CANNOT SET UP A PPTP VPN FROM MICROSOFT WINDOWS VISTA (TM) TO X-FAMILY USING AUTHENTICATION VIA JUNIPER/FUNK STEEL BELTED RADIUS SERVER

Problem: Cannot set up a PPTP VPN from Microsoft Windows Vista (TM) to X-family using authentication via Juniper/Funk Steel Belted RADIUS Server

Fact: Funk Software and Steel-Belted Radius are trademarks of Juniper Networks

• 3CRTPX505-73
• 3CRTPX505-96
• 3CRTPX506-96
• 3CRX506-96
• 3CRTPX5-25-96
• 3CRTPX5-U-96
• TippingPoint
• PPTP
• VPN
• Microsoft Windows Vista
• Juniper
• Funk
• Steel Belted
• RADIUS
• X505 - X506 - X5
• 2.5.0 - 2.5.1

Cause: Microsoft Windows Vista (TM) enforces the use of MS-CHAPv2 authentication. The default setting for the Steel Belted RADIUS Server does not support this.

Fix: Go to the “Users” page on the Steel Belted RADIUS Server, select the User that you wish to change to support MS-CHAPv2 and add the following two attributes: MS-MPPE-Recv-Key / MS-MPPE-Send-Key and Save the change.

Alternatively you can set up a “Profile” that contains these two Attributes and point any number of Users to the Profile. Do not add the Attribute MS-CHAP2-Success with a hard-coded value as the Steel Belted RADIUS server generates it correctly by default with a dynamic value which is checked by the X-famiy device.

— David Gonzalez 2021/04/08 10:24