Cisco 2951 PPTP Server vpn dump under load and "underground knock"?

V

Vasily Petrov2015-10-03 21:53:09

Cisco

Vasily Petrov, 2015-10-03 21:53:09

Good day to all!
As a PPTP server Cisco 2951 (C2951-UNIVERSALK9-M, Version 15.2(2)T)
The settings are as follows, I post everything related to PPTP
Code:

!
ip dhcp pool pptp-users
 network 10.10.10.0 255.255.255.0
 default-router 10.10.10.1
 dns-server 192.168.0.2
 option 249 hex 10ac.100a.0a0a.0110.c0a8.0a0a.0a01
 lease 0 1
!
!
vpdn enable
!
vpdn-group STO
 ! Default PPTP VPDN group
 accept-dialin
  protocol pptp
  virtual-template 1
!
!
interface Loopback0
 ip address 10.10.10.1 255.255.255.0
!

!
interface Virtual-Template1
 ip unnumbered Loopback0
 peer default ip address dhcp-pool pptp-users
 ppp encrypt mppe auto
 ppp authentication ms-chap-v2
!

In general, everything works, and the config is generally standard. BUT!
We cling to a Windows 7 client or Ubuntu, we try to transfer a large > 1gb file to a remote host behind Cisco, and we get a frieze. That is, the session is still active, but there is no access anywhere.
In the ubunta logs, it writes when everything stops working
pppd[2743]: Protocol-Reject for unsupported protocol 0xa4e8
pppd[2743]: Protocol-Reject for unsupported protocol 0xb038 Reconnect
helps
doesn't fall!! Disable debug and everything is back to normal!
In debug intermittently

Vi4 MPPE: missed 1 key changes, recomputing
Vi4 MPPE: missed 4 key changes, recomputing
Vi4 MPPE: rx key change error - diff = 4094

Friends, am I going crazy?
Can anyone come across?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

V

Vasily Petrov, 2015-10-04
@DrSqaer

UPD
So far this is "solved" by disabling CEF on the Virtual interface. In reality, it looks like an IOS bug.
And Debug, as smart people suggested, apparently disables CEF in order to pour everything through the percent and analyze it.

T

throughtheether, 2015-10-04
@throughtheether

In reality, it looks like an IOS bug.

It looks like it .