Symptoms:

• Cannot set up a PPTP VPN from Microsoft Windows Vista (TM) to X-family using authentication via Juniper/Funk Steel Belted RADIUS Server
  
  Facts:
• Funk Software and Steel-Belted Radius are trademarks of Juniper Networks
  * 3CRTPX505-73
  * 3CRTPX505-96
  * 3CRTPX506-96
  * 3CRX506-96
  * 3CRTPX5-25-96
• 3CRTPX5-U-96
  * TippingPoint
  * PPTP
  * VPN
  * Microsoft Windows Vista
  * Juniper
  * Funk
  * Steel Belted
  * RADIUS
  * X505
  * X506
  * X5
  * 2.5.0
  * 2.5.1
  

Causes: Microsoft Windows Vista (TM) enforces the use of MS-CHAPv2 authentication. The default setting for the Steel Belted RADIUS Server does not support this.

Fixes:

Go to the “Users” page on the Steel Belted RADIUS Server, select the User that you wish to change to support MS-CHAPv2 and add the following two attributes: MS-MPPE-Recv-Key, MS-MPPE-Send-Key and Save the change. Alternatively you can set up a “Profile” that contains these two Attributes and point any number of Users to the Profile. Do not add the Attribute MS-CHAP2-Success with a hard-coded value as the Steel Belted RADIUS server generates it correctly by default with a dynamic value which is checked by the X-famiy device.

• Product(s): TippingPoint, X Family
  * Sub Product(s): X505, X506, X5
  

— David Gonzalez 2021/04/07 14:56