прошу помощи, бьюсь над проблемой третий день, не могу спать и есть ) Задача в том, что бы поднять на циске 2821 pptp c возможностью подключения встроенным в win впн клиентом через radius работающем на win2003. т.о. клиенты устанавливая внп соединение попадают в корпоративную сети На циске для пробы настроил без радиуса(локальные учетки циски), все работает, клиент подключается. Добавляю радиус, как возникает ошибка 734 Протокол управления РРР связью был прерван. Захожу на радиус и вижу лог, того что пользователь вошел удачно и радиус его пустил. Что самое смешное при этом на той же циске поднят easy vpn server и пользователи с помощью cisco vpn client спокойно подключаются. Вот значимые куски конфига: aaa new-model ! ! aaa group server radius radiusvpn server 172.22.50.12 auth-port 1645 acct-port 1646 ! aaa authentication login userauthen local group radiusvpn aaa authentication ppp default group radiusvpn aaa authorization network default local aaa authorization network groupauthor local group radiusvpn ! ! vpdn enable ! ! vpdn-group 1 ! Default L2TP VPDN group ! Default PPTP VPDN group accept-dialin protocol any virtual-template 1 local name pptp_gateway ! interface GigabitEthernet0/0 ip address 82.x.x.x x.x.x.x ip nat outside ip virtual-reassembly ip route-cache flow duplex auto speed auto crypto ipsec client ezvpn vpnremote inside ! interface GigabitEthernet0/1 description $ETH-LAN$ ip address 192.y.y.y y.y.y.y ip route-cache flow duplex auto speed auto pppoe enable group global ! ! interface Virtual-Template1 ip unnumbered GigabitEthernet0/1 ip access-group 100 in ip access-group 100 out ip verify unicast reverse-path ip virtual-reassembly autodetect encapsulation ppp peer default ip address pool superpool ppp mtu adaptive ppp encrypt mppe auto ppp authentication pap chap ms-chap ms-chap-v2 eap ! лог с циски
Sep 4 14:08:22.884: VPDN Vi31 disconnect (L2X) IETF: 9/nas-error Ascend: 66/VPDN Local PPP Disconnect Sep 4 14:08:22.884: VPDN Vi31 vpdn shutdown session, result=1, error=7, vendor_err=0 Sep 4 14:08:22.884: VPDN Vi31 VPDN/AAA: accounting stop sent Sep 4 14:08:22.884: VPDN Vi31 Unbinding session from idb Sep 4 14:08:22.884: Vi31 VPDN: Resetting interface Sep 4 14:08:22.884: L2TUN APP: uid:384handle/1569150Destroying app session Sep 4 14:08:22.884: L2TUN APP: uid:384handle/1569150Stopping service selection Sep 4 14:08:22.884: PPTP 384:1679769:_____: close -> state change estabd to terminal Sep 4 14:08:22.884: PPTP 384:1679769:_____: Destroying session Sep 4 14:08:22.884: L2X _____:_____: Cannot remove invalid application context 0x466A6B00 from socket Sep 4 14:08:22.884: PPTP 384:_____:_____: L2X request teardown data plane Sep 4 14:08:22.884: L2X _____:_____: PROTO DB: removed session: rIP 172.22.50.60, rSession id 12043 (total 218959117) Sep 4 14:08:22.884: L2X _____:_____: PROTO DB: removed session with id 405 (total 0) Sep 4 14:08:22.888: PPTP tnl 1679769:_____: no-sess -> state change estabd to wt-stprp Sep 4 14:08:22.888: VPDN Received L2TUN socket message <CDN - Session Disconnected> Sep 4 14:08:22.888: %LINK-3-UPDOWN: Interface Virtual-Access31, changed state to down Sep 4 14:08:22.888: PPTP tnl 1679769:_____: Recvd session msg 12, tunnel state wt-stprp, ignoredUnexpected event!!! VPDN SW Subblock destroy called Sep 4 14:08:22.896: PPTP tnl 1679769:_____: Destroy tunnel Sep 4 14:08:22.896: PPTP _____:_____: No l2x in cc Sep 4 14:08:22.896: L2X _____:_____: PROTO DB: removed cc with id 411 (total 1) Sep 4 14:08:22.896: PPTP _____:_____: Invalid session received from SSM Sep 4 14:08:22.896: PPTP:(Tnl0:Sn405)L2X s/w switching session unprovisioned Sep 4 14:08:22.896: L2X:Session DB (Tnl/Sn: 0/405): Removed the switching session from the session DB Sep 4 14:08:22.896: PPTP _____:_____: Cant find tunnel 411 in the DB Sep 4 14:15:02.013: EZVPN: Static route change notify tableid 0, event DOWN, destination 172.22.25.69, gateway 0.0.0.0, interface Virtual-Access16 Sep 4 14:15:02.013: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access16, changed state to down Sep 4 14:15:09.249: EZVPN: Static route change notify tableid 0, event DOWN, destination 172.22.25.55, gateway 0.0.0.0, interface Virtual-Access7 Sep 4 14:15:09.249: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access7, changed state to down Sep 4 14:15:51.302: %SYS-5-CONFIG_I: Configured from console by admin on vty0 (82.198.184.194) Sep 4 14:16:16.019: PPTP _____:_____: TCP connect reqd from 0.0.0.0:2006 Sep 4 14:16:16.087: L2X _____:_____: PROTO DB: added cc with id 412 (total 2) Sep 4 14:16:16.087: PPTP tnl 1683866:_____: Tunnel created; peer initiated Sep 4 14:16:16.115: PPTP tnl 1683866:_____: SCCRQ-ok -> state change wt-sccrq to estabd Sep 4 14:16:16.195: L2X _____:_____: PROTO DB: added session (cc id 412, sess id 406) (total 1) Sep 4 14:16:16.195: L2X _____:_____: PROTO DB: added session: rIP 82.198.184.194, rSession id 1024 (total 1) Sep 4 14:16:16.195: VPDN Received L2TUN socket message <xCRQ - Session Incoming> Sep 4 14:16:16.195: VPDN Tnl/Sn 412 406 L2TUN socket session accept requested Sep 4 14:16:16.195: VPDN Tnl/Sn 412 406 Setting up dataplane for L2-L2, no idb Sep 4 14:16:16.199: PPTP _____:1683866:_____: sss-started -> state change start-sss to estabd Sep 4 14:16:16.199: VPDN Received L2TUN socket message <xCCN - Session Connected> Sep 4 14:16:16.203: VPDN uid:385 VPDN session up Sep 4 14:16:16.203: PPTP _____:_____:_____: L2X session data plane setup successful Sep 4 14:16:16.203: L2X:Session DB (Tnl/Sn: 0/406): Stored the switching session in the session DB Sep 4 14:16:16.203: PPTP:(Tnl0:Sn406)Provisioned: idb=none, session_sip=1,idb_switching=0, sw_mode=1 Sep 4 14:16:16.203: PPTP:(Tnl0:Sn406)L2X s/w switching session provisioned Sep 4 14:16:16.207: VPDN Received L2TUN socket message <Dataplane UP> Sep 4 14:16:16.683: RADIUS/ENCODE(0000178D):Orig. component type = VPDN Sep 4 14:16:16.683: RADIUS: AAA Unsupported Attr: interface [157] 15 Sep 4 14:16:16.683: RADIUS: 55 6E 69 71 2D 53 65 73 73 2D 49 44 33 [Uniq-Sess-ID3] Sep 4 14:16:16.683: RADIUS(0000178D): Config NAS IP: 0.0.0.0 Sep 4 14:16:16.683: RADIUS/ENCODE(0000178D): acct_session_id: 6029 Sep 4 14:16:16.683: RADIUS(0000178D): sending Sep 4 14:16:16.683: RADIUS/ENCODE: Best Local IP-Address 172.22.25.5 for Radius-Server 172.22.50.12 Sep 4 14:16:16.683: RADIUS(0000178D): Send Access-Request to 172.22.50.12:1645 id 1645/62, len 165 Sep 4 14:16:16.683: RADIUS: authenticator 61 0A 6B 81 27 1E A4 D3 - 13 D1 87 69 91 2B 5A 6D Sep 4 14:16:16.683: RADIUS: Framed-Protocol [7] 6 PPP [1] Sep 4 14:16:16.683: RADIUS: User-Name [1] 16 "domen\user" Sep 4 14:16:16.683: RADIUS: Vendor, Microsoft [26] 24 Sep 4 14:16:16.683: RADIUS: MSCHAP_Challenge [11] 18 Sep 4 14:16:16.683: RADIUS: 61 0A 6B 81 27 1E A4 D3 13 D1 87 69 91 2B 5A 6D [a?k?'??????i?+Zm] Sep 4 14:16:16.683: RADIUS: Vendor, Microsoft [26] 58 Sep 4 14:16:16.683: RADIUS: MS-CHAP-V2-Response[25] 52 * Sep 4 14:16:16.683: RADIUS: NAS-Port-Type [61] 6 Virtual [5] Sep 4 14:16:16.683: RADIUS: NAS-Port [5] 6 385 Sep 4 14:16:16.683: RADIUS: NAS-Port-Id [87] 17 "Uniq-Sess-ID385" Sep 4 14:16:16.683: RADIUS: Service-Type [6] 6 Framed [2] Sep 4 14:16:16.683: RADIUS: NAS-IP-Address [4] 6 172.22.25.5 Sep 4 14:16:16.695: RADIUS: Received from id 1645/62 172.22.50.12:1645, Access-Accept, len 213 Sep 4 14:16:16.695: RADIUS: authenticator 96 48 99 23 AE 87 64 4E - CC 18 E8 B4 0B 33 ED 77 Sep 4 14:16:16.695: RADIUS: Framed-Protocol [7] 6 PPP [1] Sep 4 14:16:16.695: RADIUS: Service-Type [6] 6 Framed [2] Sep 4 14:16:16.695: RADIUS: Class [25] 32 Sep 4 14:16:16.699: RADIUS: 4C 5B 05 FA 00 00 01 37 00 01 AC 16 32 0C 01 C8 [L[?????7????2???] Sep 4 14:16:16.699: RADIUS: E3 83 16 F1 CD 01 00 00 00 00 00 07 B0 05 [??????????????] Sep 4 14:16:16.699: RADIUS: Vendor, Microsoft [26] 42 Sep 4 14:16:16.699: RADIUS: MS-MPPE-Recv-Key [17] 36 * Sep 4 14:16:16.699: RADIUS: Vendor, Microsoft [26] 42 Sep 4 14:16:16.699: RADIUS: MS-MPPE-Send-Key [16] 36 * Sep 4 14:16:16.699: RADIUS: Vendor, Microsoft [26] 51 Sep 4 14:16:16.699: RADIUS: MS-CHAP-V2-Success [26] 45 "^AS=5E0A0797DA84107CCDF303C0D653EA078668033D" Sep 4 14:16:16.699: RADIUS: Vendor, Microsoft [26] 14 Sep 4 14:16:16.699: RADIUS: MS-CHAP-DOMAIN [10] 8 "^Adomen" Sep 4 14:16:16.699: RADIUS(0000178D): Received from id 1645/62 Sep 4 14:16:16.707: VPDN Vi30 Virtual interface created for unknown, bandwidth 100000 Kbps Sep 4 14:16:16.707: VPDN Vi30 Setting up dataplane for L2-L3, Vi30 Sep 4 14:16:16.711: %LINK-3-UPDOWN: Interface Virtual-Access30, changed state to up Sep 4 14:16:16.715: PPTP:(Tnl0:Sn406)L2X s/w switching session updated Sep 4 14:16:16.715: PPTP:(Tnl0:Sn406)L2X s/w switching session bound Sep 4 14:16:16.715: PPTP:(Tnl0:Sn406)VPDN L2TP s/w session mode changed to L2_L3 Sep 4 14:16:16.715: PPTP:(Tnl0:Sn406)Updated: idb=Vi30, session_sip=1,idb_switching=1, sw_mode=2 Sep 4 14:16:16.715: PPTP _____:_____: Unexpected Dataplane Up Event Sep 4 14:16:18.795: VPDN Vi30 disconnect (L2X) IETF: 9/nas-error Ascend: 66/VPDN Local PPP Disconnect Sep 4 14:16:18.795: VPDN Vi30 vpdn shutdown session, result=1, error=7, vendor_err=0 Sep 4 14:16:18.795: VPDN Vi30 VPDN/AAA: accounting stop sent Sep 4 14:16:18.799: VPDN Vi30 Unbinding session from idb Sep 4 14:16:18.799: Vi30 VPDN: Resetting interface Sep 4 14:16:18.799: L2TUN APP: uid:385handle/1573247Destroying app session Sep 4 14:16:18.799: L2TUN APP: uid:385handle/1573247Stopping service selection Sep 4 14:16:18.799: PPTP 385:1683866:_____: close -> state change estabd to terminal Sep 4 14:16:18.799: PPTP 385:1683866:_____: Destroying session Sep 4 14:16:18.799: L2X _____:_____: Cannot remove invalid application context 0x466A6B00 from socket Sep 4 14:16:18.799: PPTP 385:_____:_____: L2X request teardown data plane Sep 4 14:16:18.799: L2X _____:_____: PROTO DB: removed session: rIP 82.198.184.194, rSession id 1024 (total 218959117) Sep 4 14:16:18.799: L2X _____:_____: PROTO DB: removed session with id 406 (total 0) Sep 4 14:16:18.799: PPTP tnl 1683866:_____: no-sess -> state change estabd to wt-stprp Sep 4 14:16:18.799: PPTP _____:_____: Invalid session received from SSM Sep 4 14:16:18.803: PPTP:(Tnl0:Sn406)L2X s/w switching session unprovisioned Sep 4 14:16:18.803: L2X:Session DB (Tnl/Sn: 0/406): Removed the switching session from the session DB Sep 4 14:16:18.803: VPDN Received L2TUN socket message <CDN - Session Disconnected> Sep 4 14:16:18.803: %LINK-3-UPDOWN: Interface Virtual-Access30, changed state to down Sep 4 14:16:18.899: PPTP tnl 1683866:_____: tcp-disc -> state change wt-stprp to terminal Sep 4 14:16:18.899: PPTP tnl 1683866:_____: Destroy tunnel Sep 4 14:16:18.899: PPTP _____:_____: No l2x in cc Sep 4 14:16:18.899: L2X _____:_____: PROTO DB: removed cc with id 412 (total 1) Sep 4 14:17:12.465: %ALIGN-3-SPURIOUS: Spurious memory access made at 0x4374F1FC reading 0x0 Sep 4 14:17:12.465: %ALIGN-3-TRACE: -Traceback= 0x4374F1FC 0x42A18FCC 0x42A1B4D0 0x42A1B6F4 0x42A1BB1C 0x42BAD63C 0x42BAD944 0x415DECCC Sep 4 14:17:12.465: %ALIGN-3-TRACE: -Traceback= 0x4374F204 0x42A18FCC 0x42A1B4D0 0x42A1B6F4 0x42A1BB1C 0x42BAD63C 0x42BAD944 0x415DECCC Sep 4 14:17:12.465: %ALIGN-3-TRACE: -Traceback= 0x4374F1FC 0x42A17B64 0x42A1B108 0x42A1B738 0x42A1BB1C 0x42BAD63C 0x42BAD944 0x415DECCC Sep 4 14:17:12.465: %ALIGN-3-TRACE: -Traceback= 0x4374F204 0x42A17B64 0x42A1B108 0x42A1B738 0x42A1BB1C 0x42BAD63C 0x42BAD944 0x415DECCC Sep 4 14:19:31.382: L2X _____:_____: class [l2tp_default_class] Sep 4 14:19:31.382: L2X _____:_____: Exec locked 0->1 Sep 4 14:19:31.382: L2X _____:_____: class [l2tp_default_class] Sep 4 14:19:31.382: L2X _____:_____: Exec unlocked 1->0
|