Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1453
Views
0
Helpful
1
Replies

l2tpv3 xconnect problem

ALEXANDR LYKOV
Level 1
Level 1

‎09-30-2013 09:58 PM - edited ‎03-04-2019 09:11 PM

Hello everybody,

I've connected two Sites by xconnect through internet with ASAs IPVPN

We have equal configuration on both sides like this:

SiteA:

---------------------

Switch Cat4500:

---------------------

interface GigabitEthernet2/2/45

description Router c1921 - G0/1 Xconnect

switchport access vlan 122

switchport mode access

interface GigabitEthernet2/2/42

description Router C1921 - G0/0 for xconnect

switchport access vlan 200

switchport mode access

spanning-tree portfast

spanning-tree bpduguard enable

---------------------

Router cisco 1921 IOS 153-2.T1

----------------------

l2tp-class L2TP-CLASS1

hidden

authentication

hello 30

password 7 XXXXX

pseudowire-class PW-CLASS1

encapsulation l2tpv3

interworking ethernet

protocol l2tpv3 L2TP-CLASS1

ip local interface Loopback0

ip tos reflect

interface Loopback0

ip address 10.1.1.1 255.255.255.255

interface GigabitEthernet0/0

ip address 10.2.2.2 255.255.255.0

duplex auto

speed auto

interface GigabitEthernet0/1

no ip address

ip flow ingress

load-interval 30

duplex auto

speed auto

xconnect 10.3.3.3 200 encapsulation l2tpv3 pw-class PW-CLASS1

--------------------------------

ASA

---------------------

crypto map SITEB 1 match address l2l_crypto_SITEB

crypto map SITEB 1 set peer 82.B.B.B

crypto map SITEB 1 set ikev1 transform-set FirstSet

crypto map SITEB 1 set security-association lifetime seconds 3600

crypto map SITEB 1 set security-association lifetime kilobytes 2147483647

access-list l2l_crypto_SITEB line 1 extended permit 115 host 10.1.1.1 host 10.3.3.3 (hitcnt=86) 0x2c2db912

access-list l2l_crypto_SITEB line 2 extended permit ip host 10.1.1.1 host 10.3.3.3 (hitcnt=388017) 0x3ab2a57e

------------------------------

Ping and some connectons are working fine. But there are some problem like MTU Black Hole. Some sitest don't load properly and been displayed usualy on a half. but some time it's worknig well.

I haven't found commnads  "ip pmtu" and "ip df bit set" on IOS 15.3. And can't find any documentation about changes in this commands..

How can I reduce MTU or may be some other chages?

WBR,

Alexander.

Labels:
0 Helpful
1 Reply 1

ALEXANDR LYKOV
Level 1
Level 1

‎09-30-2013 10:02 PM

Also sometimes (usually in the morning and at the end of workday) we had this messages when there was ios153-2.T:

000916: Sep 12 18:09:06.837 KZT: %LINK-4-TOOBIG: Interface Gi0/0, Output packet size of 32220276 bytes too big

-Traceback= 5A17530z 400FCA4z 400FF80z 400D330z 82605A4z 824CF4Cz 45B003Cz 4E36CB4z 4E36E6Cz 4E3D1DCz 414A40Cz 4162248z 414B29Cz 414B4D8z 414B5B8z 414B7ECz

PS: Today, I've installed 153-2.T1.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card