Cisco Dialing to a Win2K server

Posted on 2002-05-06
Last Modified: 2012-05-04
Currently, I am configuring a Cisco router (1720) to dial out to a Win2K server, but the authentication doesn't seems to go through. I've tried both CHAP and PAP, but it failed. Win2K Server is enabled with Routing and Remote access and the users are grant permisions to dial in.

Is there anything needed to be done on the WIn2K server or the Cisco router ?

Question by:carollow
LVL 79

Expert Comment

ID: 6992440
Can you post your router config?


Author Comment

ID: 6992669

Below is the cisco config.
BTW, I found out that Win2K only supports MSCHAP ano not PAP/CHAP, is that true ?

hostname Dialing
enable password cisco
username mars password 0 mars
memory-size iomem 25
ip subnet-zero
ip ssh time-out 120
ip ssh authentication-retries 3
interface FastEthernet0
 ip address
 speed 10
interface Serial0
 physical-layer async
 ip address
 encapsulation ppp
 dialer in-band
 dialer string 516
 dialer-group 1
 async mode interactive
 peer default ip address pool dgsb
 ppp pap sent-username mars password mars
ip local pool mars
ip classless
ip route Serial0
no ip http server
ip pim bidir-enable
dialer-list 1 protocol ip permit
line con 0
 exec-timeout 0 0
line 1
 login local
 modem InOut
 transport input all
 autoselect during-login
 autoselect ppp
 stopbits 1
 speed 19200
 flowcontrol hardware
line aux 0
line vty 0 4
 exec-timeout 0 0
 password cisco
no scheduler allocate

LVL 79

Expert Comment

ID: 6992955
Are you using an analog modem connected to the serial 0 interface?

What phone number are you trying to dial?

You might want to read this and see if it helps:

You might need a chat script also:

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.


Author Comment

ID: 6993281

I am performing a test internally, I can dial out but the Win2K server authentication is not successful.

LVL 79

Accepted Solution

lrmoore earned 50 total points
ID: 6993748
On the router, turn on debug ppp negotiation and look for any clues as to why it won't authenticate. Is the server in the 10.10.10.x network? The server should be able to authenticate pap,chap, or mschap. Your router should be also capable.
Add this line to the serial 0 config:
 ppp authentication chap ms-chap

Change this line:
 ppp pap sent username ...
 ppp chap sent username mars pass mars
 ppp ms-chap sent username mars pass mars

Does the username mars account have dial-in priveleges on the server enabled?


Expert Comment

ID: 7040895
To continue with the last comment from Irmoore, Is Windows 2000 a domain controller and if so, is the domain in Native Mode? If it's in Native Mode, the dial-in properties will be used from Group Policy, you'll have to enable the dial-in properties using Group Policy (or you can change it on the user account to "allow access").

Where did you find out that "Win2K only supports MSCHAP ano not PAP/CHAP." I believe it supports PAP, CHAP, MS-CHAP, MS-CHAP v2, SPAP and EAP.
LVL 17

Expert Comment

ID: 7055963
Where does that account exist, local on the Windows 2K server or in Active Directory?
LVL 79

Expert Comment

ID: 7997502
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area for this question:

I recommend: moderator decide

If you would like to keep this question open for more expert input, this cleanup effort will get it closer to the top of the list where it will get more visibility for the experts.

if there is any objection or other expert commentary to this recommendation then please post in here within 7 days.
If you feel that your question was not properly addressed, or that none of the comments received were appropriate answers, please post a request in Community support (with a link to this page) to refund your points.


EE Cleanup Volunteer

Expert Comment

ID: 8054175
Answered by lrmoore

Community Support Moderator @Experts Exchange

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How do I modify Ubigate for new ISP? 2 102
Wireless network monitoring 8 71
BGP prefix and routing 3 63
can't ssh to external IP 9 26
While it is possible to put two routes in place with the secondary having a higher metric, this may not always work. In the event of a failure that does not bring down the physical interface on the router the primary route is not removed. There is a…
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question