Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2531
Views
0
Helpful
4
Replies

Client VPN for ISR 4331

paulhughes5
Level 1
Level 1

‎11-17-2017 03:43 AM - edited ‎03-12-2019 04:44 AM

Hi

I've recently replaced an 1801 with an ISR4331.  I previously had a PPTP VPN set up for occasional remote access to a server inside the network while not at the site from laptops or mobile phones.  I have copied the config across to the new router and while the VPN will establish I'm unable to send any traffic across it.

 

vpdn enable
!
vpdn-group pptpvpn
 ! Default L2TP VPDN group
 ! Default PPTP VPDN group
 accept-dialin
  protocol any
  virtual-template 10

interface Loopback4
 ip address 10.0.2.129 255.255.255.255

ip local pool VPN-POOL 10.0.2.130 10.0.2.142

interface Virtual-Template10
 ip unnumbered Loopback4
 zone-member security inside
 peer default ip address pool VPN-POOL
 no keepalive
 ppp encrypt mppe auto required
 ppp authentication chap ms-chap-v2 VPN-Auth

After some searching I can see suggestions that PPTP is not supported on the ISR 4K, I am also getting the following error during set-up.

%FMANRP_ESS-4-FULLVAI: Session creation failed due to Full Virtual-Access Interfaces not being supported. Check that all applied Virtual-Template and RADIUS features support Virtual-Access sub-interfaces.

I am not really looking for a super secure/complex solution involving 3rd party applications, have I missed something obvious or do I need to look for an alternative?

 

Thanks

 

Paul

 

 

1 person had this problem
Labels:
0 Helpful
4 Replies 4

Vladyslav.Shvedenko
Level 1
Level 1

‎03-29-2018 03:45 PM

Did you solve the issue?
0 Helpful

paulhughes5
Level 1
Level 1
In response to Vladyslav.Shvedenko

‎03-30-2018 03:48 PM

No I didnt manage to get anywhere with it and there was no reply in here sadly.

0 Helpful

Vladyslav.Shvedenko
Level 1
Level 1
In response to paulhughes5

‎04-05-2018 01:09 PM

Please try to delete the next line in virtual template declaration:

 

 ppp encrypt mppe auto required

and for the records, I have succeeded with my L2TP VPN configuration after enabling APPXK9 feature in evaluation mode.

 

0 Helpful

paulhughes5
Level 1
Level 1
In response to Vladyslav.Shvedenko

‎01-27-2019 09:16 AM

After some time away from this issue I managed to get the appx trial sorted out however I'm still not able to get traffic across a VPN.

If mppe encryption is enabled the router logs an error saying full virtual-interfaces are not supported.  If I remove that the session comes up and I can see traffic passing (via an ACL) however it doesn't seem to reach the client device.

0 Helpful
Customers Also Viewed These Support Documents