Cisco VPN PPTP сервер, не возможно подключить 2 клиентов из одной стеи (ошика 619), в чём проблема?

Добрый день Коллеги.

В офисе стоит Cisco 2951 с поднятым PPTP сервером (нужен именно pptp). Клиенты подключаются с через сотовые сети и домашний интернет (NAT).
Проблема: находясь дома, за NATом, возможно установить только 1у сессию с офисом! При попытке подключить 2ое устройство, вылетает ошибка 619 (windows). До этого стоял Mikrotik c PPTP сервером, после Виндовый сервак, таких проблем не было. Подскажите как победить???

!
! Last configuration change at 11:47:48 MSK Sat Jun 13 2015
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ol-gw1
!
boot-start-marker
boot-end-marker
!
!
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication ppp default local-case
!
!
!
!
!
aaa session-id common
clock timezone MSK 3 0
clock calendar-valid
!
!
!
ip cef
!
!
!
!


!
!
!
!
ip domain name test.ru
ip name-server 10.4.0.1
ip name-server 10.4.0.7
ipv6 multicast rpf use-bgp
no ipv6 cef
!
multilink bundle-name authenticated
!
async-bootp dns-server 10.4.0.1 10.4.0.7
vpdn enable
!
vpdn-group VPDN-PPTP
 ! Default PPTP VPDN group
 accept-dialin
  protocol pptp
  virtual-template 1
 pptp tunnel echo 10
 ip pmtu
 ip mtu adjust
!
!
!
!
!
voice-card 0
!
!
!
!
!
!
!
!
license udi pid CISCO2951/K9 sn FTX1716AL8W
hw-module pvdm 0/0
!
hw-module pvdm 0/1
!
!
!
username root privilege 15 secret 4 xxxx
username Testuser privilege 0 password 0 Testpass

!
redundancy
!
!
!
!
!
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
csdb tcp synwait-time 30
csdb tcp idle-time 3600
csdb tcp finwait-time 5
csdb tcp reassembly max-memory 1024
csdb tcp reassembly max-queue-length 16
csdb udp idle-time 30
csdb icmp idle-time 10
csdb session max-session 65535
! 
!
!
!
!
!
!
!
!
interface Loopback0
 description PPTP
 ip address 10.4.6.254 255.255.255.0
!
interface Tunnel0
 description GRE_PE
 ip address 10.3.1.254 255.255.255.252
 ip nat inside
 ip virtual-reassembly in
 tunnel source 10.3.0.254
 tunnel destination 10.3.0.253
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 ip address xxx.xxx.xxx.85 255.255.255.192 secondary
 ip address xxx.xxx.xxx.84 255.255.255.192
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
 no cdp enable
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/1.10
 description Server_farm
 encapsulation dot1Q 10
 ip address 10.4.0.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/1.11
 description Manage
 encapsulation dot1Q 11
 ip address 10.4.1.254 255.255.255.0
!
interface GigabitEthernet0/1.12
 description Avaya
 encapsulation dot1Q 12
 ip address 10.4.2.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/1.13
 description LAN
 encapsulation dot1Q 13
 ip address 10.4.3.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/1.14
 description WLAN
 encapsulation dot1Q 14
 ip address 10.4.4.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/1.15
 description Guest_WLAN
 encapsulation dot1Q 15
 ip address 10.4.5.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/2
 description Point-to-Point
 ip address 10.3.0.254 255.255.255.252
 duplex auto
 speed auto
!
interface GigabitEthernet0/0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0/1
 no ip address
 shutdown
!
interface GigabitEthernet0/0/2
 no ip address
 shutdown
!
interface GigabitEthernet0/0/3
 no ip address
 shutdown
!
interface Virtual-Template1
 description PPTP
 ip unnumbered Loopback0
 ip nat inside
 ip virtual-reassembly in
 autodetect encapsulation ppp
 peer ip address forced
 peer default ip address pool PPTP
 no keepalive
 ppp encrypt mppe auto
 ppp authentication ms-chap-v2
!
interface Vlan1
 no ip address
!
!
ip local pool PPTP 10.4.6.2 10.4.6.50
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat pool OL xxx.xxx.xxx.85 xxx.xxx.xxx.85 netmask 255.255.255.192
ip nat inside source list 150 pool OL overload
ip nat inside source static tcp 10.4.0.2 25 xxx.xxx.xxx.85 25 extendable
ip nat inside source static tcp 10.4.0.2 443 xxx.xxx.xxx.85 443 extendable
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.65
ip route 10.7.0.0 255.255.0.0 10.3.1.253
!


!
!
nls resp-timeout 1
cpd cr-id 1
!
access-list 150 permit ip 10.4.0.0 0.0.0.255 any
access-list 150 permit ip 10.4.2.0 0.0.0.255 any
access-list 150 permit ip 10.4.3.0 0.0.0.255 any
access-list 150 permit ip 10.4.4.0 0.0.0.255 any
access-list 150 permit ip 10.4.5.0 0.0.0.255 any
access-list 150 permit ip 10.4.6.0 0.0.0.255 any
access-list 150 permit ip 10.7.3.0 0.0.0.255 any
access-list 150 permit ip 10.7.4.0 0.0.0.255 any
access-list 150 permit ip 10.7.5.0 0.0.0.255 any
access-list 150 permit ip 10.7.2.0 0.0.0.255 any
!
!
!
control-plane
!
 !
 !
 !
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
gatekeeper
 shutdown
!
!
!
line con 0
 privilege level 15
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 privilege level 15
 transport input ssh
 transport output ssh
!
scheduler allocate 20000 1000

!
end

UPD: deb
Jun 13 10:35:46.158: VPDN Received L2TUN socket message <xCRQ - Session Incoming>
Jun 13 10:35:46.158: VPDN uid:12 L2TUN socket session accept requested
Jun 13 10:35:46.158: VPDN uid:12 Setting up dataplane for L2-L2, no idb
Jun 13 10:35:46.158: VPDN Received L2TUN socket message <xCCN - Session Connected>
Jun 13 10:35:46.158: VPDN uid:12 VPDN session up
Jun 13 10:35:46.162: ppp12 PPP: Using AAA Unique Id = 1B
Jun 13 10:35:46.162: ppp12 PPP: Authorization NOT required
Jun 13 10:35:46.162: ppp12 PPP: Using vpn set call direction
Jun 13 10:35:46.162: ppp12 PPP: Treating connection as a callin
Jun 13 10:35:46.162: ppp12 PPP: Session handle[8600000C] Session id[12]
Jun 13 10:35:46.162: ppp12 PPP LCP: negotiation authorized = 1, tacacs author = 0
Jun 13 10:35:48.166: ppp12 PPP LCP: neg is authorized, processing CP UP event
Jun 13 10:36:08.326: ppp12 PPP: Sending Acct Event[Down] id[1B]
Jun 13 10:36:08.326: ppp12 PPP: Clearing AAA Unique Id = 1B
Jun 13 10:36:08.326: VPDN uid:12 disconnect (AAA) IETF: 9/nas-error Ascend: 24/PPP LCP Fail
Jun 13 10:36:08.326: VPDN Unknown vpdn syslog error due to AAA disconnect code 24
Jun 13 10:36:08.326: VPDN uid:12 vpdn shutdown session, result=2, error=6, vendor_err=0, syslog_error_code=0, syslog_key_type=1
Jun 13 10:36:08.326: VPDN uid:12 VPDN/AAA: accounting stop sent
Jun 13 10:36:08.326: VPDN Received L2TUN socket message <CDN - Session Disconnected>
  • Вопрос задан
  • 1793 просмотра
Пригласить эксперта
Ответы на вопрос 2
@exStasik Автор вопроса
sh ver
Cisco IOS Software, C2951 Software (C2951-UNIVERSALK9-M), Version 15.3(1)T, RELEASE SOFTWARE (fc1)
Technical Support: www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Mon 26-Nov-12 15:17 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)

ol-gw1 uptime is 1 hour, 7 minutes
System returned to ROM by reload at 11:44:27 MSK Sat Jun 13 2015
System restarted at 11:46:39 MSK Sat Jun 13 2015
System image file is "flash0:c2951-universalk9-mz.SPA.153-1.T.bin"
Last reload type: Normal Reload
Last reload reason: Reload Command
Ответ написан
Комментировать
sizaik
@sizaik
сисадмин, Витебск
Добавь aaa authorization network default local
Ответ написан
Комментировать
Ваш ответ на вопрос

Войдите, чтобы написать ответ

Войти через центр авторизации
Похожие вопросы