Re: MPPE - (Microsoft PPP Encryption) - anyone know how to

This configuration seems to work well for me

R2:

username R5 password pants
!
interface Serial0/2/0
 ip address 25.25.25.2 255.255.255.0
 encapsulation ppp
 clock rate 2000000
 ppp encrypt mppe 128 required
 ppp authentication ms-chap

R5:

interface Serial0/2/0
 ip address 25.25.25.5 255.255.255.0
 encapsulation ppp
 ppp encrypt mppe 128
 ppp chap password 0 pants

R2#sh ip int brie | i 0/2/0
Serial0/2/0 25.25.25.2 YES manual up up
R2#ping 25.25.25.5 re 100

Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 25.25.25.5, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 1/2/4 ms

R2#show ppp mppe ?
  Async Async interface
  Dialer Dialer interface
  Multilink Multilink-group interface
  Serial Serial

R2#show ppp mppe serial0/2/0
Interface Serial0/2/0 (current connection)
  Software encryption, 128 bit encryption, Stateless mode
  packets encrypted = 114 packets decrypted = 114
  sent CCP resets = 0 receive CCP resets = 0
  next tx coherency = 114 next rx coherency = 114
  tx key changes = 114 rx key changes = 114
  rx pkt dropped = 0 rx out of order pkt= 0
  rx missed packets = 0

On Thu, May 6, 2010 at 8:42 AM, Nathan Richie <nathanr_at_boice.net> wrote:
> Beefmo,
>
> You can run PPP mppe on serial interfaces. However, the trick to it is that you must use MS-chap authentication (makes sense since it was designed to terminate Microsoft VPN tunnels). Since this is encryption, I would recommend that you get your authentication working first on the PPP link and then enable mppe. Certain things have to match on both ends such as strength (options are 40 & 128) and whether encryption is required or not. Note that there are some options such as auto for the key strength that you can use as well. I would recommend that you look at the various settings for the command and then test them out in a lab so you understand what settings work and what settings do not work. The good news is that it is only 1 command :)
>
> HTH,
>
> Nathan
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Beefmo
> Sent: Thursday, May 06, 2010 6:17 AM
> To: ccielab_at_groupstudy.com
> Subject: MPPE - (Microsoft PPP Encryption) - anyone know how to implement this on a serial link?
>
> Can anyone explain to me or point me to a link that shows how we'd implement
> MPPE? (haha, everyone's like "wtf is mppe?")
>
> What I do know is that it's Microsoft Point-to-Point Encryption and is
> supported by Cisco as a means of encrypting PPP or PPTP. This is where I get
> lost, is it just another authentication method negotiated at LCP? Or is it
> only valid inside a PPTP tunnel?
>
> What I can find of it on the Cisco site seems divided between using it with
> PPP and using it with PPTP. It seems to be more of a tech to use in a
> client/server VPN situation but I'd like to know how we can run it across a
> serial link between two Cisco devices. I guess my understanding of PPTP is
> lacking too. Any security guys help me out here?
> Thanks in advance!
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
Regards,
Joe Astorino - CCIE #24347
Sr. Technical Instructor - IPexpert
Mailto: jastorino_at_ipexpert.com
Telephone: +1.810.326.1444
Live Assistance, Please visit: www.ipexpert.com/chat
eFax: +1.810.454.0130
IPexpert is a premier provider of Self-Study Workbooks, Video on
Demand, Audio Tools, Online Hardware Rental and Classroom Training for
the Cisco CCIE (R&S, Voice, Security & Service Provider)
certification(s) with training locations throughout the United States,
Europe, South Asia and Australia. Be sure to visit our online
communities at www.ipexpert.com/communities and our public website at
www.ipexpert.com
Blogs and organic groups at http://www.ccie.net