В офисе стоит Cisco 2951 с поднятым PPTP сервером (нужен именно pptp). Клиенты подключаются с через сотовые сети и домашний интернет (NAT).
Проблема: находясь дома, за NATом, возможно установить только 1у сессию! При попытке подключить 2ое устройство, вылетает ошибка 619 (windows). НО тут самое интересное! Я подключаюсь к VPN находясь за домашним NAT, например iPhone, после чего, я не могу подключиться к VPN с бука с windows, вылетает ошибка 619, а с яблочного компа (Mac OSX) всё работает! До этого стоял Mikrotik c PPTP сервером, таких проблем не было. Подскажите как победить???
!
! Last configuration change at 11:47:48 MSK Sat Jun 13 2015
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ol-gw1
!
boot-start-marker
boot-end-marker
!
!
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication ppp default local-case
!
!
!
!
!
aaa session-id common
clock timezone MSK 3 0
clock calendar-valid
!
!
!
ip cef
!
!
!
!
!
!
!
!
ip domain name test.ru
ip name-server 10.4.0.1
ip name-server 10.4.0.7
ipv6 multicast rpf use-bgp
no ipv6 cef
!
multilink bundle-name authenticated
!
async-bootp dns-server 10.4.0.1 10.4.0.7
vpdn enable
!
vpdn-group VPDN-PPTP
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
pptp tunnel echo 10
ip pmtu
ip mtu adjust
!
!
!
!
!
voice-card 0
!
!
!
!
!
!
!
!
license udi pid CISCO2951/K9 sn FTX1716AL8W
hw-module pvdm 0/0
!
hw-module pvdm 0/1
!
!
!
username root privilege 15 secret 4 xxxx
username Testuser privilege 0 password 0 Testpass
!
redundancy
!
!
!
!
!
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
csdb tcp synwait-time 30
csdb tcp idle-time 3600
csdb tcp finwait-time 5
csdb tcp reassembly max-memory 1024
csdb tcp reassembly max-queue-length 16
csdb udp idle-time 30
csdb icmp idle-time 10
csdb session max-session 65535
!
!
!
!
!
!
!
!
!
interface Loopback0
description PPTP
ip address 10.4.6.254 255.255.255.0
!
interface Tunnel0
description GRE_PE
ip address 10.3.1.254 255.255.255.252
ip nat inside
ip virtual-reassembly in
tunnel source 10.3.0.254
tunnel destination 10.3.0.253
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address xxx.xxx.xxx.85 255.255.255.192 secondary
ip address xxx.xxx.xxx.84 255.255.255.192
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1.10
description Server_farm
encapsulation dot1Q 10
ip address 10.4.0.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.11
description Manage
encapsulation dot1Q 11
ip address 10.4.1.254 255.255.255.0
!
interface GigabitEthernet0/1.12
description Avaya
encapsulation dot1Q 12
ip address 10.4.2.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.13
description LAN
encapsulation dot1Q 13
ip address 10.4.3.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.14
description WLAN
encapsulation dot1Q 14
ip address 10.4.4.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.15
description Guest_WLAN
encapsulation dot1Q 15
ip address 10.4.5.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/2
description Point-to-Point
ip address 10.3.0.254 255.255.255.252
duplex auto
speed auto
!
interface GigabitEthernet0/0/0
no ip address
shutdown
!
interface GigabitEthernet0/0/1
no ip address
shutdown
!
interface GigabitEthernet0/0/2
no ip address
shutdown
!
interface GigabitEthernet0/0/3
no ip address
shutdown
!
interface Virtual-Template1
description PPTP
ip unnumbered Loopback0
ip nat inside
ip virtual-reassembly in
autodetect encapsulation ppp
peer ip address forced
peer default ip address pool PPTP
no keepalive
ppp encrypt mppe auto
ppp authentication ms-chap-v2
!
interface Vlan1
no ip address
!
!
ip local pool PPTP 10.4.6.2 10.4.6.50
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat pool OL xxx.xxx.xxx.85 xxx.xxx.xxx.85 netmask 255.255.255.192
ip nat inside source list 150 pool OL overload
ip nat inside source static tcp 10.4.0.2 25 xxx.xxx.xxx.85 25 extendable
ip nat inside source static tcp 10.4.0.2 443 xxx.xxx.xxx.85 443 extendable
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.65
ip route 10.7.0.0 255.255.0.0 10.3.1.253
!
!
!
nls resp-timeout 1
cpd cr-id 1
!
access-list 150 permit ip 10.4.0.0 0.0.0.255 any
access-list 150 permit ip 10.4.2.0 0.0.0.255 any
access-list 150 permit ip 10.4.3.0 0.0.0.255 any
access-list 150 permit ip 10.4.4.0 0.0.0.255 any
access-list 150 permit ip 10.4.5.0 0.0.0.255 any
access-list 150 permit ip 10.4.6.0 0.0.0.255 any
access-list 150 permit ip 10.7.3.0 0.0.0.255 any
access-list 150 permit ip 10.7.4.0 0.0.0.255 any
access-list 150 permit ip 10.7.5.0 0.0.0.255 any
access-list 150 permit ip 10.7.2.0 0.0.0.255 any
!
!
!
control-plane
!
!
!
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
gatekeeper
shutdown
!
!
!
line con 0
privilege level 15
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
privilege level 15
transport input ssh
transport output ssh
!
scheduler allocate 20000 1000
ntp access-group peer NTP_srv kod
ntp access-group serve NTP_cli kod
ntp master 2
ntp update-calendar
ntp server 17.253.64.243 source GigabitEthernet0/0
ntp server 62.76.96.4 source GigabitEthernet0/0
ntp server 79.165.187.13 prefer source GigabitEthernet0/0
ntp server 89.109.251.21 source GigabitEthernet0/0
!
end
debug
Jun 13 10:35:46.158: VPDN Received L2TUN socket message <xCRQ - Session Incoming>
Jun 13 10:35:46.158: VPDN uid:12 L2TUN socket session accept requested
Jun 13 10:35:46.158: VPDN uid:12 Setting up dataplane for L2-L2, no idb
Jun 13 10:35:46.158: VPDN Received L2TUN socket message <xCCN - Session Connected>
Jun 13 10:35:46.158: VPDN uid:12 VPDN session up
Jun 13 10:35:46.162: ppp12 PPP: Using AAA Unique Id = 1B
Jun 13 10:35:46.162: ppp12 PPP: Authorization NOT required
Jun 13 10:35:46.162: ppp12 PPP: Using vpn set call direction
Jun 13 10:35:46.162: ppp12 PPP: Treating connection as a callin
Jun 13 10:35:46.162: ppp12 PPP: Session handle[8600000C] Session id[12]
Jun 13 10:35:46.162: ppp12 PPP LCP: negotiation authorized = 1, tacacs author = 0
Jun 13 10:35:48.166: ppp12 PPP LCP: neg is authorized, processing CP UP event
Jun 13 10:36:08.326: ppp12 PPP: Sending Acct Event[Down] id[1B]
Jun 13 10:36:08.326: ppp12 PPP: Clearing AAA Unique Id = 1B
Jun 13 10:36:08.326: VPDN uid:12 disconnect (AAA) IETF: 9/nas-error Ascend: 24/PPP LCP Fail
Jun 13 10:36:08.326: VPDN Unknown vpdn syslog error due to AAA disconnect code 24
Jun 13 10:36:08.326: VPDN uid:12 vpdn shutdown session, result=2, error=6, vendor_err=0, syslog_error_code=0, syslog_key_type=1
Jun 13 10:36:08.326: VPDN uid:12 VPDN/AAA: accounting stop sent
Jun 13 10:36:08.326: VPDN Received L2TUN socket message <CDN - Session Disconnected>
Версия для распечатки
Cisco VPN PPTP сервер, не возможно подключить 2 сесси, 
exStasik, 13-Июн-15, 15:14 [смотреть все]
