|
|
This document includes the following sections:
The Point to Point Tunneling Protocol (PPTP) with Microsoft Point-to-Point Encryption (MPPE) feature enables Cisco Virtual Private Networks (VPNs) to use PPTP as the tunneling protocol.
PPTP is a network protocol that enables the secure transfer of data from a remote client to a private enterprise server by creating a VPN across TCP/IP-based data networks. PPTP supports on-demand, multiprotocol, virtual private networking over public networks, such as the Internet. This section describes the following aspects of PPTP:
VPNs are designed based on one of the two following tunneling architecture options:
Compulsory tunneling (also referred to as NAS-initiated tunneling) enables users to dial in to a NAS, which then establishes an encrypted tunnel to the tunnel server. The connection between the client of the user and the NAS is not encrypted.
Voluntary tunneling (also referred to as client-initiated tunneling) enables clients to configure and establish encrypted tunnels to tunnel servers without an intermediate NAS participating in the tunnel negotiation and establishment.
For PPTP, only voluntary tunneling is supported.
Table 1describes the protocol negotiation events that establish a PPTP tunnel.
The flow control alarm is a new function that indicates if PPTP detects congestion or lost packets. When a flow control alarm goes off, PPTP reduces volatility and additional control traffic by establishing an accompanying stateful MPPE session.
For more information, see the pptp flow-control static-rtt command, and the output from the show vpdn session commands in the "Verifying a PPTP Connection" section.
MPPE is an encryption technology developed by Microsoft to encrypt point-to-point links. These PPP connections can be over a dialup line or over a VPN tunnel. MPPE works as a subfeature of Microsoft Point-to-Point Compression (MPPC).
MPPC is a scheme used to compress PPP packets between Cisco and Microsoft client devices. The MPPC algorithm is designed to optimize bandwidth utilization in order to support multiple simultaneous connections.
MPPE is negotiated using bits in the MPPC option within the Compression Control Protocol (CCP) MPPC configuration option (CCP configuration option number 18).
MPPE uses the RC4 algorithm with either 40- or 128-bit keys. All keys are derived from the cleartext authentication password of the user. RC4 is stream cipher; therefore, the sizes of the encrypted and decrypted frames are the same size as the original frame. The Cisco implementation of MPPE is fully interoperable with that of Microsoft and uses all available options, including historyless mode. Historyless mode can increase throughput in lossy environments such as VPNs, because neither side needs to send CCP Resets Requests to synchronize encryption contexts when packets are lost.
Two modes of MPPE encryption are offered:
Stateful encryption will provide the best performance but may be adversely affected by networks experiencing substantial packet loss. If you choose stateful encryption you should also configure flow control to minimize the detrimental effects of this lossiness.
Because of the way that the RC4 tables are reinitialized during stateful synchronization, it is possible that two packets may be encrypted using the same key. For this reason, stateful encryption may not be appropriate for lossy network environments (such as Layer 2 tunnels on the Internet).
Stateless encryption provides a lower level of performance, but will be more reliable in a lossy network environment.
 | Caution If you choose stateless encryption you should not configure flow control. |
Enterprises are increasingly looking to the Internet as a means of enabling new, lower-cost services for their users. The ubiquity of the Internet makes it very easy for remote and mobile users to connect anywhere on the planet; all that is required is an ISP to provide Internet access. At the same time, enterprises are hesitant to trust the Internet as a transport for private company data and are looking for means to use the Internet in a secure way.
PPTP with MPPE provides a solution to this need. PPTP provides a mechanism to tunnel user data across the Internet to the edge of the enterprise network, which allows users to use any ISP account and any Internet-routable IP address to access the edge of the Enterprise network. At the edge, the IP packet is de-tunneled and the IP address space of the enterprise is used for traversing the internal network. MPPE provides an encryption service that protects the datastream as it traverses the Internet. MPPE is available in two strengths: 40-bit encryption, which is widely available throughout the world, and 128-bit encryption, which may be subject to certain export controls when used outside the United States.
ISPs can also to leverage PPTP with MPPE when deploying managed services for enterprise customers. In this model, the ISP deploys and manages the PPTP with MPPE tunnel server of the enterprise, or PPTP Network Server (PNS), and manages this service on behalf of the enterprise. The tunnel server may be located at the point of presence (POP) of the ISP, or it may be located at the edge of the enterprise network, but it is managed by the ISP.
A Cisco router running PPTP can support up to 2000 simultaneous PPTP tunnels without MPPE encryption. For PPTP tunnels with MPPE encryption, Cisco routers can currently support up to 500 simultaneous tunnels. Subsequent releases will be able to support up to 1800 simultaneous tunnels.
Only Cisco Express Forwarding (CEF) and process switching are supported. Regular fast switching is not supported.
Only voluntary tunneling---not compulsory tunneling---is supported.
PPTP will not support multilink.
VPDN multihop is not supported.
Because all PPTP signalling is over TCP, TCP configurations will affect PPTP performance in large-scale environments.
MPPE is not supported with TACACS.
MPPE is supported with RADIUS in Cisco IOS Releases 12.0(7)XE1 and later.
None
None
For descriptions of supported MIBs and how to use MIBs, see the Cisco MIB web site on CCO at http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml.
If you are performing mutual authentication with MS-CHAP and MPPE, both sides of the tunnel must use the same password.
To use MPPE with AAA, you must use a RADIUS server that supports the Microsoft Vendor Specific Attribute for MPPE-KEYS. CiscoSecure does not currently support this attribute.
Before configuring PPTP, enable the following configurations:
To configure Authentication, Authorization, and Accounting (AAA) on the tunnel server, use the following commands in global configuration mode:
| Step | Command | Purpose | ||
|---|---|---|---|---|
| PNS(config)# aaa authentication ppp default {group radius | local}
| Configures either local or RADIUS AAA authentication. | ||
| PNS(config)# aaa authorization network default {group radius | local}
| Configures either local or RADIUS AAA authorization. | ||
| PNS(config)# aaa accounting network default start-stop radius | (Optional) Enables AAA accounting that sends a stop accounting notice at the end of the requested user process. | ||
| PNS(config)# radius-server host ip-address [auth-port number] [acct-port number] PNS(config)# radius-server key cisco | Specifies the IP address of the RADIUS server and optionally the ports to be used for authentication and accounting requests. Sets the authentication key and encryption key to "cisco" for all RADIUS communication. Note When using CiscoSecure, the key must be "cisco." |
To configure AAA on the RADIUS server, include the following attributes with the Return List Attributes:
Framed-Protocol = PPP MS-CHAP-MPPE-Keys Service-Type = Framed
To configure the tunnel server to create virtual-access interfaces from a virtual template for incoming PPTP calls, use the following commands beginning in global configuration mode
| Step | Command | Purpose | ||
| PNS(config)# interface virtual-template number | Creates the virtual template that is used to clone virtual-access interfaces. | ||
| PNS(config-if)# ip unnumbered interface-type number | Specifies the IP address of the interface the virtual-access interfaces uses. | ||
| PNS(config-if)# ppp authentication ms-chap | Enables MS-CHAP authentication using the local username database. All windows clients using MPPE need to use MS-CHAP. | ||
| PNS(config-if)# peer default ip address pool default | Returns an IP address from the default pool to the client. | ||
| PNS(config-if)# ip mroute-cache | Disables fast switching of IP multicast. | ||
| PNS(config-if)# ppp encrypt mppe {auto | 40 | 128} [passive | required] [stateful]
| Enables MPPE encryption on the virtual template. |
The IP address pool consists of the IP addresses that the tunnel server assigns to clients. You can also provide BOOTP servers. DNS servers, which are specified using the async-bootp dns-server command, translate host names to IP addresses. WINS servers, which are specified using the async-bootp nbns-server command, provide dynamic NetBIOS names that Windows devices use to communicate without IP addresses.
| Step | Command | Purpose | ||
| PNS(config)# ip local pool default first-ip-address last-ip-address | Configures the default local pool of IP addresses that will be used by clients. | ||
| PNS(config)# async-bootp dns-server ip-address1 [additional-ip-address] | (Optional) Returns the configured addresses of domain dame servers in response to BOOTP requests. | ||
| PNS(config)# async-bootp nbns-server ip-address1 [additional-ip-address] | (Optional) Returns the configured addresses of Windows NT servers in response to BOOTP requests. |
See the following sections for configuration tasks for the PPTP with MPPE feature. Each task in the list indicates if the task is optional or required.
To configure a tunnel to accept tunneled PPP connections from a client, use the following commands beginning in global configuration mode:
| Step | Command | Purpose | ||
|---|---|---|---|---|
| PNS(config)# vpdn-group 1 | Creates VPDN group 1. | ||
| PNS(config-vpdn)# accept dialin | Enables the tunnel server to accept dial-in requests. | ||
| PNS(config-vpdn-acc-in)# | Specifies that the tunneling protocol will be PPTP. | ||
| PNS(config-vpdn-acc-in)# | Specifies the number of the virtual template that will be used to clone the virtual-access interface. | ||
| PNS(config-vpdn-acc-in)# exit PNS(config-vpdn)# local name localname | (Optional) Specifies that the tunnel server will identify itself with this local name. If no local name is specified, the tunnel server will identify itself with its host name. |
To offload MPPE encryption from the tunnel server processor to the ISA card, use the following commands beginning in global configuration mode:
| Step | Command | Purpose | ||
|---|---|---|---|---|
| PNS(config)# controller isa slot/port | Enters controller configuration mode on the ISA card. | ||
| PNS(config-controller)# encryption mppe | Enables MPPE encryption. |
To tune PPTP, use one or more of the following commands in VPDN configuration mode:
| Command | Purpose |
|---|---|
PNS(config-vpdn)# pptp flow-control receive-window packets | Specifies how many packets the client can send before it must wait for the acknowledgment from the tunnel server. |
PNS(config-vpdn)# pptp flow-control static-rtt milliseconds | Specifies the timeout interval of the tunnel server between sending a packet to the client and receiving a response. |
PNS(config-vpdn)# pptp tunnel echo seconds | Specifies the period of idle time on the tunnel that will trigger an echo message from the tunnel server to the client. |
To verify that a PPTP network functions properly, perform the following steps:
Step 1 From the client, dial in to the ISP and establish a PPP session.
Step 2 From the client, dial in to the tunnel server.
Step 3 From the client, ping the tunnel server. From the client desktop:
(a) Click Start.
(b) Select Run.
(c) Enter ping tunnel-server-ip-address.
(d) Click OK.
(e) Look at the terminal screen and verify that the tunnel server is sending ping reply packets to the client.
Step 4 From the tunnel server, enter the show vpdn command and verify that the client has established a PPTP session.
PNS# show vpdn % No active L2TP tunnels % No active L2F tunnels PPTP Tunnel and Session Information (Total tunnels=1 sessions=1) LocID RemID Remote Name State Remote Address Port Sessions 13 13 10.1.2.41 estabd 10.1.2.41 1136 1 LocID RemID TunID Intf Username State Last Chg 13 0 13 Vi3 estabd 000030
Step 5 For more detailed information, enter the show vpdn session all or show vpdn session window commands. The last line of output from the show vpdn session all command indicates the current status of the flow control alarm.
PNS# show vpdn session all
% No active L2TP tunnels
% No active L2F tunnels
PPTP Session Information (Total tunnels=1 sessions=1)
Call id 13 is up on tunnel id 13
Remote tunnel name is 10.1.2.41
Internet Address is 10.1.2.41
Session username is unknown, state is estabd
Time since change 000106, interface Vi3
Remote call id is 0
10 packets sent, 10 received, 332 bytes sent, 448 received
Ss 11, Sr 10, Remote Nr 10, peer RWS 16
0 out of order packets
Flow alarm is clear.
The last line of output from the show vpdn session window command indicates the current status of the flow control alarm (under the heading "Congestion") and the number of flow control alarms that have gone off during the session (under the heading "Alarms").
PNS# show vpdn session window % No active L2TP tunnels % No active L2F tunnels PPTP Session Information (Total tunnels=1 sessions=1) LocID RemID TunID ZLB-tx ZLB-rx Congestion Alarms Peer-RWS 13 0 13 0 1 clear 0 16
Step 6 For information on the virtual-access interface, enter the show ppp mppe virtual-accessnumber command:
PNS# show ppp mppe virtual-access3 Interface Virtual-Access3 (current connection) Hardware (ISA5/1, flow_id=13) encryption, 40 bit encryption, Stateless mode packets encrypted = 0 packets decrypted = 1 sent CCP resets = 0 receive CCP resets = 0 next tx coherency = 0 next rx coherency = 0 tx key changes = 0 rx key changes = 0 rx pkt dropped = 0 rx out of order pkt= 0 rx missed packets = 0
To update the key change information, reissue the show ppp mppe virtual-access3 command.
PNS# show ppp mppe virtual-access3 Interface Virtual-Access3 (current connection) Hardware (ISA5/1, flow_id=13) encryption, 40 bit encryption, Stateless mode packets encrypted = 0 packets decrypted = 1 sent CCP resets = 0 receive CCP resets = 0 next tx coherency = 0 next rx coherency = 0 tx key changes = 0 rx key changes = 1 rx pkt dropped = 0 rx out of order pkt= 0 rx missed packets = 0
To monitor and maintain PPTP with MPPE sessions, use the following EXEC commands:
| Command | Purpose |
|---|---|
clear vpdn tunnel [pptp | l2f | l2tp] network-access-server gateway-name | Shuts down a specific tunnel and all the sessions within the tunnel. |
debug aaa authentication | Displays information on AAA authentication. |
debug aaa authorization | Displays information on AAA authorization. |
debug ppp chap | Displays CHAP packet exchanges. |
debug ppp negotiation | Displays information about packets sent during PPP start-up and detailed PPP negotiation options. |
Displays debug messages for MPPE events. | |
debug vpdn event [protocol | flow-control] | Displays VPDN errors and basic events within the protocol (such as L2TP, L2F, PPTP) and errors associated with flow control. Flow control is only possible if you are using L2TP and the remote peer "receive window" is configured for a value greater than zero. |
debug vpdn l2x-events | Displays L2F and L2TP events that are part of tunnel establishment or shutdown. |
debug vpdn l2x-errors | Displays L2F and L2TP protocol errors that prevent tunnel establishment or normal operation. |
debug vpdn packet [control | data] [detail] | Displays protocol-specific packet header information, such as sequence numbers if present, such as flags and length. |
The following example shows the running configuration of a tunnel server configured for PPTP using an ISA card to perform 40-bit MPPE encryption. It does not have a AAA configuration.
Current configuration ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname PNS ! no logging console guaranteed enable password lab ! username tester41 password 0 lab41 ! ! ! ! ip subnet-zero no ip domain-lookup ! vpdn enable ! vpdn-group 1 ! Default PPTP VPDN group accept-dialin protocol pptp virtual-template 1 local name cisco_pns ! ! ! memory check-interval 1 ! ! controller ISA 5/0 encryption mppe ! process-max-time 200 ! interface FastEthernet0/0 ip address 10.1.1.12 255.255.255.0 no ip directed-broadcast duplex auto speed auto ! interface FastEthernet0/1 ip address 10.1.2.12 255.255.255.0 no ip directed-broadcast duplex auto speed auto ! interface Serial1/0 no ip address no ip directed-broadcast shutdown framing c-bit cablelength 10 dsu bandwidth 44210 ! interface Serial1/1 no ip address no ip directed-broadcast shutdown framing c-bit cablelength 10 dsu bandwidth 44210 ! interface FastEthernet4/0 no ip address no ip directed-broadcast shutdown duplex half ! interface Virtual-Template1 ip unnumbered FastEthernet0/0 no ip directed-broadcast ip mroute-cache no keepalive ppp encrypt mppe 40 ppp authentication ms-chap ! ip classless ip route 172.29.1.129 255.255.255.255 1.1.1.1 ip route 172.29.63.9 255.255.255.255 1.1.1.1 no ip http server ! ! line con 0 exec-timeout 0 0 transport input none line aux 0 line vty 0 4 login ! end
This section documents new or modified commands. All other commands used with this feature are documented in the Cisco IOS Release 12.0 command reference publications.
To shut down a specified tunnel and all the message identifiers (MIDs) within it, use the clear vpdn tunnel EXEC command.
clear vpdn tunnel [pptp | l2f | l2tp] network-access-server gateway-name
pptp | (Optional) Clears the specified Point-to-Point Tunneling Protocol (PPTP) tunnel. |
l2f | (Optional) Clears the specified Layer 2 Forwarding (L2F) tunnel. |
l2tp | (Optional) Clears the specified Layer 2 Tunneling Protocol (L2TP) tunnel. |
network-access-server | Name of the network access server at the far end of the tunnel, probably the point of presence of the public data network or the ISP. |
gateway-name | Host name of home gateway at the local end of the tunnel. |
EXEC
| Release | Modification |
|---|---|
11.2 P | This command was introduced. |
12.0(5)XE5 | The pptp keyword was added. |
This command is used primarily for troubleshooting. You can use the command to force the tunnel to come down without unconfiguring it (the tunnel could be restarted immediately by a user logging in).
The following example clears a tunnel between a network access server called orion and a home gateway called samson:
clear vpdn tunnel orion samson
To enable Microsoft Point-to-Point Encryption (MPPE) encryption on an Industry-Standard Architecture (ISA) card, use the encryption mppe ISA controller configuration command. To disable MPPE encryption, use the no form of this command.
encryption mppeThis command has no keywords or arguments.
IPSec is the default encryption type.
ISA controller configuration
| Release | Modification |
|---|---|
12.0(5)XE5 | This command was introduced. |
Using the ISA card offloads MPPE from the router processor and will improve performance in large-scale environments.
The router must be rebooted for the change from encryption ipsec to encryption mppe to take effect.
The following example enables MPPE encryption on the ISA card in slot 5, port 0:
PNS(config)# controller isa 5/0 PNS(config-controller)# encryption mppe
| Command | Description |
Enables MPPE encryption on the virtual template. | |
Displays MPPE information for an interface. | |
Displays debug messages for MPPE events. |
To enable Microsoft Point-to-Point Encryption (MPPE) encryption on the virtual template, use the ppp encrypt mppe interface configuration command. Use the no form of this command to disable MPPE encryption.
ppp encrypt mppe {auto | 40 | 128} [passive | required] [stateful]
auto | All available encryption strengths are allowed. |
40 | Only 40-bit encryption is allowed. |
128 | Only 128-bit encryption is allowed. |
passive | (Optional) MPPE will not offer encryption, but will negotiate if the other tunnel endpoint requests encryption. |
required | (Optional) MPPE must be negotiated, or the connection will be terminated. |
stateful | (Optional) MPPE will only negotiate stateful encryption. If the stateful keyword is not used, MPPE will first attempt to negotiate stateless encryption, but will fall back to stateful if the other tunnel endpoint requests stateful. |
Disabled.
The default encryption type is stateless.
Interface configuration
| Release | Modification |
|---|---|
12.0(5)XE5 | This command was introduced. |
To use the encryption mppe command, PPP encapsulation must be enabled.
The auto keyword is only offered on 128-bit images.
All of the configurable MPPE options must be identical on both tunnel endpoints.
| Caution Because of the way that the RC4 tables are reinitialized during stateful synchronization, it is possible that two packets may be encrypted using the same key. For this reason, stateful encryption may not be appropriate for lossy network environments (such as Layer 2 tunnels on the Internet). |
The following example shows a virtual template configured to perform 40-bit MPPE encryption:
interface Virtual-Template1 ip unnumbered FastEthernet0/0 no ip directed-broadcast ip mroute-cache no keepalive ppp encrypt mppe 40 ppp authentication ms-chap
| Command | Description |
Enables MPPE encryption on the ISA card. | |
interface virtual-template | Creates a virtual template interface. |
ppp authentication | Enables CHAP, PAP, MS-CHAP or a combination of methods and specifies the order in which the authentication methods are selected on the interface. |
To specify how many packets the client can send before it has to wait for the tunnel server's acknowledgment, use the pptp flow-control receive-window VPDN configuration command. Use the no form of this command to return to the default value.
pptp flow-control receive-window packets
packets | Number of packets the client can send before it has to wait for the tunnel server's acknowledgment. Range: 1 - 64 packets. |
16 packets
VPDN configuration
| Release | Modification |
|---|---|
12.0(5)XE5 | This command was introduced |
| Command | Description |
|---|---|
Specifies the tunnel server's timeout interval between sending a packet to the client and receiving a response. |
To specify the timeout interval of the tunnel server between sending a packet to the client and receiving a response, use the pptp flow-control static-rtt VPDN configuration command. Use the no form of this command to return to the default value of 1500 milliseconds (ms).
pptp flow-control static-rtt milliseconds
milliseconds | Timeout interval of the tunnel server between sending a packet to the client and receiving a response. Range: 100 -to 5000 milliseconds. |
1500 ms
VPDN configuration
| Release | Modification |
|---|---|
12.0(5)XE5 | This command was introduced. |
If the session times out, the tunnel server does not retry or resend the packet. Instead the flow control alarm is set off, and stateful mode is automatically switched to stateless.
| Command | Description |
Specifies how many packets the client can send before it must wait for the acknowledgment from the tunnel server. | |
pptp tunnel echo | Specifies the period of idle time on the tunnel that will trigger an echo message from the tunnel server to the client. |
To specify the period of idle time on the tunnel that will trigger an echo message from the tunnel server to the client, use the pptp tunnel echo VPDN configuration command. Use the no form of this command to return to the default value of 60 seconds.
pptp tunnel echo seconds
seconds | Echo packet interval in seconds. Range: 0 to 1000 seconds. |
60 seconds
VPDN configuration
| Release | Modification |
|---|---|
12.0(5)XE5 | This command was introduced. |
If the tunnel server does not receive an echo reply within 20 seconds, it will tear down the tunnel. This 20-second interval is hard coded.
| Command | Description |
Specifies how many packets the client can send before it must wait for the acknowledgment from the tunnel server. | |
Specifies the timeout interval of the tunnel server between sending a packet to the client and receiving a response. |
To display Microsoft Point-to-Point Encryption (MPPE) information for an interface, use the show ppp mppe privileged EXEC command.
show ppp mppe {serial | virtual-access}[number]
serial | Displays MPPE information for all serial interfaces. |
virtual-access | Displays MPPE information for all virtual-access interfaces. |
number | (Optional) Displays MPPE information for only the specified interface. |
Privileged EXEC mode
| Release | Modification |
|---|---|
12.0(5)XE5 | This command was introduced. |
None of the fields in the output from the show ppp mppe command are fatal errors. Excessive packet drops, misses, out of orders, or CCP-Resets indicate that packets are getting lost. If you see such activity and have stateful MPPE configured, you may want to consider switching to stateless mode.
The following example displays MPPE information for virtual-access interface 3:
PNS# show ppp mppe virtual-access3 Interface Virtual-Access3 (current connection) Hardware (ISA5/1, flow_id=13) encryption, 40 bit encryption, Stateless mode packets encrypted = 0 packets decrypted = 1 sent CCP resets = 0 receive CCP resets = 0 next tx coherency = 0 next rx coherency = 0 tx key changes = 0 rx key changes = 0 rx pkt dropped = 0 rx out of order pkt= 0 rx missed packets = 0
To update the key change information, reissue the show ppp mppe virtual-access3 command:
PNS# show ppp mppe virtual-access3 Interface Virtual-Access3 (current connection) Hardware (ISA5/1, flow_id=13) encryption, 40 bit encryption, Stateless mode packets encrypted = 0 packets decrypted = 1 sent CCP resets = 0 receive CCP resets = 0 next tx coherency = 0 next rx coherency = 0 tx key changes = 0 rx key changes = 1 rx pkt dropped = 0 rx out of order pkt= 0 rx missed packets = 0
Table 2 describes significant fields in the output:
| Field | Description |
|---|---|
packets encrypted | Number of packets that have been encrypted |
packets decrypted | Number of packets that have been decrypted |
sent CCP resets | Number of CCP-Resets sent. One CCP-Reset is sent for each packet loss that is detected in stateful mode. When configured for stateless MPPE, this field is always zero. |
next tx coherency | The coherency count (the sequence number) of the next packet to be encrypted. |
next rx coherency | The coherency count (the sequence number) of the next packet to be decrypted. |
key changes | Number of times the session key has been reinitialized. In stateless mode, the key is reinitialized once per packet. In stateful mode, the key is reinitialized every 256 packets or when a CCP-Reset is received. |
rx packet dropped | Number of packets received and dropped. A packet is dropped because it is suspected of being a duplicate or already received packet. |
rx out of order pkt | Number of packets received that are out of order. |
rx missed packets | Number of packets received that indicated that a packet has been missed elsewhere. |
| Command | Description |
Specifies the timeout interval of the tunnel server between sending a packet to the client and receiving a response. |
To display debug messages for Microsoft Point-to-Point Compression (MPPC) events, use the debug ppp mppe EXEC command. Use the no form of this command to disable MPPC debugging.
debug ppp mppeThis command has no keywords or arguments.
Disabled
| Release | Modification |
|---|---|
12.0(5)XE5 | This command was introduced. |
| Command | Description |
Enables MPPE encryption on the ISA card. | |
Enables MPPE encryption on the virtual template. | |
Displays MPPE information for an interface. |
Posted: Fri Mar 3 11:48:46 PST 2000
Copyright 1989 - 2000©Cisco Systems Inc.