- Cisco Community
- Technology and Support
- Security
- VPN
- cisco vpn l2tp troubleshooting
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
cisco vpn l2tp troubleshooting
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-26-2022 08:28 PM
my vpn is connected good on my windows but no ping from windows to any ip in router
this is my config
Current configuration : 7138 bytes
!
! Last configuration change at 03:16:48 UTC Wed Jul 27 2022
!
version 16.12
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
!
hostname Router2
!
boot-start-marker
boot-end-marker
!
!
enable password ************************************************
!
aaa new-model
!
!
aaa authentication login telnet local
!
!
!
!
!
!
aaa session-id common
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
no destination transport-method email
!
ip dhcp excluded-address 192.168.68.40
ip dhcp excluded-address 192.168.68.1
!
ip dhcp pool CASA
network 192.168.68.0 255.255.255.0
default-router 192.168.68.1
dns-server 200.75.0.5 200.75.0.4
lease 1 23
address 192.168.68.64 hardware-address a411.62a1.31a2
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
multilink bundle-name authenticated
vpdn enable
!
vpdn-group VPN
! Default L2TP VPDN group
! Default PPTP VPDN group
accept-dialin
protocol any
virtual-template 1
no l2tp tunnel authentication
!
!
!
!
crypto pki trustpoint TP-self-signed-3150444803
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3150444803
revocation-check none
rsakeypair TP-self-signed-3150444803
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-3150444803
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33313530 34343438 3033301E 170D3232 30363232 32313334
33395A17 0D333030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 31353034
34343830 33308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 0100AF65 4D97AFBE D23C5231 3C299617 0C60769A 379F253A 0E44C3D7
98EFA052 95AF6763 B91075F5 D2CDEF37 72472F3F 88D6728D 5CEE2438 2C6EF17F
4719AE78 2FEBF6EE 3E53F2CD F5ADD453 20D1D9EB 7BF657C4 3A773D87 31ABE843
7445CC25 BC3A7765 AC9DA142 7B8F8149 EC3B6F76 CDDD63AC 98974680 6FD02E43
0DE32BCF D1C9CC31 2945DAB0 4BE2F999 91961887 62C3A3C3 58A36EE7 AB4DE3D6
24606337 D44E35B4 F8A8813C 43B4EE34 20D7780D A08A303C F7C72044 9703E1A7
E1CD4A05 4EB9D414 5C8A1F1E 0B851B76 61E98E12 CB13EA87 312F439D 8A859593
0790DAB8 88109486 98F03218 51B6727F FF1FF824 F3ED7FFE 4C4A61FE C4AB8612
F7611A23 C3470203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
301F0603 551D2304 18301680 1435FB77 19940F78 0E13DDA4 8AAA24C6 48F7C2BF
D4301D06 03551D0E 04160414 35FB7719 940F780E 13DDA48A AA24C648 F7C2BFD4
300D0609 2A864886 F70D0101 05050003 82010100 70848189 EAD99D03 AECFF21C
A696F2C1 4B102EA2 F80DD8CF DA622416 9667FF18 0DA605B2 9CF14D54 C897DF0D
852DF2DF 5A1A0EC9 D6CFD0AA 0A1C1F79 B234CBF9 37921E0C BEC02DAD E2C1EC70
A7911577 EE9BA333 D9EB4279 A0F526C9 63FCDF88 1B97F7F4 77CFDC8C C9BE75BC
650BC9DB 16DA0B5C AE901991 6ED33DA3 6261355D CE365BAC F1C183CF D4CEA105
7C8F631D 4882BC47 00CD3CCB 390535E6 7B07FA6B 2748D434 8CB2D8E7 FE228D28
6658D6F3 475B0184 3FAADE6E 95139F4B 6B6B5389 09EDD929 E6B11C07 1D53B12F
CB3FE884 63015EFA F63DE83C 6063AD62 8C38697E 85810F7B 0D1EFA76 1699ADD1
EF66CA89 C8BEF1C5 617CD3C5 61CEF1F6 EB16CB37
quit
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
D697DF7F 28
quit
!
crypto pki certificate pool
cabundle nvram:ios_core.p7b
!
!
license udi pid C1111-4P sn FGL2601L1AY
memory free low-watermark processor 70177
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username ************************************************ password 0 ************************************************
username ************************************************ privilege 15 password 0 ************************************************
!
redundancy
mode none
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface Loopback2
ip address 192.168.64.1 255.255.255.0
!
interface GigabitEthernet0/0/0
ip dhcp client client-id ascii FGL2601L1AY
ip address dhcp
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
ip address 192.168.1.1 255.255.255.0
negotiation auto
!
interface GigabitEthernet0/1/0
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface Virtual-Template1
ip unnumbered Loopback2
ip nat inside
peer default ip address pool mvpnco
no keepalive
ppp authentication ms-chap-v2
ip virtual-reassembly
!
interface Vlan1
ip address 192.168.68.1 255.255.255.0
ip nat inside
!
ip local pool mvpnco 192.168.64.5 192.168.64.10
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http client source-interface GigabitEthernet0/0/0
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
!
!
!
ip access-list standard 1
10 permit 192.168.68.0 0.0.0.255
!
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
transport input none
stopbits 1
line vty 0 4
password ************************************************
!
!
!
!
!
!
end
----------------------------------------------------------
show ppp all
Interface/ID OPEN+ Nego* Fail- Stage Peer Address Peer Name
------------ --------------------- -------- --------------- --------------------
Vi2.1 LCP+ MSV2+ IPCP+ LocalT 192.168.64.5 SAM
----------------------------------------------------------
show vpdn tunnel l2tp packets
Pkts-In Constantly increasing after each ping
and Pkts-Out It never increases. It is fixed to the number 10
show ip route
have this interface to access vpn
----------------------------------------------------------
show ip interface Virtual-Access2.1
Virtual-Access2.1 is up, line protocol is up
Interface is unnumbered. Using address of Loopback2 (192.168.64.1)
Broadcast address is 255.255.255.255
Peer address is 192.168.64.5
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing Common access list is not set
Outgoing access list is not set
Inbound Common access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF switching turbo vector
IP Null turbo vector
Associated unicast routing topologies:
Topology "base", operation state is UP
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Probe proxy name replies are disabled
Policy routing is disabled
Network address translation is enabled, interface in domain inside
BGP Policy Mapping is disabled
Input features: Virtual Fragment Reassembly, iEdge, MCI Check
Output features: NAT Inside, iEdge
IPv4 WCCP Redirect outbound is disabled
IPv4 WCCP Redirect inbound is disabled
IPv4 WCCP Redirect exclude is disabled
----------------------------------------------------------
show interface virtual-access 2
Virtual-Access2 is up, line protocol is up
Hardware is Virtual Access interface
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Closed
Base PPPoVPDN vaccess
Vaccess status 0x44, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 5 seconds on reset
Last input 00:00:01, output 00:02:58, output hang never
Last clearing of "show interface" counters 03:29:15
Input queue: 0/4096/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
5059 packets input, 375388 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
122 packets output, 4620 bytes, 0 underruns
Output 0 broadcasts (0 IP multicasts)
0 output errors, 0 collisions, 0 interface resets
1 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
- Labels:
-
AnyConnect
-
Remote Access
-
VPN
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: