07-24-2012 03:01 AM - edited 03-04-2019 05:03 PM
Hi,
I have a router working as PPTP only, find the config attached. Everything is working fine accept that it restarts from time to time (around 30 minutes). Checking the crash info, I found that it's a software issue. I tried to upgrade to several IOS version, but nothing solved the issue.
Using the show log, i can see the below error:
Jul 24 09:50:02.195: %IP_VFR-7-FEATURE_DISABLE_IN: VFR(in) is manually disabled through CLI; VFR support for features that have internally enabled, will be made available only when VFR is enabled manually on interface Virtual-Access2.26
I have noticed that this error keep showing and the log is filled with it. Also note that ip virtual-reassembly is enabled, also tried to disable it but with no successs.
Please advise.
08-05-2012 01:00 AM
Hello Mustapha,
This is a blind show but try replacing all the ip virtual-reassembly in commands with ip virtual-reassembly. This should activate the VFR feature for both incoming and outgoing packets and stop the log messages from occuring. Whether it helps to prevent your router from crashing is unclear, though.
I am also concerned about these lines from your configuration:
ip nat inside source list vpn-pptp-pool1 interface GigabitEthernet0/1 overload
ip nat inside source list vpn-pptp-pool2 interface GigabitEthernet0/1 overload
ip nat inside source list vpn-pptp-pool3 interface GigabitEthernet0/1 overload
In these commands, you are referring to ACLs named vpn-pptp-pool1, vpn-pptp-pool2 and vpn-pptp-pool3. These ACLs do not exist in your configuration. There are local IP pools named identically, but they are irrelevant to this NAT configuration. It may be possible that referencing a non-existent ACL may be causing your issues. Please double check your configuration here - it seems that these three lines can be removed. At least, they should reference an existing ACL, and this must not act as "permit any".
Best regards,
Peter
08-05-2012 04:21 AM
Thanks for the reply,
When I enter "ip virtual-reassembly" it automatically set it to "in".
I tried to specifiy "ip virtual-reassembly out", and now the both commands appear on the interface, but this didn't solve the log messages.
interface GigabitEthernet0/1
ip nat outside
ip virtual-reassembly in
ip virtual-reassembly out
interface virtual-template 1
ip virtual-reassembly in
ip virtual-reassembly out
As for the ip nat, you're right, I noticed that later on, and i removed them, with other non-related commands....
Also i remove the "ip unnumbered" on the "virtual-template 1" interface, and give it a static ip, and i deleted all the loopack interfaces. Also removed the commad "ip route 0.0.0.0 0.0.0.0 null0". after that my router now waits around 12 to 13 hrs before next restart!!!
I have attached the latest config.
Regards,
08-05-2012 06:33 AM
Hello Mustapha,
Thank you for the quick turnaround. I have went over your latest config and these are my observations/questions:
Thank you!
Best regards,
Peter
08-07-2012 12:00 AM
Hi,
1. I configured the "ip virutal-reasembly out" command, but that didn't solve the log messages problem. anyway as you advised, I will keep it under the interfaces.
2. I have dowgraded my router to version 15.1(4)M4.
3. With the current changes, adding the "ip virtual-reassembly out" command, i'm still recieving log messages. No other logs appear accept for the virutal-access interface status change up and down.
For now the router is still restarting after 12 to 13 hours. But let me wait for the next restart after the downgrade. I will keep you posted.
Jul 24 09:50:02.195: %IP_VFR-7-FEATURE_DISABLE_IN: VFR(in) is manually disabled through CLI; VFR support for features that have internally enabled, will be made available only when VFR is enabled manually on interface Virtual-Access2.26
Thanks.
08-07-2012 10:44 AM
Problem not solved yet. Router is still restarting.
During my previours troubleshooting, I tried to move the configuration to another router, and the same behaviour surfaced. But the problem surfaced only after the users started to VPN to the router, i couldn't define exactly when.
Now i have left the configuration on the other router but stopped the users from accessing the router through VPN, and the router has been up for two weeks.
Also note that i tried to limit the number of similtanous connected users to 30 (configuring the range of IPs in the PPTP pool), suspecting a limitation in number of sessions, but that didn't work...
I was suspecting the problem in NAT now, as i have found some bugs that point to similar situation!!! What do you think.
What could be done to isolate the issue?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide