Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
514
Views
0
Helpful
1
Replies

Import VPDN configuration from C1800 to ISR4000

yoav-shneor
Level 1
Level 1

‎10-03-2017 02:15 AM - edited ‎03-08-2019 12:14 PM

Hello ,
I have an old cisco 1800 runing VPDN configuration and I change it to a new ISR4000.
All the current configuration works including the VPDN , users dialup , request is forwared to the local radius server . they are approved by the radius and get an ip address from it and a new subif as a virtual access is created.

 

From that moment they cannot ping the application server behind my router and cannot ping each other through my router.

 

If I connect the old 1800 back it works again.

Ths script is the same , minor changes for interfaces and radius cli.

Any idea ?

 

triple A  commands 

================================

aaa new-model
!
!
aaa group server radius RADIUS_SERVERS
server name primary
server name backup
!
aaa authentication login default local
aaa authentication ppp default group RADIUS_SERVERS local
aaa authorization network default group RADIUS_SERVERS local
aaa accounting auth-proxy default start-stop group RADIUS_SERVERS
!
!
!

aaa session-id common
!

VPDN commands 

=============================================

vpdn enable
!
vpdn-group 1
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 100
lcp renegotiation on-mismatch
l2tp tunnel password 7 *************
!

Virtual Template interface

================================================

!
interface Virtual-Template100
mtu 1460
ip unnumbered GigabitEthernet0/0/0
no peer default ip address
ppp authentication pap

 

 

Local radius 

==================================

radius-server retransmit 2
radius-server timeout 2
radius-server deadtime 10
radius-server domain-stripping delimiter @
radius-server unique-ident 8
!
radius server primary
address ipv4 192.168.16.6 auth-port 1645 acct-port 1646
key 7 ***********************
!
radius server backup
address ipv4 192.168.16.7 auth-port 1645 acct-port 1646
key 7 **********************
!

Labels:
0 Helpful
1 Reply 1

Amer-TAC
Cisco Employee
Cisco Employee

‎12-10-2017 09:37 PM

Hello,

 

The ISR4000 requires appxk9 license in order to forward traffic via the l2tp tunnel, the following document has an example for a vpdn configuration on ISR4400:

 

https://www.cisco.com/c/en/us/support/docs/dial-access/virtual-private-dialup-network-vpdn/118442-config-isr4000-00.html#anc1

 

The appxk9 license has the Broadband feature required for VPDN:

 

https://www.cisco.com/c/en/us/td/docs/routers/access/4400/software/configuration/guide/isr4400swcfg/bm_isr_4400_sw_config_guide_chapter_0101.html#concept_EF2BBECAE8594C929B58F25464709F29

 

Regards,

Amer

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card