Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

cisco pix 501 DSL can't connect to my ISP!!!!

Status
Not open for further replies.
clumsymonkey

clumsymonkey

Technical User
Dec 30, 2004
11
GB
Hi, I'm trying to setup my pix 501 as a dsl client, but I can't get an ip from my isp. I know it should work because it work for my d-link router. I set my pix for dsl below:

ip address outside pppoe setroute
ip address inside 192.168.0.1 255.255.255.0
vpdn group whatever request dialout pppoe
vpdn group whatever localname whatever@whatever.com
vpdn group whatever ppp authentication pap
vpdn username whatever@whatever.com password *********

Unfortunately, the pppoe session always shutdown (see below). THe interface is up. WHat am I doing wrong???

pixFW1# sh vpdn session pppoe
PPPoE Session Information (Total tunnels=1 sessions=0)

Remote MAC is 00:90:1A:40:F2:E2
Session state is SESSION_SHUTDOWN
Time since event change 2630 secs, interface outside
216 packets sent, 0 received, 2052 bytes sent, 0 received
termination info:
Peer Terminated
LCP down
pixFW1#
 
Sort by date Sort by votes
The config looks alright to me in general. I would just suggest you confirm that the pppoe server is configured with the a username and password you're trying to use. In addition, I'd confirm that PAP is their preferred authentication method (which is quite unusual - I'd expect CHAP)

I guess you can prove or disprove if it is an authentication failure by debugging: ppp upap and ppp negotiation.

I've found that 95% of the time, the reason pppoe doesn't work is due to authentication mismatch between client and server.
 
Upvote 0 Downvote
Hi,

It looks like it is an authentication mismatch. I changed to chap authentication and ran the debug and below is snippet of what I got. However, my credentials are not wrong - ie they work when I use it on my dlink router - I can connect on my dlink router. What do you think can be the failure? Could my ISP be using another protocol for authentication?

PPP chap receive challenge: rcvd a type CHAP-DIGEST-MD5 pkt
Rcvd Link Control Protocol pkt, Action code is: Config Request, len is: 10
Pkt dump: xxxxxxxxxxxxxxxxxxxxxxxxxxxx
LCP Option: AUTHENTICATION_TYPES, len: 4, data: c023
LCP Option: MAGIC_NUMBER, len: 6, data: 78dd4391

Xmit Link Control Protocol pkt, Action code is: Config Request, len is: 6
Pkt dump: xxxxxxxxxxxxxxxxxxxxxxxxxxxx
LCP Option: MAGIC_NUMBER, len: 6, data: 2a8ec818

Xmit Link Control Protocol pkt, Action code is: Config NAK, len is: 5
Pkt dump: xxxxxxxxxxxxxxxxxxxxxxxxxxxx
LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22305

Rcvd Link Control Protocol pkt, Action code is: Config ACK, len is: 6
Pkt dump: xxxxxxxxxxxxxxxxxxxxxxxxxxxx
LCP Option: MAGIC_NUMBER, len: 6, data: 2a8ec818

Rcvd Link Control Protocol pkt, Action code is: Config Request, len is: 11
Pkt dump: xxxxxxxxxxxxxxxxxxxxxxxxxxxx
LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22305
LCP Option: MAGIC_NUMBER, len: 6, data: 78dd4391

Xmit Link Control Protocol pkt, Action code is: Config ACK, len is: 11
Pkt dump: xxxxxxxxxxxxxxxxxxxxxxxxxxxx
LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22305
LCP Option: MAGIC_NUMBER, len: 6, data: 78dd4391

Xmit Link Control Protocol pkt, Action code is: Echo Request, len is: 4
Pkt dump: 2a8ec818

PPP chap receive challenge: rcvd a type CHAP-DIGEST-MD5 pkt
Rcvd Link Control Protocol pkt, Action code is: Echo Reply, len is: 4
Pkt dump: 78dd4391

PPP chap receive failure: xxxxxxxxxxxxxxxxxxxxxxxxxxxx
PPP CHAP authentication failed
Rcvd Link Control Protocol pkt, Action code is: Termination Request, len is: 0

Xmit Link Control Protocol pkt, Action code is: Termination ACK, len is: 0

Rcvd Link Control Protocol pkt, Action code is: Termination Request, len is: 0

Xmit Link Control Protocol pkt, Action code is: Termination ACK, len is: 0

Rcvd Link Control Protocol pkt, Action code is: Termination Request, len is: 0

Xmit Link Control Protocol pkt, Action code is: Termination ACK, len is: 0

PPP va close, device = 1
 
Upvote 0 Downvote
Well the debug certainly proves you need CHAP enabled.

But you say it's still not working, looking around it suggests to do the following:

1. Go into config and reenter the command: ip address outside pppoe setroute

This will clear and restart the pppoe session.

2. As you're asking the far end pppoe server to create a default route, ensure there is no conflicting static default route on the PIX already. When using the setroute option, you cannot have a statically defined route in the configuration.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

B
  • Locked
  • Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
216
badwolf1686
B
CPM86
  • Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
344
CPM86
CPM86
pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
574
nt8d09
nt8d09
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
567
madwok
madwok
jobsp90
  • Question
I have a issue in my office hospital network regarding using IPPBX software.
Replies
2
Views
242
DavetheChef
DavetheChef

Part and Inventory Search

Sponsor

Back
Top