cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

164
Views
0
Helpful
0
Replies
j_friedrich
Beginner

AAA issues with VPN and IPCP?

Hi,

     I have been struggling to find a solution as to why my L2TP tunnel comes up, but, no ip through IPCP is working.  I have a few third party VPN providers that I can connect to with no problem.  My config is solid as far as the Virtual-PPP interface is concerned.  So, as far as the AAA is concerned, here are a few commands that I have used:

aaa new-model

aaa authentication login local_auth local

aaa authentication ppp default none

 

So, here is the revelant debugs:

008940: *Jan  7 15:08:05.543 MDT: Vp1 LCP: Timeout: State Listen
008941: *Jan  7 15:08:05.543 MDT: AAA/AUTHOR (00000007): Method list id=0 not configured. Skip author
008942: *Jan  7 15:08:05.543 MDT: Vp1 PPP: Authorization NOT required
008943: *Jan  7 15:08:05.543 MDT: Vp1 PPP: No remote authentication for call-out
008944: *Jan  7 15:08:05.543 MDT: Vp1 AAA/AUTHOR/LCP: Authorization succeeds trivially
008945: *Jan  7 15:08:05.543 MDT: Vp1 LCP: O CONFREQ [Listen] id 142 len 10
008946: *Jan  7 15:08:05.543 MDT: Vp1 LCP:    MagicNumber 0x1A220FED (0x05061A220FED)
Cisco3825#
008947: *Jan  7 15:08:07.559 MDT: Vp1 LCP: Timeout: State REQsent
008948: *Jan  7 15:08:07.559 MDT: Vp1 LCP: O CONFREQ [REQsent] id 143 len 10
008949: *Jan  7 15:08:07.559 MDT: Vp1 LCP:    MagicNumber 0x1A220FED (0x05061A220FED)
Cisco3825#
008950: *Jan  7 15:08:09.575 MDT: Vp1 LCP: Timeout: State REQsent
008951: *Jan  7 15:08:09.575 MDT: Vp1 LCP: O CONFREQ [REQsent] id 144 len 10
008952: *Jan  7 15:08:09.575 MDT: Vp1 LCP:    MagicNumber 0x1A220FED (0x05061A220FED)
Cisco3825#
008953: *Jan  7 15:08:11.591 MDT: Vp1 LCP: Timeout: State REQsent
008954: *Jan  7 15:08:11.591 MDT: Vp1 LCP: O CONFREQ [REQsent] id 145 len 10
008955: *Jan  7 15:08:11.591 MDT: Vp1 LCP:    MagicNumber 0x1A220FED (0x05061A220FED)
Cisco3825#
008956: *Jan  7 15:08:13.607 MDT: Vp1 LCP: Timeout: State REQsent
008957: *Jan  7 15:08:13.607 MDT: Vp1 LCP: O CONFREQ [REQsent] id 146 len 10
008958: *Jan  7 15:08:13.607 MDT: Vp1 LCP:    MagicNumber 0x1A220FED (0x05061A220FED)
008959: *Jan  7 15:08:13.691 MDT: Vp1 LCP: I CONFREQ [REQsent] id 0 len 8
008960: *Jan  7 15:08:13.691 MDT: Vp1 LCP:    AuthProto PAP (0x0304C023)
008961: *Jan  7 15:08:13.691 MDT: Vp1 LCP: O CONFACK [REQsent] id 0 len 8
008962: *Jan  7 15:08:13.691 MDT: Vp1 LCP:    AuthProto PAP (0x0304C023)
008963: *Jan  7 15:08:13.691 MDT: Vp1 LCP: State is Open
008964: *Jan  7 15:08:13.691 MDT: Vp1 PPP: Phase is AUTHENTICATING, by the peer
Cisco3825#
008965: *Jan  7 15:08:13.691 MDT: AAA/AUTHEN/PPP (00000007): Pick method list 'default'
008966: *Jan  7 15:08:13.691 MDT: Vp1 LCP: I CONFREJ [Open] id 146 len 10
008967: *Jan  7 15:08:13.691 MDT: Vp1 LCP:    MagicNumber 0x1A220FED (0x05061A220FED)
008968: *Jan  7 15:08:13.691 MDT: Vp1 LCP: O CONFREQ [ACKsent] id 147 len 4
008969: *Jan  7 15:08:13.775 MDT: Vp1 LCP: I CONFACK [ACKsent] id 147 len 4
008970: *Jan  7 15:08:13.775 MDT: Vp1 LCP: State is Open
008971: *Jan  7 15:08:13.775 MDT: AAA/AUTHEN/PPP (00000007): Pick method list 'default'
Cisco3825#
008972: *Jan  7 15:08:23.783 MDT: Vp1 AUTH: Timeout 1
Cisco3825#
008973: *Jan  7 15:08:33.799 MDT: Vp1 AUTH: Timeout 2
Cisco3825#
008974: *Jan  7 15:08:43.815 MDT: Vp1 AUTH: Timeout 3
Cisco3825#
008975: *Jan  7 15:08:53.831 MDT: Vp1 AUTH: Timeout 4
Cisco3825#
008976: *Jan  7 15:09:03.847 MDT: Vp1 AUTH: Timeout 5
Cisco3825#
008977: *Jan  7 15:09:07.356 MDT: Vp1 PPP: Outbound ip packet dropped
Cisco3825#
008978: *Jan  7 15:09:13.864 MDT: Vp1 AUTH: Timeout 6
Cisco3825#
008979: *Jan  7 15:09:17.356 MDT: Vp1 PPP: Outbound ip packet dropped
Cisco3825#
008980: *Jan  7 15:09:23.880 MDT: Vp1 AUTH: Timeout 7
Cisco3825#
008981: *Jan  7 15:09:27.356 MDT: Vp1 PPP: Outbound ip packet dropped
Cisco3825#
008982: *Jan  7 15:09:33.896 MDT: Vp1 AUTH: Timeout 8
Cisco3825#
008983: *Jan  7 15:09:37.356 MDT: Vp1 PPP: Outbound ip packet dropped
Cisco3825#
008984: *Jan  7 15:09:43.912 MDT: Vp1 AUTH: Timeout 9
Cisco3825#
008985: *Jan  7 15:09:47.356 MDT: Vp1 PPP: Outbound ip packet dropped
Cisco3825#
008986: *Jan  7 15:09:53.928 MDT: Vp1 AUTH: Timeout 10
Cisco3825#
008987: *Jan  7 15:09:57.356 MDT: Vp1 PPP: Outbound ip packet dropped
Cisco3825#
008988: *Jan  7 15:10:03.944 MDT: Vp1 AUTH: Timeout 11
008989: *Jan  7 15:10:03.944 MDT: Vp1 PPP: Sending Acct Event[Down] id[7]
008990: *Jan  7 15:10:03.944 MDT: AAA/ACCT/EVENT/(00000007): NET DOWN
008991: *Jan  7 15:10:03.944 MDT: AAA/ACCT/NET(00000007): Method list not found
008992: *Jan  7 15:10:03.944 MDT: AAA/ACCT(00000007): del node, session 4
008993: *Jan  7 15:10:03.944 MDT: AAA/ACCT/NET(00000007): free_rec, count 0
008994: *Jan  7 15:10:03.944 MDT: AAA/ACCT/NET(00000007) reccnt 0, csr FALSE, osr 0
008995: *Jan  7 15:10:03.944 MDT: AAA/ACCT/HC(00000007): Update Vp1
008996: *Jan  7 15:10:03.944 MDT: AAA/ACCT/HC(00000007): Vp1 [pre-sess] (rx/tx) base 2114/15028 pre 15468/32490 call 15468/32490
008997: *Jan  7 15:10:03.944 MDT: AAA/ACCT/HC(00000007): Vp1 [pre-sess] (rx/tx) adjusted, pre 13354/17462 call 0/0
008998: *Jan  7 15:10:03.944 MDT: AAA/ACCT/HC(00000007): Update Vp1
008999: *Jan  7 15:10:03.944 MDT: AAA/ACCT/HC(00000007): Vp1 [sess] (rx/tx) base 2114/15028
Cisco3825# pre 15468/32490 call 15468/32490
009000: *Jan  7 15:10:03.944 MDT: AAA/ACCT/HC(00000007): Vp1 [sess] (rx/tx) adjusted, pre 13354/17462 call 0/0
009001: *Jan  7 15:10:03.944 MDT: AAA/ACCT/HC(00000007): Deregister Vp1
009002: *Jan  7 15:10:03.944 MDT: Vp1 PPP: Phase is TERMINATING
009003: *Jan  7 15:10:03.944 MDT: Vp1 LCP: O TERMREQ [Open] id 148 len 4
009004: *Jan  7 15:10:03.944 MDT: AAA/ACCT/EVENT/(00000007): CALL STOP
009005: *Jan  7 15:10:03.944 MDT: AAA/ACCT(00000007) reccnt 0, osr 0
009006: *Jan  7 15:10:04.028 MDT: Vp1 LCP: I TERMACK [TERMsent] id 148 len 4
009007: *Jan  7 15:10:04.028 MDT: Vp1 LCP: State is Closed
009008: *Jan  7 15:10:04.028 MDT: Vp1 PPP: Phase is DOWN
009009: *Jan  7 15:10:04.028 MDT: Vp1 PPP: Phase is ESTABLISHING, Passive Open
009010: *Jan  7 15:10:04.028 MDT: Vp1 LCP: State is Listen
Cisco3825#
009011: *Jan  7 15:10:06.024 MDT: Vp1 LCP: Timeout: State Listen
009012: *Jan  7 15:10:06.024 MDT: AAA/BIND(00000009): Bind i/f Virtual-PPP1
009013: *Jan  7 15:10:06.024 MDT: AAA/ACCT/HC(00000009): Register Vp1 100Mbit/s, poll every 5m 0s
009014: *Jan  7 15:10:06.024 MDT: AAA/ACCT/HC(00000009): Update Vp1
009015: *Jan  7 15:10:06.024 MDT: AAA/ACCT/HC(00000009): Vp1 [init-sess] (rx/tx) base 15474/32498 pre 15474/32498 call 15474/32498
009016: *Jan  7 15:10:06.024 MDT: AAA/ACCT/HC(00000009): Vp1 [init-sess] (rx/tx) adjusted, pre 0/0 call 0/0
009017: *Jan  7 15:10:06.024 MDT: AAA/ACCT/EVENT/(00000009): CALL START
009018: *Jan  7 15:10:06.024 MDT: Getting session id for NET(00000009) : db=6902396C
009019: *Jan  7 15:10:06.024 MDT: AAA/ACCT(00000000): add node, session 6
009020: *Jan  7 15:10:06.024 MDT: AAA/ACCT/NET(00000009): add, count 1
009021: *Jan  7 15:10:06.024 MDT: Getting session id for NONE(00000009) : db=6902396C
009022: *Jan  7 15:10:06.024 MDT: AAA/AUTHOR (0000
Cisco3825#0009): Method list id=0 not configured. Skip author
009023: *Jan  7 15:10:06.024 MDT: Vp1 PPP: Authorization NOT required
009024: *Jan  7 15:10:06.024 MDT: Vp1 PPP: No remote authentication for call-out
009025: *Jan  7 15:10:06.024 MDT: Vp1 AAA/AUTHOR/LCP: Authorization succeeds trivially
009026: *Jan  7 15:10:06.024 MDT: Vp1 LCP: O CONFREQ [Listen] id 149 len 10
009027: *Jan  7 15:10:06.024 MDT: Vp1 LCP:    MagicNumber 0x1A23E698 (0x05061A23E698)
009028: *Jan  7 15:10:06.108 MDT: Vp1 LCP: I CONFREJ [REQsent] id 149 len 10
009029: *Jan  7 15:10:06.108 MDT: Vp1 LCP:    MagicNumber 0x1A23E698 (0x05061A23E698)
009030: *Jan  7 15:10:06.108 MDT: Vp1 LCP: O CONFREQ [REQsent] id 150 len 4
009031: *Jan  7 15:10:06.192 MDT: Vp1 LCP: I CONFACK [REQsent] id 150 len 4
Cisco3825#
009032: *Jan  7 15:10:07.356 MDT: Vp1 PPP: Outbound ip packet dropped
009033: *Jan  7 15:10:08.104 MDT: Vp1 LCP: Timeout: State ACKrcvd
009034: *Jan  7 15:10:08.104 MDT: Vp1 LCP: O CONFREQ [ACKrcvd] id 151 len 4
009035: *Jan  7 15:10:08.188 MDT: Vp1 LCP: I CONFACK [REQsent] id 151 len 4
Cisco3825#
009036: *Jan  7 15:10:10.120 MDT: Vp1 LCP: Timeout: State ACKrcvd
009037: *Jan  7 15:10:10.120 MDT: Vp1 LCP: O CONFREQ [ACKrcvd] id 152 len 4
009038: *Jan  7 15:10:10.204 MDT: Vp1 LCP: I CONFACK [REQsent] id 152 len 4
Cisco3825#show
009039: *Jan  7 15:10:12.136 MDT: Vp1 LCP: Timeout: State ACKrcvd
009040: *Jan  7 15:10:12.136 MDT: Vp1 LCP: O CONFREQ [ACKrcvd] id 153 len 4
009041: *Jan  7 15:10:12.216 MDT: Vp1 LCP: I CONFACK [REQsent] id 153 len 4
Cisco3825#show l2tp
009042: *Jan  7 15:10:14.152 MDT: Vp1 LCP: Timeout: State ACKrcvd
009043: *Jan  7 15:10:14.152 MDT: Vp1 LCP: O CONFREQ [ACKrcvd] id 154 len 4
009044: *Jan  7 15:10:14.232 MDT: Vp1 LCP: I CONFACK [REQsent] id 154 len 4
Cisco3825#show l2tp

L2TP Tunnel and Session Information Total tunnels 1 sessions 1

LocTunID   RemTunID   Remote Name   State  Remote Address  Sessn L2TP Class/
                                                           Count VPDN Group
37822      1          xxxxxxxxxxxx est    xxx.xxx.xxx.xxx  1     l2tp_default_cl

LocID      RemID      TunID      Username, Intf/      State  Last Chg Uniq ID
                                 Vcid, Circuit
124        1          37822      1, Vp1               est    00:02:03 1

Here are a couple things I noticed:

 

009001: *Jan  7 15:10:03.944 MDT: AAA/ACCT/HC(00000007): Deregister Vp1

008990: *Jan  7 15:10:03.944 MDT: AAA/ACCT/EVENT/(00000007): NET DOWN

 

I don't have this issue with other providers.  I don't have the whole radius / tacacs things setup as it's not necessary for our needs.

 

Ideas?

 

Thanks for the help.

Jason

 

0 REPLIES 0
Content for Community-Ad