10-29-2018 07:00 AM - edited 04-08-2019 08:33 AM
I have configured L2TP vpn to Private Internet Access (PIA) on my router but the virtual-ppp1 interface is up but line protocol is down.
I have been over my config and can't figure out what is wrong.
I have a dialer interface to my ISP and that is up and up.
Here is my config;
login as: Using keyboard-interactive authentication. Password: ******************************************************************************** * UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED * * You must have explicit, authorized permission to access or configure * * this device. * * Unauthorized attempts and actions to access or use this system may result in * * civil and/or criminal penalties. * * All activities performed on this device are logged and monitored. * * * * Property of xxxxxxxxxxxxx * ******************************************************************************** Please check that you are on the correct switch: Switch Name : SW-Rtr_Core_897-1 Site Name : Home SW-Rtr_Core_897-1#show run Building configuration... Current configuration : 15592 bytes ! ! Last configuration change at 13:56:49 BST Mon Oct 29 2018 by ! NVRAM config last updated at 13:51:58 BST Mon Oct 29 2018 by ! version 15.4 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption service compress-config ! hostname SW-Rtr_Core_897-1 ! boot-start-marker boot system flash:c800-universalk9-mz.SPA.154-3.M9.bin boot-end-marker ! aqm-register-fnf ! enable secret 5 $1$IddG$4VYKgwZ4FGQwAD6RCtst.1 ! aaa new-model ! ! aaa authentication login default local aaa authentication login SSLVPN_AAA local aaa authorization exec default local ! ! ! ! ! aaa session-id common clock timezone BST 1 0 ! crypto pki trustpoint SSLVPN_CERT enrollment selfsigned subject-name CN=fdenofa-SSLVPN.cisco.com revocation-check crl rsakeypair SSLVPN_KEYPAIR ! ! crypto pki certificate chain SSLVPN_CERT certificate self-signed 01 3082037A 30820262 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 56312130 1F060355 04031318 6664656E 6F66612D 53534C56 504E2E63 6973636F 2E636F6D 3131302F 06092A86 4886F70D 01090216 2253572D 5274725F 436F7265 5F383937 2D312E72 79616E74 616C6576 736B692E 636F6D30 1E170D31 38303932 33313830 3431315A 170D3230 30313031 30303030 30305A30 56312130 1F060355 04031318 6664656E 6F66612D 53534C56 504E2E63 6973636F 2E636F6D 3131302F 06092A86 4886F70D 01090216 2253572D 5274725F 436F7265 5F383937 2D312E72 79616E74 616C6576 736B692E 636F6D30 82012230 0D06092A 864886F7 0D010101 05000382 010F0030 82010A02 82010100 A1E160B2 B36B4286 8C1D3CBC EB1FC3CE 08A75EC8 3ED6CACA 3D2FA814 DDF038FD 5DAC3E7C BDE2903A 7D472535 0785BF75 93614405 D21349F6 23D41A02 20B4C19F CB499364 16BE7BC9 318A0E76 CB10D897 E73279C1 7970AA17 9A117533 48AACE4A 0CCE7601 9CB0B3AB DBEA4F94 3571D7E1 FE408FF6 A3DC8841 53A10E5D 1EAE1883 1B0AE669 6CB3D8F0 5A575DF9 1B426C18 4BBCBE00 6CF2590C E591ACE7 005FCE3F 01FC76FE 877EA1B2 28383845 84CC6F59 03F9DFEA A4E92BDF D3F61804 FE57B9C7 DCEC9F69 970CF5A7 DEE00B28 4540714D 8144DFDE 0EDDA758 761DA288 4FEC872A 053EE354 089E7BF6 E82482BC C099E263 CAF3DEAA DC20A011 A2BCE09A 39BE3017 02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D 23041830 16801443 11BB3B31 EC90923F A34178EC 5630DE33 15FAC830 1D060355 1D0E0416 04144311 BB3B31EC 90923FA3 4178EC56 30DE3315 FAC8300D 06092A86 4886F70D 01010505 00038201 010077DC AE38567D 6C8AAD79 6B417273 EC639ABA C536A798 0FA51933 5E7A5D75 F57499A7 93083149 AE456C6C D03F7AF0 68DFE8FF A412514F AEE9B1F4 5134D1FE 8DA0C9E8 25BADFC1 D75BE127 85E31361 96529397 7C194144 1C528645 2D86674F 68B58423 837936C9 0723343F 30987837 84E9760D FAA8C258 A6C86937 050665DE 2D64B16E 32781812 B67DDB8C F1B876B6 F6A6C29E D5204B16 D866D14B 38016745 F84DA454 BADE05E6 589BD411 DD1987DC 2DB7A39A C061272A CD41830B BD207167 2E36314B 05016E5A 552C9D4E 99BCA384 30B999B0 D9F62DCA 4C3C5DE8 3CCE47A6 BCEE194A 5EC92A11 694ED309 106DE78C 5B94AF18 6DA31986 32019EB3 6042F701 2374 quit ! ! ! ! ! ! ! ! ! ip dhcp excluded-address 10.2.1.1 ip dhcp excluded-address 10.4.1.1 ip dhcp excluded-address 10.54.1.1 ip dhcp excluded-address 10.80.1.1 10.80.1.4 ip dhcp excluded-address 192.168.1.1 ! ip dhcp pool VLAN2 network 10.2.1.0 255.255.255.192 default-router 10.2.1.1 dns-server 1.1.1.1 1.0.0.1 domain-name ryantalevski.com ! ip dhcp pool VLAN4 network 10.4.1.0 255.255.255.240 default-router 10.4.1.1 dns-server 1.1.1.1 1.0.0.1 domain-name ryantalevski.com ! ip dhcp pool VLAN54 network 10.54.1.0 255.255.255.240 default-router 10.54.1.1 dns-server 1.1.1.1 1.0.0.1 domain-name ryantalevski.com ! ip dhcp pool VLAN80 network 10.80.1.0 255.255.255.248 default-router 10.80.1.1 dns-server 1.1.1.1 1.0.0.1 domain-name ryantalevski.com ! ip dhcp pool VLAN400 network 192.168.1.0 255.255.255.192 dns-server 1.1.1.1 1.0.0.1 domain-name ryantalevski.com default-router 192.168.1.1 lease 0 1 ! ! ! ip domain name ryantalevski.com ip name-server 1.1.1.1 ip name-server 1.0.0.1 ip ddns update method ddns-noip HTTP add http://ryantalevski:xxxxxxxxxxxxxxxxxxx@dynupdate.no-ip.com/nic/update?hostname=<h>&myip=<a> interval maximum 1 0 0 0 interval minimum 0 0 1 0 ! ip cef no ipv6 cef ! ! ! ! ! multilink bundle-name authenticated ! domain ! ! ! ! ! ! ! cts logging verbose ! ! ! spanning-tree portfast bpduguard vtp domain ryantalevski.com vtp mode transparent username ryant privilege 15 password 7 1126155401430A2C567A7A7C69 username admin privilege 15 password 7 14341B180F54 ! crypto vpn anyconnect flash:/webvpn/ sequence 1 ! ! ! ! ! controller VDSL 0 ! vlan 2 name Data ! vlan 4 name Ryan's_WiFi ! vlan 6 ! vlan 16 name Domain ! vlan 54 name WiFi ! vlan 80 name AP_VLAN ! vlan 254 name Mgnt ! vlan 400 name Guest_Network lldp run ! pseudowire-class PIA_L2TP encapsulation l2tpv2 ip local interface Dialer1 ! ! class-map type inspect match-any INSIDE-TO-OUTSIDE description Basic Internet Protocols match protocol tcp match protocol udp match protocol http match protocol https match protocol dns match protocol pop3 match protocol imap match protocol smtp class-map type inspect match-any OUTSIDE-TO-INSIDE description Traffic from the Public Internet ! policy-map type inspect INSIDE-TO-OUTSIDE-POLICY class type inspect INSIDE-TO-OUTSIDE inspect class class-default drop log policy-map type inspect OUTSIDE-TO-INSIDE-POLICY class type inspect OUTSIDE-TO-INSIDE pass class class-default drop log ! zone security INSIDE zone security OUTSIDE zone-pair security IN-TO-OUT source INSIDE destination OUTSIDE service-policy type inspect INSIDE-TO-OUTSIDE-POLICY zone-pair security OUT-TO-IN source OUTSIDE destination INSIDE service-policy type inspect OUTSIDE-TO-INSIDE-POLICY ! ! crypto isakmp policy 10 encr aes 256 authentication pre-share group 5 crypto isakmp key mysafety address 89.238.154.163 ! ! crypto ipsec transform-set ESP-AES256-SHA1 esp-aes 256 esp-sha-hmac mode transport ! ! ! crypto map PIA_VPN 10 ipsec-isakmp set peer 89.238.154.163 set transform-set ESP-AES256-SHA1 match address PIA_LON_UK ! ! ! ! ! ! interface Loopback0 ip address 10.254.254.1 255.255.255.0 ! interface ATM0 no ip address shutdown no atm ilmi-keepalive ! interface BRI0 no ip address encapsulation hdlc shutdown isdn termination multidrop ! interface Ethernet0 description BT_VDSL0 no ip address ip virtual-reassembly in no ip route-cache ! interface Ethernet0.101 description 802.1Q Tagging for PPPOE VDSL0 encapsulation dot1Q 101 ip nat outside ip virtual-reassembly in no ip route-cache pppoe enable group global pppoe-client dial-pool-number 1 ! interface GigabitEthernet0 switchport mode trunk no ip address ip access-group 100 in ! interface GigabitEthernet1 description Port switchport access vlan 2 no ip address zone-member security INSIDE shutdown storm-control broadcast level 0.50 storm-control multicast level 0.50 storm-control action shutdown spanning-tree portfast ! interface GigabitEthernet2 description Port switchport access vlan 2 no ip address zone-member security INSIDE shutdown storm-control broadcast level 0.50 storm-control multicast level 0.50 storm-control action shutdown spanning-tree portfast ! interface GigabitEthernet3 description Port switchport access vlan 2 no ip address zone-member security INSIDE shutdown storm-control broadcast level 0.50 storm-control multicast level 0.50 storm-control action shutdown spanning-tree portfast ! interface GigabitEthernet4 description Port switchport access vlan 2 no ip address zone-member security INSIDE shutdown storm-control broadcast level 0.50 storm-control multicast level 0.50 storm-control action shutdown spanning-tree portfast ! interface GigabitEthernet5 description Port switchport access vlan 2 no ip address zone-member security INSIDE shutdown storm-control broadcast level 0.50 storm-control multicast level 0.50 storm-control action shutdown spanning-tree portfast ! interface GigabitEthernet6 description Port switchport access vlan 2 no ip address zone-member security INSIDE shutdown storm-control broadcast level 0.50 storm-control multicast level 0.50 storm-control action shutdown spanning-tree portfast ! interface GigabitEthernet7 description Port switchport access vlan 2 no ip address zone-member security INSIDE shutdown storm-control broadcast level 0.50 storm-control multicast level 0.50 storm-control action shutdown spanning-tree portfast ! interface GigabitEthernet8 no ip address shutdown duplex auto speed auto ! interface Virtual-PPP1 description Tunnel to PIA London UK ip address negotiated ip nat outside ip virtual-reassembly in ppp eap refuse ppp chap hostname p8759760 ppp chap password 7 12120016081F283E10010C ppp ipcp address accept no cdp enable pseudowire 89.238.154.163 1 encapsulation l2tpv2 pw-class PIA_L2TP crypto map PIA_VPN ! interface Virtual-Template1 ip unnumbered Loopback0 ! interface Vlan1 description VLAN1 no ip address shutdown ! interface Vlan2 description Data VLAN ip address 10.2.1.1 255.255.255.192 ip nat inside ip virtual-reassembly in zone-member security INSIDE no ip route-cache cef ! interface Vlan4 description Ryan's WiFi VLAN ip address 10.4.1.1 255.255.255.240 ip nat inside ip virtual-reassembly in zone-member security INSIDE no ip route-cache cef ! interface Vlan54 description WiFi VLAN ip address 10.54.1.1 255.255.255.240 ip access-group 198 in ip access-group 198 out ip nat inside ip virtual-reassembly in zone-member security INSIDE no ip route-cache cef ! interface Vlan80 description AP VLAN ip address 10.80.1.1 255.255.255.248 ip nat inside ip virtual-reassembly in zone-member security INSIDE no ip route-cache cef ! interface Vlan254 description Mgnt VLAN ip address 10.254.1.240 255.255.255.0 ip nat inside ip virtual-reassembly in no ip route-cache cef ! interface Vlan400 description Guest VLAN ip address 192.168.1.1 255.255.255.192 ip access-group 199 in ip access-group 199 out ip nat inside ip virtual-reassembly in zone-member security INSIDE no ip route-cache cef ! interface Dialer1 description **BT FIBRE** ip ddns update hostname ryantalevski.ddns.net ip ddns update ddns-noip ip address negotiated ip access-group 101 in no ip redirects no ip unreachables no ip proxy-arp ip mtu 1492 ip nbar protocol-discovery ip flow ingress ip nat outside ip virtual-reassembly in zone-member security OUTSIDE encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 dialer-group 1 ppp authentication pap chap ms-chap callin ppp chap hostname bthomehub@btbroadband.com ppp chap password 7 140713181F13253920 ppp ipcp dns request accept ppp ipcp route default ppp ipcp address accept no cdp enable crypto map PIA_VPN ! ip local pool SSLVPN_POOL 192.168.10.1 192.168.10.99 ip forward-protocol nd ip http server ip http secure-server ! ! ip dns server ip nat inside source list 1 interface Dialer1 overload ip nat inside source list PIA_NAT interface Virtual-PPP1 overload ip route 0.0.0.0 0.0.0.0 Dialer1 ip ssh authentication-retries 2 ip ssh source-interface Vlan254 ip ssh version 2 ! ip access-list standard PIA_NAT permit 10.4.1.0 0.0.0.15 ! ip access-list extended PIA_LON_UK permit udp host 86.180.153.108 eq 1701 host 89.238.154.163 eq 1701 ! logging history debugging dialer-list 1 protocol ip permit ! access-list 1 remark -- Access Control to Public Internet -- access-list 1 permit 10.2.1.0 0.0.0.63 access-list 1 permit 10.4.1.0 0.0.0.15 access-list 1 permit 10.54.1.0 0.0.0.15 access-list 1 permit 10.80.1.0 0.0.0.7 access-list 1 permit 10.254.1.0 0.0.0.255 access-list 1 permit 172.16.1.0 0.0.0.15 access-list 1 permit 192.168.1.0 0.0.0.63 access-list 1 permit 192.168.10.0 0.0.0.255 access-list 1 deny any access-list 4 remark -- SSH ACL -- access-list 4 permit 10.2.1.0 0.0.0.63 access-list 4 permit 10.4.1.0 0.0.0.15 access-list 4 permit 10.254.1.0 0.0.0.255 access-list 4 permit 192.168.10.0 0.0.0.255 access-list 4 deny any access-list 100 deny tcp any host 10.2.1.1 eq 22 access-list 100 deny tcp any host 10.4.1.1 eq 22 access-list 100 deny tcp any host 10.16.1.14 eq 22 access-list 100 deny tcp any host 10.54.1.1 eq 22 access-list 100 deny tcp any host 10.80.1.1 eq 22 access-list 100 permit ip any any access-list 198 remark -- WiFi Restriction -- access-list 198 permit ip any 10.54.1.0 0.0.0.15 access-list 198 deny ip any 10.0.0.0 0.255.255.255 access-list 198 deny ip any 172.16.0.0 0.0.255.255 access-list 198 deny ip any 192.168.0.0 0.0.255.255 access-list 198 permit ip any any access-list 199 remark -- Restriction -- access-list 199 permit ip any 192.168.1.0 0.0.0.63 access-list 199 deny ip any 10.0.0.0 0.255.255.255 access-list 199 deny ip any 172.16.0.0 0.0.255.255 access-list 199 deny ip any 192.168.0.0 0.0.255.255 access-list 199 permit ip any any ! ! ! control-plane ! ! mgcp behavior rsip-range tgcp-only mgcp behavior comedia-role none mgcp behavior comedia-check-media-src disable mgcp behavior comedia-sdp-force disable ! mgcp profile default ! ! ! ! ! ! vstack banner exec ^C Please check that you are on the correct switch: Switch Name : SW-Rtr_Core_897-1 Site Name : Home ^C banner motd ^C ******************************************************************************** * UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED * * You must have explicit, authorized permission to access or configure * * this device. * * Unauthorized attempts and actions to access or use this system may result in * * civil and/or criminal penalties. * * All activities performed on this device are logged and monitored. * * * * Property of xxxxxxxxxxxxx * ******************************************************************************** ^C ! line con 0 logging synchronous no modem enable line aux 0 line vty 0 4 access-class 4 in logging synchronous transport input ssh ! scheduler allocate 20000 1000 ntp update-calendar ntp server pool.ntp.org ! ! ! ! webvpn gateway SSLVPN_GATEWAY ip interface Dialer1 port 443 http-redirect port 80 ssl trustpoint SSLVPN_CERT inservice ! webvpn context SSL_CONTEXT title "ryantalevski.com_SSLVPN" virtual-template 1 aaa authentication list SSLVPN_AAA gateway SSLVPN_GATEWAY ca trustpoint SSLVPN_CERT ! ssl authenticate verify all inservice ! policy group SSL_POLICY functions svc-enabled svc address-pool "SSLVPN_POOL" netmask 255.255.255.0 svc default-domain "" svc dns-server primary 1.1.1.1 svc dns-server secondary 1.0.0.1 hide-url-bar default-group-policy SSL_POLICY ! end SW-Rtr_Core_897-1#
10-29-2018 03:57 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide