|
ru.cisco
- RU.CISCO ---------------------------------------------------------------------
From : Sergey Sokolov 2:5020/400 13 Jan 2006 00:43:20
To : All
Subject : 3640 и VPDN
--------------------------------------------------------------------------------
Помогите понять в чем дело.
Есть 3630 которая используется как PPTP VPN сервер.
Так вот никакие танцы с бубном не могут заставить клиентов от MS
законнектится. Постоянно одна и та же ошибка: 742 remote computer does not
support the required data encryption type.
Без шифрования - все отлично.
Аутентификация через радиус. Радиус на MS Win2003 и настроен правильно (я
так думаю, потому что другой VPN сервер на 2610 с точно такой же
конфигураций нормально работает). Атрибуты Framed-Protocol=PPP и
Service-Type=Framed выдаю.
Все конфиги циски ниже.
Может кто в курсе в чем дело - ну там поломан в этой версии IOS VPDN или еще
что...
Вообщем помоготе, т.к. уже не знаю что делать.
ЗЫ Hа особенности роутинга внимание не обращайте.
С уважением,
Сергей Соколов
c3640-P#sh ver
Cisco IOS Software, 3600 Software (C3640-JK9O3S-M), Version 12.4(1a),
RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Fri 27-May-05 16:29 by hqluong
ROM: System Bootstrap, Version 11.1(20)AA2, EARLY DEPLOYMENT RELEASE
SOFTWARE (fc1)
c3640-P uptime is 1 day, 5 hours, 13 minutes
System returned to ROM by reload at 18:12:21 MSD Wed Jan 11 2006
System restarted at 18:20:28 MSD Wed Jan 11 2006
System image file is "flash:c3640-jk9o3s-mz.124-1a.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found
at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco 3640 (R4700) processor (revision 0x00) with 125952K/5120K bytes of
memory.
Processor board ID 17652056
R4700 CPU at 100MHz, Implementation 33, Rev 1.0
4 Ethernet interfaces
DRAM configuration is 64 bits wide with parity disabled.
125K bytes of NVRAM.
32768K bytes of processor board System flash (Read/Write)
Configuration register is 0x102
c3640-P#sh run
Building configuration...
Current configuration : 3195 bytes
!
! Last configuration change at 23:24:38 MSD Thu Jan 12 2006 by
! NVRAM config last updated at 23:14:37 MSD Thu Jan 12 2006 by
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
no service dhcp
!
hostname c3640-P
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret
!
aaa new-model
!
!
aaa authentication login userauthen group radius
aaa authentication ppp default if-needed group radius local
aaa authorization network groupauthor local
!
aaa session-id common
!
resource policy
!
clock timezone MSD 3
clock summer-time MSD recurring last Sun Mar 2:00 last Sun Oct 3:00
ip subnet-zero
!
!
ip cef
ip domain name ххх.ru
ip name-server 192.168.16.254
ip name-server 192.168.16.31
no ip dhcp use vrf connected
!
!
no ip ips deny-action ips-interface
!
vpdn enable
vpdn ip udp ignore checksum
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
local name Cisco_VPN_PPTP_server
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username ххх privilege 15 password
!
!
!
!
!
!
interface Ethernet0/0
description $ETH-LAN$
ip address 192.168.16.33 255.255.240.0
full-duplex
!
interface Ethernet0/1
description DMZ$ETH-WAN$
ip address 192.168.10.53 255.255.255.0 secondary
ip address ххх.ххх.ххх.ххх 255.255.255.252
ip access-group WAN-LAN-IN in
ip access-group WAN-LAN-OUT out
no ip proxy-arp
full-duplex
!
interface Ethernet0/2
no ip address
half-duplex
!
interface Ethernet0/3
no ip address
half-duplex
!
interface Virtual-Template1
description PPTP for Windows clients
ip unnumbered Ethernet0/1
peer default ip address pool vpn_pool
compress mppc
ppp encrypt mppe auto stateful
ppp authentication ms-chap pap chap ms-chap-v2
!
ip local pool vpn_pool 192.168.33.65 192.168.33.95
ip http server
ip http authentication local
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.10.1 permanent
ip route 192.168.0.0 255.255.255.0 192.168.16.1
ip route 192.168.1.0 255.255.255.0 192.168.16.1
ip route 192.168.5.0 255.255.255.0 192.168.16.1
!
!
!
!
ip access-list extended WAN-LAN-IN
deny ip any 192.168.16.0 0.0.15.255
permit ip any any
ip access-list extended WAN-LAN-OUT
deny ip 192.168.16.0 0.0.15.255 any
permit ip any any
ip radius source-interface Ethernet0/0
!
!
radius-server host 192.168.0.106 auth-port 1645 acct-port 1646 key
radius-server host 192.168.16.27 auth-port 1645 acct-port 1646 key
radius-server retry method reorder
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
exec-timeout 0 0
privilege level 15
transport input telnet ssh
!
ntp clock-period 17180018
ntp master 2
ntp server 192.168.1.1
ntp server 192.168.0.1
ntp server 192.43.244.18
ntp server 80.240.109.1
ntp server 80.240.109.1 source Ethernet0/1
ntp server 192.168.16.1 source Ethernet0/0
!
end
--- ifmail v.2.15dev5.3
* Origin: MTU-Intel ISP (2:5020/400)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
| Тема: |
Автор: |
Дата: |
|
3640 и VPDN |
Sergey Sokolov |
13 Jan 2006 00:43:20 |
 Re: 3640 и VPDN |
Mike Zagrayevsky |
14 Jan 2006 18:35:45 |
|
|
