just remove the MPPE configuration under virtual-template and try...! Thanks Hitesh Vinzoda
On Fri, Dec 14, 2012 at 1:23 AM, Gert Doering <g...@greenie.muc.de> wrote: > Hi, > > On Thu, Dec 13, 2012 at 04:59:10PM +0100, Christophe Lucas wrote: > > interface Virtual-Template1 > > ip unnumbered FastEthernet0/0 > > autodetect encapsulation ppp > > peer default ip address pool vpn > > ppp encrypt mppe auto > > ppp authentication ms-chap-v2 > > JFTR, I hope everybody on this list is aware that PPTP with MPPE/MS-CHAP-v2 > is about as secure as using PAP and no encryption. > > If someone is able to sniff your PPTP/MPPE-Session, all they need is to > insert $200 into cloudcracker.com, and next morning they will have the > NTLM HASH needed to authenticate against the server, impersonating the > VPN client. > > See here for a detailed description: > > > http://www.h-online.com/security/features/A-death-blow-for-PPTP-1716768.html > > Use IPSEC, SSL-VPN or OpenVPN. > > gert > -- > USENET is *not* the non-clickable part of WWW! > // > www.muc.de/~gert/ > Gert Doering - Munich, Germany > g...@greenie.muc.de > fax: +49-89-35655025 > g...@net.informatik.tu-muenchen.de > > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/