NAS IP: 0.0.0.0
Mar 30 11:20:12 vpngw2 1285: Mar 30 09:21:56.282: RADIUS(00000015): Config NAS IPv6: ::
Mar 30 11:20:12 vpngw2 1286: Mar 30 09:21:56.282: RADIUS(00000015): sending
Mar 30 11:20:12 vpngw2 1287: Mar 30 09:21:56.282: RADIUS/ENCODE: Best Local IP-Address 10.28.1.97 for Radius-Server 10.27.1.228
Mar 30 11:20:12 vpngw2 1288: Mar 30 09:21:56.286: RADIUS(00000015): Send Accounting-Request to 10.27.1.228:1813 id 1646/20, len 407
Mar 30 11:20:12 vpngw2 1289: Mar 30 09:21:56.286: RADIUS: authenticator 26 7A 27 91 EB 3F 34 C6 - DB 2D 88 F8 B1 A4 C1 12
Mar 30 11:20:12 vpngw2 1290: Mar 30 09:21:56.286: RADIUS: Acct-Session-Id     [44] 10 "00000011"
Mar 30 11:20:12 vpngw2 1291: Mar 30 09:21:56.286: RADIUS: Tunnel-Type         [64] 6   00:
Mar 30 11:20:12 vpngw2 1292: L2TP                   [3]
Mar 30 11:20:12 vpngw2 1293: Mar 30 09:21:56.286: RADIUS: Tunnel-Medium-Type [65] 6   00:IPv4                   [1]
Mar 30 11:20:12 vpngw2 1294: Mar 30 09:21:56.286: RADIUS: Tunnel-Server-Endpoi[67] 16 "x.x.x.39"
Mar 30 11:20:12 vpngw2 1295: Mar 30 09:21:56.286: RADIUS: Tunnel-Client-Endpoi[66] 16 "x.x.x.34"
Mar 30 11:20:12 vpngw2 1296: Mar 30 09:21:56.286: RADIUS: Tunnel-Assignment-Id[82] 6   "L2TP"
Mar 30 11:20:12 vpngw2 1297: Mar 30 09:21:56.286: RADIUS: Tunnel-Client-Auth-I[90] 5   "me1"
Mar 30 11:20:12 vpngw2 1298: Mar 30 09:21:56.286: RADIUS: Tunnel-Server-Auth-I[91] 8   "vpngw2"
Mar 30 11:20:12 vpngw2 1299: Mar 30 09:21:56.286: RADIUS: Framed-Protocol     [7]   6   PPP                       [1]
Mar 30 11:20:12 vpngw2 1300: Mar 30 09:21:56.286: RADIUS: Framed-IP-Address   [8]   6   192.168.252.9
Mar 30 11:20:12 vpngw2 1301: Mar 30 09:21:56.286: RADIUS: Vendor, Cisco       [26] 59
Mar 30 11:20:12 vpngw2 1302: Mar 30 09:21:56.286: RADIUS:   Cisco AVpair       [1]   53 "ppp-disconnect-cause=Received LCP TERMREQ from peer"
Mar 30 11:20:12 vpngw2 1303: Mar 30 09:21:56.286: RADIUS: User-Name           [1]   5   "me1"
Mar 30 11:20:12 vpngw2 1304: Mar 30 09:21:56.286: RADIUS: Acct-Authentic      [45] 6   RADIUS                    [1]
Mar 30 11:20:12 vpngw2 1305: Mar 30 09:21:56.286: RADIUS: Vendor, Cisco       [26] 35
Mar 30 11:20:12 vpngw2 1306: Mar 30 09:21:56.286: RADIUS:   Cisco AVpair       [1]   29 "connect-progress=LAN Ses Up"
Mar 30 11:20:12 vpngw2 1307: Mar 30 09:21:56.286: RADIUS: Vendor, Cisco       [26] 30
Mar 30 11:20:12 vpngw2 1308: Mar 30 09:21:56.286: RADIUS:   Cisco AVpair       [1]   24 "nas-tx-speed=100000000"
Mar 30 11:20:12 vpngw2 1309: Mar 30 09:21:56.286: RADIUS: Vendor, Cisco       [26] 30
Mar 30 11:20:12 vpngw2 1310: Mar 30 09:21:56.286: RADIUS:   Cisco AVpair       [1]   24 "nas-rx-speed=100000000"
Mar 30 11:20:12 vpngw2 1311: Mar 30 09:21:56.286: RADIUS: Acct-Session-Time   [46] 6   5
Mar 30 11:20:12 vpngw2 1312: Mar 30 09:21:56.286: RADIUS: Acct-Input-Octets   [42] 6   5980
Mar 30 11:20:12 vpngw2 1313: Mar 30 09:21:56.286: RADIUS: Acct-Output-Octets [43] 6   120
Mar 30 11:20:12 vpngw2 1314: Mar 30 09:21:56.286: RADIUS: Acct-Input-Packets [47] 6   47
Mar 30 11:20:12 vpngw2 1315: Mar 30 09:21:56.286: RADIUS: Acct-Output-Packets [48] 6   11
Mar 30 11:20:12 vpngw2 1316: Mar 30 09:21:56.286: RADIUS: Acct-Terminate-Cause[49] 6   user-request              [1]
Mar 30 11:20:12 vpngw2 1317: Mar 30 09:21:56.286: RADIUS: Vendor, Cisco       [26] 39
Mar 30 11:20:12 vpngw2 1318: Mar 30 09:21:56.286: RADIUS:   Cisco AVpair       [1]   33 "disc-cause-ext=PPP Receive Term"
Mar 30 11:20:12 vpngw2 1319: Mar 30 09:21:56.286: RADIUS: Acct-Status-Type    [40] 6   Stop                      [2]
Mar 30 11:20:12 vpngw2 1320: Mar 30 09:21:56.286: RADIUS: Connect-Info        [77] 11 "100000000"
Mar 30 11:20:12 vpngw2 1321: Mar 30 09:21:56.286: RADIUS: NAS-Port-Type       [61] 6   Sync                      [1]
Mar 30 11:20:12 vpngw2 1322: Mar 30 09:21:56.286: RADIUS: NAS-Port            [5]   6   10007
Mar 30 11:20:12 vpngw2 1323: Mar 30 09:21:56.286: RADIUS: NAS-Port-Id         [87] 15 "Uniq-Sess-ID7"
Mar 30 11:20:12 vpngw2 1324: Mar 30 09:21:56.286: RADIUS: Service-Type        [6]   6   Framed                    [2]
Mar 30 11:20:12 vpngw2 1325: Mar 30 09:21:56.286: RADIUS: NAS-IP-Address      [4]   6   10.28.1.97
Mar 30 11:20:12 vpngw2 1326: Mar 30 09:21:56.286: RADIUS: Acct-Delay-Time     [41] 6   0
Mar 30 11:20:12 vpngw2 1327: Mar 30 09:21:56.286: RADIUS(00000015): Sending a IPv4 Radius Packet
Mar 30 11:20:12 vpngw2 1328: Mar 30 09:21:56.286: RADIUS(00000015): Started 5 sec timeout
Mar 30 11:20:12 vpngw2 1329: Mar 30 09:21:56.294: RADIUS: Received from id 1646/20 10.27.1.228:1813, Accounting-response, len 20
Mar 30 11:20:12 vpngw2 1330: Mar 30 09:21:56.294: RADIUS: authenticator E1 09 A6 6D 91 C6 B1 B3 - 78 00 FF 4F 25 32 C6 B5
Mar 30 11:20:12 vpngw2 1331: Mar 30 09:21:56.406: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to down
Mar 30 11:20:12 vpngw2 1332: Mar 30 09:21:56.410: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to down
=============================================================

I found the failure.
In the cisco config it must be
aaa authorization network default group radius local
not
aaa authorization network groupauthor local

Airport Extreme 802.11n and PPTP

Hi,
I've posted this question earlier in the wrong forum. Sorry for the double post.
I'm thinking of buying an Airport Extreme basestation. A problem I have with my current setup (using Airport Express) is that I have to use an extra router between my DSL modem and the Airport to connect to my provider via PPTP. Looking at the specs for the Airport Extreme, it seems that the new base station supports PPTP. But I really want to be sure, can I use PPTP with the Airport Extreme directly, or do I need to add an extra router as I have now?
Many thanks,
Don
PowerMac G4 450Mhz DP

You probably should ask in the AirPort Extreme (802.11n) discussion area.

Client initiated L2TP and control channel passwords

I am building a CVS application for CPEs that use client-initiated tunneling feature. IOS version is 12.4(6)T3. The l2tp-class is
configured as below:
l2tp-class l2tpclass1
password 7 15145D015037812E70
The password string changes at a regular interval. I have two questions w.r.t the password changes.
1) Why does it happens? I have not seen this happening on other passwords that use encryption type 7. I could not find any references to this in "L2TP Control Channel Authentication Parameters" documentation.
2) Is there a way to stop this behavior? Currently there is a diff. generated even though the actual configuration has not changed because of the change in password string.
Regards,
- Gaurav

If you configure "username xxxx password yyyyy" on a system, the encrypted form of the password will in fact change each time you do a "write memory." This is part of a "random seed" that's supposed to make the coded password harder to crack. If the box was actually configured by reading an NV config that contains the "password 7 151E080214382420" form, it should stay that way (basically, the internal format used to store the password is always the form it was "entered" in, and the password is encrypted appropriately (if it's not already encrypted) when you do the "writes.

L2tp and vpnclient?

Hello.
We have an ASA 5510 up and running since 2 years, with many vpnclients configured.
Now we want to enable also l2tp.
I've followed this guide:
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080bc7540.shtml
at the end of the configuration steps (I've also upgraded to 8.2.5 as required), l2tp vpns work properly, but vpnclients don't work anymore.
I've removede crypto map l2tp entry from configuration, and now vpnclients work again.
I've tried to insert L2TP transform set (3des/sha/transport) into dynamic entry 65535, but l2tp doesn't work anyway.
Configuration of crypto map now is:
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set L2TP-TS ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 28800
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set reverse-route
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
if I configure
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 10 set transform-set L2TP-TS
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 28800
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set reverse-route
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
l2tp works, but not vpnclients.
Anyone has successfully configured both vpn on same asa?
Thanks
Daniele

Thanks for your suggestion, but it doesn't work
I've enabled debug, error follows:
Oct 26 2012 10:36:05: %ASA-7-713236: IP = 217.200.185.232, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 500
Oct 26 2012 10:36:05: %ASA-7-713906: IP = 217.200.185.232, Oakley proposal is acceptable
Oct 26 2012 10:36:05: %ASA-7-715049: IP = 217.200.185.232, Received NAT-Traversal RFC VID
Oct 26 2012 10:36:05: %ASA-7-715049: IP = 217.200.185.232, Received NAT-Traversal ver 03 VID
Oct 26 2012 10:36:05: %ASA-7-715049: IP = 217.200.185.232, Received NAT-Traversal ver 02 VID
Oct 26 2012 10:36:05: %ASA-7-715049: IP = 217.200.185.232, Received Fragmentation VID
Oct 26 2012 10:36:05: %ASA-7-715064: IP = 217.200.185.232, IKE Peer included IKE fragmentation capability flags: Main Mode: True Aggressive Mode: False
Oct 26 2012 10:36:05: %ASA-7-715049: IP = 217.200.185.232, Received DPD VID
Oct 26 2012 10:36:05: %ASA-7-715028: IP = 217.200.185.232, IKE SA Proposal # 1, Transform # 5 acceptable Matches global IKE entry # 1
Oct 26 2012 10:36:05: %ASA-7-713236: IP = 217.200.185.232, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 124
Oct 26 2012 10:36:05: %ASA-7-713236: IP = 217.200.185.232, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + NAT-D (130) + NAT-D (130) + NONE (0) total length : 228
Oct 26 2012 10:36:05: %ASA-7-713906: IP = 217.200.185.232, computing NAT Discovery hash
Oct 26 2012 10:36:05: %ASA-7-713906: IP = 217.200.185.232, computing NAT Discovery hash
Oct 26 2012 10:36:05: %ASA-7-715048: IP = 217.200.185.232, Send IOS VID
Oct 26 2012 10:36:05: %ASA-7-715038: IP = 217.200.185.232, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Oct 26 2012 10:36:05: %ASA-7-715048: IP = 217.200.185.232, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Oct 26 2012 10:36:05: %ASA-7-713906: IP = 217.200.185.232, computing NAT Discovery hash
Oct 26 2012 10:36:05: %ASA-7-713906: IP = 217.200.185.232, computing NAT Discovery hash
Oct 26 2012 10:36:05: %ASA-7-713906: IP = 217.200.185.232, Connection landed on tunnel_group DefaultRAGroup
Oct 26 2012 10:36:05: %ASA-7-713906: Group = DefaultRAGroup, IP = 217.200.185.232, Generating keys for Responder...
Oct 26 2012 10:36:05: %ASA-7-713236: IP = 217.200.185.232, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (130) + NAT-D (130) + NONE (0) total length : 304
Oct 26 2012 10:36:05: %ASA-7-713236: IP = 217.200.185.232, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + NOTIFY (11) + NONE (0) total length : 92
Oct 26 2012 10:36:05: %ASA-7-714011: Group = DefaultRAGroup, IP = 217.200.185.232, ID_IPV4_ADDR ID received
Oct 26 2012 10:36:05: %ASA-7-715076: Group = DefaultRAGroup, IP = 217.200.185.232, Computing hash for ISAKMP
Oct 26 2012 10:36:05: %ASA-6-713172: Group = DefaultRAGroup, IP = 217.200.185.232, Automatic NAT Detection Status: Remote end IS behind a NAT device This end is NOT behind a NAT device
Oct 26 2012 10:36:05: %ASA-7-713906: IP = 217.200.185.232, Connection landed on tunnel_group DefaultRAGroup
Oct 26 2012 10:36:05: %ASA-7-715076: Group = DefaultRAGroup, IP = 217.200.185.232, Computing hash for ISAKMP
Oct 26 2012 10:36:05: %ASA-7-713236: IP = 217.200.185.232, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + VENDOR (13) + NONE (0) total length : 84
Oct 26 2012 10:36:05: %ASA-5-713119: Group = DefaultRAGroup, IP = 217.200.185.232, PHASE 1 COMPLETED
Oct 26 2012 10:36:05: %ASA-7-713121: IP = 217.200.185.232, Keep-alive type for this connection: DPD
Oct 26 2012 10:36:05: %ASA-7-715080: Group = DefaultRAGroup, IP = 217.200.185.232, Starting P1 rekey timer: 2700 seconds.
Oct 26 2012 10:36:05: %ASA-7-720041: (VPN-Primary) Sending New Phase 1 SA message (type RA, remote addr 217.200.185.232, my cookie 1EE358C2, his cookie 591DEF02) to standby unit
Oct 26 2012 10:36:06: %ASA-7-714003: IP = 217.200.185.232, IKE Responder starting QM: msg id = d148be4a
Oct 26 2012 10:36:06: %ASA-7-713236: IP = 217.200.185.232, IKE_DECODE RECEIVED Message (msgid=d148be4a) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NAT-OA (131) + NAT-OA (131) + NONE (0) total length : 304
Oct 26 2012 10:36:06: %ASA-7-714011: Group = DefaultRAGroup, IP = 217.200.185.232, ID_IPV4_ADDR ID received
Oct 26 2012 10:36:06: %ASA-7-713025: Group = DefaultRAGroup, IP = 217.200.185.232, Received remote Proxy Host data in ID Payload: Address 10.170.18.159, Protocol 17, Port 58636
Oct 26 2012 10:36:06: %ASA-7-714011: Group = DefaultRAGroup, IP = 217.200.185.232, ID_IPV4_ADDR ID received
Oct 26 2012 10:36:06: %ASA-7-713024: Group = DefaultRAGroup, IP = 217.200.185.232, Received local Proxy Host data in ID Payload: Address 89.96.154.130, Protocol 17, Port 1701
Oct 26 2012 10:36:06: %ASA-7-713906: Group = DefaultRAGroup, IP = 217.200.185.232, L2TP/IPSec session detected.
Oct 26 2012 10:36:06: %ASA-7-720041: (VPN-Primary) Sending Phase 1 Rcv Delete message (type RA, remote addr 217.200.185.232, my cookie 1EE358C2, his cookie 591DEF02) to standby unit
Oct 26 2012 10:36:06: %ASA-7-713906: Group = DefaultRAGroup, IP = 217.200.185.232, QM IsRekeyed old sa not found by addr
Oct 26 2012 10:36:06: %ASA-7-713221: Group = DefaultRAGroup, IP = 217.200.185.232, Static Crypto Map check, checking map = outside_map, seq = 1...
Oct 26 2012 10:36:06: %ASA-7-713222: Group = DefaultRAGroup, IP = 217.200.185.232, Static Crypto Map check, map = outside_map, seq = 1, ACL does not match proxy IDs src:217.200.185.232 dst:89.96.154.130
Oct 26 2012 10:36:06: %ASA-7-713221: Group = DefaultRAGroup, IP = 217.200.185.232, Static Crypto Map check, checking map = outside_map, seq = 2...
Oct 26 2012 10:36:06: %ASA-7-713222: Group = DefaultRAGroup, IP = 217.200.185.232, Static Crypto Map check, map = outside_map, seq = 2, ACL does not match proxy IDs src:217.200.185.232 dst:89.96.154.130
Oct 26 2012 10:36:06: %ASA-7-713221: Group = DefaultRAGroup, IP = 217.200.185.232, Static Crypto Map check, checking map = outside_map, seq = 3...
Oct 26 2012 10:36:06: %ASA-7-713222: Group = DefaultRAGroup, IP = 217.200.185.232, Static Crypto Map check, map = outside_map, seq = 3, ACL does not match proxy IDs src:217.200.185.232 dst:89.96.154.130
Oct 26 2012 10:36:06: %ASA-7-713221: Group = DefaultRAGroup, IP = 217.200.185.232, Static Crypto Map check, checking map = outside_map, seq = 4...
Oct 26 2012 10:36:06: %ASA-7-713222: Group = DefaultRAGroup, IP = 217.200.185.232, Static Crypto Map check, map = outside_map, seq = 4, ACL does not match proxy IDs src:217.200.185.232 dst:89.96.154.130
Oct 26 2012 10:36:06: %ASA-7-713221: Group = DefaultRAGroup, IP = 217.200.185.232, Static Crypto Map check, checking map = outside_map, seq = 5...
Oct 26 2012 10:36:06: %ASA-7-713222: Group = DefaultRAGroup, IP = 217.200.185.232, Static Crypto Map check, map = outside_map, seq = 5, ACL does not match proxy IDs src:217.200.185.232 dst:89.96.154.130
Oct 26 2012 10:36:06: %ASA-7-713221: Group = DefaultRAGroup, IP = 217.200.185.232, Static Crypto Map check, checking map = outside_map, seq = 6...
Oct 26 2012 10:36:06: %ASA-7-713222: Group = DefaultRAGroup, IP = 217.200.185.232, Static Crypto Map check, map = outside_map, seq = 6, ACL does not match proxy IDs src:217.200.185.232 dst:89.96.154.130
Oct 26 2012 10:36:06: %ASA-7-713221: Group = DefaultRAGroup, IP = 217.200.185.232, Static Crypto Map check, checking map = outside_map, seq = 7...
Oct 26 2012 10:36:06: %ASA-7-713222: Group = DefaultRAGroup, IP = 217.200.185.232, Static Crypto Map check, map = outside_map, seq = 7, ACL does not match proxy IDs src:217.200.185.232 dst:89.96.154.130
Oct 26 2012 10:36:06: %ASA-7-713221: Group = DefaultRAGroup, IP = 217.200.185.232, Static Crypto Map check, checking map = outside_map, seq = 8...
Oct 26 2012 10:36:06: %ASA-7-713222: Group = DefaultRAGroup, IP = 217.200.185.232, Static Crypto Map check, map = outside_map, seq = 8, ACL does not match proxy IDs src:217.200.185.232 dst:89.96.154.130
Oct 26 2012 10:36:06: %ASA-7-713221: Group = DefaultRAGroup, IP = 217.200.185.232, Static Crypto Map check, checking map = outside_map, seq = 9...
Oct 26 2012 10:36:06: %ASA-7-713222: Group = DefaultRAGroup, IP = 217.200.185.232, Static Crypto Map check, map = outside_map, seq = 9, ACL does not match proxy IDs src:217.200.185.232 dst:89.96.154.130
Oct 26 2012 10:36:06: %ASA-7-713221: Group = DefaultRAGroup, IP = 217.200.185.232, Static Crypto Map check, checking map = outside_map, seq = 10...
Oct 26 2012 10:36:06: %ASA-7-713222: Group = DefaultRAGroup, IP = 217.200.185.232, Static Crypto Map check, map = outside_map, seq = 10, ACL does not match proxy IDs src:217.200.185.232 dst:89.96.154.130
Oct 26 2012 10:36:06: %ASA-7-713221: Group = DefaultRAGroup, IP = 217.200.185.232, Static Crypto Map check, checking map = outside_map, seq = 11...
Oct 26 2012 10:36:06: %ASA-7-713222: Group = DefaultRAGroup, IP = 217.200.185.232, Static Crypto Map check, map = outside_map, seq = 11, ACL does not match proxy IDs src:217.200.185.232 dst:89.96.154.130
Oct 26 2012 10:36:06: %ASA-7-713221: Group = DefaultRAGroup, IP = 217.200.185.232, Static Crypto Map check, checking map = outside_map, seq = 12...
Oct 26 2012 10:36:06: %ASA-7-713222: Group = DefaultRAGroup, IP = 217.200.185.232, Static Crypto Map check, map = outside_map, seq = 12, ACL does not match proxy IDs src:217.200.185.232 dst:89.96.154.130
Oct 26 2012 10:36:06: %ASA-7-715059: Group = DefaultRAGroup, IP = 217.200.185.232, Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal
Oct 26 2012 10:36:06: %ASA-7-715059: Group = DefaultRAGroup, IP = 217.200.185.232, Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal
Oct 26 2012 10:36:06: %ASA-7-715059: Group = DefaultRAGroup, IP = 217.200.185.232, Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal
Oct 26 2012 10:36:06: %ASA-7-715059: Group = DefaultRAGroup, IP = 217.200.185.232, Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal
Oct 26 2012 10:36:06: %ASA-7-715059: Group = DefaultRAGroup, IP = 217.200.185.232, Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal
Oct 26 2012 10:36:06: %ASA-7-715059: Group = DefaultRAGroup, IP = 217.200.185.232, Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal
Oct 26 2012 10:36:06: %ASA-7-715059: Group = DefaultRAGroup, IP = 217.200.185.232, Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal
Oct 26 2012 10:36:06: %ASA-7-715059: Group = DefaultRAGroup, IP = 217.200.185.232, Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal
Oct 26 2012 10:36:06: %ASA-7-715059: Group = DefaultRAGroup, IP = 217.200.185.232, Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal
Oct 26 2012 10:36:06: %ASA-7-715059: Group = DefaultRAGroup, IP = 217.200.185.232, Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal
Oct 26 2012 10:36:06: %ASA-7-715059: Group = DefaultRAGroup, IP = 217.200.185.232, Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal
Oct 26 2012 10:36:06: %ASA-7-713066: Group = DefaultRAGroup, IP = 217.200.185.232, IKE Remote Peer configured for crypto map: SYSTEM_DEFAULT_CRYPTO_MAP
Oct 26 2012 10:36:06: %ASA-5-713904: Group = DefaultRAGroup, IP = 217.200.185.232, All IPSec SA proposals found unacceptable!
Oct 26 2012 10:36:06: %ASA-7-713906: Group = DefaultRAGroup, IP = 217.200.185.232, sending notify message
Oct 26 2012 10:36:06: %ASA-7-713906: Group = DefaultRAGroup, IP = 217.200.185.232, constructing ipsec notify payload for msg id d148be4a
Oct 26 2012 10:36:06: %ASA-7-713236: IP = 217.200.185.232, IKE_DECODE SENDING Message (msgid=949acedb) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Oct 26 2012 10:36:06: %ASA-3-713902: Group = DefaultRAGroup, IP = 217.200.185.232, QM FSM error (P2 struct &0xd8819da8, mess id 0xd148be4a)!
Oct 26 2012 10:36:06: %ASA-7-715065: Group = DefaultRAGroup, IP = 217.200.185.232, IKE QM Responder FSM error history (struct &0xd8819da8) , : QM_DONE, EV_ERROR-->QM_BLD_MSG2, EV_NEGO_SA-->QM_BLD_MSG2, EV_IS_REKEY-->QM_BLD_MSG2, EV_CONFIRM_SA-->QM_BLD_MSG2, EV_PROC_MSG-->QM_BLD_MSG2, EV_HASH_OK-->QM_BLD_MSG2, NullEvent-->QM_BLD_MSG2, EV_COMP_HASH
Oct 26 2012 10:36:06: %ASA-7-713906: Group = DefaultRAGroup, IP = 217.200.185.232, sending delete/delete with reason message
Oct 26 2012 10:36:06: %ASA-3-713902: Group = DefaultRAGroup, IP = 217.200.185.232, Removing peer from correlator table failed, no match!
Oct 26 2012 10:36:06: %ASA-7-713906: Group = DefaultRAGroup, IP = 217.200.185.232, IKE SA MM:1ee358c2 rcv'd Terminate: state MM_ACTIVE flags 0x00010042, refcnt 1, tuncnt 0
Oct 26 2012 10:36:06: %ASA-7-713906: Group = DefaultRAGroup, IP = 217.200.185.232, IKE SA MM:1ee358c2 terminating: flags 0x01010002, refcnt 0, tuncnt 0
Oct 26 2012 10:36:06: %ASA-7-713906: Group = DefaultRAGroup, IP = 217.200.185.232, sending delete/delete with reason message
Oct 26 2012 10:36:06: %ASA-7-713236: IP = 217.200.185.232, IKE_DECODE SENDING Message (msgid=ce2eb537) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
Oct 26 2012 10:36:06: %ASA-5-713259: Group = DefaultRAGroup, IP = 217.200.185.232, Session is being torn down. Reason: Phase 2 Mismatch
Oct 26 2012 10:36:06: %ASA-4-113019: Group = DefaultRAGroup, Username = , IP = 217.200.185.232, Session disconnected. Session Type: IKE, Duration: 0h:00m:01s, Bytes xmt: 0, Bytes rcv: 0, Reason: Phase 2 Mismatch

IPad and PPTP VPN - Internet access (e-mail & Safari) not working

Hi there!
I've got an iPad2 (WiFi only) and need to configure it to use Witopia PPTP VPN, which is the VPN provider I've been using for a long time on my desktop and netbook.
Configure the iPad was an easy task, and I was able to successfuly authenticate and establish a PPTP session with any of the Witopia servers.
The problem is that once established the PPTP session, if the "send all traffic" option is ON, I have no Internet access at all (no e-mail neither browsing with Safari). Then, if I stop VPN, turn OFF the "send all traffic" option in the iPad, and start VPN again, I have Internet communication back and everything starts working fine. I've been fiddling with this in my home network (D-Link Dir-655 router using the IP 192.168.0.1 addressing scheme for my LAN).
Obviously, I decided to leave the "send all traffic" option OFF, but then I discovered that doing this my Safari traffic is not encrypted and my IP is not masked, i.e. the VPN is up and running, I have normal Internet traffic, but the service to be provided by the VPN for some inknown reason is not happening.
Does anyone have a clue about what's going on ?
TIA
RTadeu

Have you tried a battery pull? If not, give that a try and then try again.
1. Please thank those who help you by clicking the "Like" button at the bottom of the post that helped you.
2. If your issue has been solved, please resolve it by marking the post "Solution?" which solved it for you!

RV016 and PPTP connections logging

Hello. I have been using RV0's for quite a few years now, one thing that has bothered me is I have never been able to find or see any logging of actual users utilizing pptp vpn tunnels and when they initiate and close their tunnel connections. I am unable to see this information via the rvo gui log as well as in my syslog it dumps out to. Does the rv0 simply not provide this logging? If so why not? It seems like such a basic feature I am surprised if it is incapabile or unsupported. Thank you.

wbtadmin1,
I am not sure if the logging is simply not supported or if there is a hardware/software limitation. I know that I have had other customers ask about this in the past.
To make a feature request, please open a case: www.cisco.com/go/sbsc
It is possible that the feature will be added in a future firmware release.
- Marty

Graphite and PPTP?

I've got a graphite ABS and my office uses PPTP for VPN. Does this ABS support PPTP? I currently cannot connect through the ABS, but I direct connect to my DSL router then I can connect without any trouble.
Thoughts?

No, it looks like you need at least a "Dual Ethernet" AirPort base station (ABS) with AirPort software 2.0.4. See KB 107223, AirPort 2.0.4: About Using AirPort With Point to Point Tunneling Protocol (PPTP).

L2tp and pptp...

Similar Messages

Maybe you are looking for