Symptoms:

• Cannot set up a PPTP VPN from Microsoft Windows Vista (TM) to X-family using authentication via Juniper/Funk Steel Belted RADIUS Server

Facts:

• Funk Software and Steel-Belted Radius are trademarks of Juniper Networks
• 3CRTPX505-73
• 3CRTPX505-96
• 3CRTPX506-96
• 3CRX506-96
• 3CRTPX5-25-96
• 3CRTPX5-U-96
• TippingPoint
• PPTP
• VPN
• Microsoft Windows Vista
• Juniper
• Funk
• Steel Belted
• RADIUS
• X505
• X506
• X5
• 2.5.0
• 2.5.1

Causes: Microsoft Windows Vista (TM) enforces the use of MS-CHAPv2 authentication. The default setting for the Steel Belted RADIUS Server does not support this.

Fixes:

Go to the “Users” page on the Steel Belted RADIUS Server, select the User that you wish to change to support MS-CHAPv2 and add the following two attributes: MS-MPPE-Recv-Key, MS-MPPE-Send-Key and Save the change. Alternatively you can set up a “Profile” that contains these two Attributes and point any number of Users to the Profile. Do not add the Attribute MS-CHAP2-Success with a hard-coded value as the Steel Belted RADIUS server generates it correctly by default with a dynamic value which is checked by the X-famiy device.

• Product(s): TippingPoint, X Family
• Sub Product(s): X505, X506, X5

— David Gonzalez 2021/04/07 14:56