04-20-2024 03:49 AM - edited 04-20-2024 03:50 AM
Hello!
I tested PPTP and L2TP VPN solutions, but considered another solution without the Cisco router involved.
I've disabled all the virtual-access and vpdn stuff,
sh run all | i vpdn
returns nothing, but the ports for PPTP and L2TP are still open and control-plane host open-ports confirms that.
How can those services be stopped?
I already try a reload.
15.9(3)M7 on C886VA-W-E-K9
kind regards
Marco
04-22-2024 07:13 AM
Not there, even when manually checked.
04-23-2024 01:48 AM
I agree with @Georg Pauwen, maybe you can try fixing the issue by erasing the device config and restore it from the backup as it looks to be a buggy behaviour. Alternatively I would try to raise it with TAC.
04-30-2024 08:10 AM - edited 04-30-2024 08:11 AM
I've tried the control-plane policy, although that only affects closed ports (and drops the traffic instead of replying with port unreachable or TCP RST) and not open ones, so I removed that.
I finally solved the problem by rebooting the device with advsecurity license.
Maybe someone can open a bugreport, I can't because I am not a direct cisco contract customer.
04-30-2024 11:15 PM
If you've disabled the VPDN configuration and the related virtual-access interfaces but still find the PPTP and L2TP ports open, there might be other factors at play. Here are a few steps you can take to troubleshoot and stop those services:
1. **Verify Running Configuration**: Double-check the running configuration to ensure that the VPDN configuration is indeed removed. Sometimes changes might not take effect due to configuration errors or incomplete changes.
2. **Check for Other Services**: Review the running configuration for any other services or features that might be enabling PPTP and L2TP ports. Look for any NAT configurations, access lists, or other VPN-related configurations that might still be active.
3. **Restart Relevant Services**: If you've made changes to the configuration and they haven't taken effect, you can try restarting the relevant services. This can be done with the appropriate commands, such as 'clear vpdn' or 'clear vpdn session'. Be cautious when restarting services as it might temporarily interrupt network connectivity.
4. **Verify ACLs and NAT**: Ensure that there are no access control lists (ACLs) or NAT rules permitting traffic to the PPTP and L2TP ports. Even if the VPDN configuration is disabled, traffic might still be allowed through if there are other configurations permitting it.
5. **Review Running Processes**: Check the output of 'show processes' to see if there are any processes or services actively using the PPTP and L2TP ports. This might provide insight into what is keeping these ports open.
6. **Check for Bugs**: Sometimes, unexpected behavior can be caused by software bugs. Check Cisco's documentation and bug database to see if there are any known issues related to your router's software version and the services you're trying to disable.
If you've exhausted these troubleshooting steps and the ports are still open, it might be worth reaching out to Cisco's technical support for further assistance, as they can provide more specific guidance based on your router's configuration and environment.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide