PPP encrypt mppe

luke2bluke2b
in CCIE Routing & Switching Technical

Hi,

Has anyone experience with "ppp encrypt mppe"? I can't get the following to work. The ping packets are ecrypted, but I can't ping the other side. Any help would be appreciated. Thanks.

 

R4:
username R7 password 0 cisco
interface Serial1/0
 ip address 47.47.47.4 255.255.255.0
 encapsulation ppp
 serial restart-delay 0
 clock rate 2016000
 ppp encrypt mppe auto
 ppp authentication ms-chap

R7:
username R4 password 0 cisco
interface Serial1/0
 ip address 47.47.47.7 255.255.255.0
 encapsulation ppp
 serial restart-delay 0
 ppp encrypt mppe auto
 ppp authentication ms-chap


R7#ping 47.47.47.4

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 47.47.47.4, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R7#

R7#sh ppp mppe s1/0
Interface Serial1/0 (current connection)
  Software encryption, 128 bit encryption, Stateless mode
  packets encrypted = 68       packets decrypted  = 48
  sent CCP resets   = 0        receive CCP resets = 0
  next tx coherency = 68       next rx coherency  = 48
  tx key changes    = 68       rx key changes     = 48
  rx pkt dropped    = 0        rx out of order pkt= 0
  rx missed packets = 0

· Share on FacebookShare on Twitter

Comments

  • Narayan.NeupaneNarayan.Neupane

    Hi,

    This command ppp encrypt mppe auto negotiates on 40 or 128 bit. It is really dependable.

    R1#show ppp mppe s0/0
    Interface Serial0/0 (current connection)
      Software encryption, 40 bit encryption, Stateless mode
      packets encrypted = 17       packets decrypted  = 18
      sent CCP resets   = 0        receive CCP resets = 0
      next tx coherency = 17       next rx coherency  = 18
      tx key changes    = 17       rx key changes     = 18
      rx pkt dropped    = 0        rx out of order pkt= 0
      rx missed packets = 0

    You had 128 but here I have 40 bits encryption.

    R1#ping 192.168.0.2

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 192.168.0.2, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 16/44/100 ms
    R1#
    So this is negotiation problem what I would suggest is another end specify the bits you would like to use:

    R2(config-if)#ppp encrypt mppe 40

    but on some platform you don't get ICMP reply on 128 bit encryption but 40 bits works very well try with 40.

    HAPPY STUDY

    [:D]

     

     

    · Share on FacebookShare on Twitter
  • luke2bluke2b

    Thanks a lot nnn!!!, it works [:D]

     

    R4#ping 47.47.47.7

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 47.47.47.7, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 8/22/60 ms
    R4#ping 47.47.47.7
    *Mar  1 04:24:33.654: ICMP: echo reply rcvd, src 47.47.47.7, dst 47.47.47.4
    *Mar  1 04:24:33.682: ICMP: echo reply rcvd, src 47.47.47.7, dst 47.47.47.4
    *Mar  1 04:24:33.694: ICMP: echo reply rcvd, src 47.47.47.7, dst 47.47.47.4
    *Mar  1 04:24:33.702: ICMP: echo reply rcvd, src 47.47.47.7, dst 47.47.47.4
    *Mar  1 04:24:33.718: ICMP: echo reply rcvd, src 47.47.47.7, dst 47.47.47.4
    R4#sh ppp mppe s1/0
    Interface Serial1/0 (current connection)
      Software encryption, 40 bit encryption, Stateless mode
      packets encrypted = 17       packets decrypted  = 16
      sent CCP resets   = 0        receive CCP resets = 0
      next tx coherency = 17       next rx coherency  = 16
      tx key changes    = 17       rx key changes     = 16
      rx pkt dropped    = 0        rx out of order pkt= 0
      rx missed packets = 0

    · Share on FacebookShare on Twitter
  • Narayan.NeupaneNarayan.Neupane

    Thanks a lot nnn!!!, it works Big Smile

     

    Good to know[Y]

    · Share on FacebookShare on Twitter
Sign In or Register to comment.