cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2018
Views
0
Helpful
4
Replies

Client VPN for ISR 4331

paulhughes5
Beginner
Beginner

Hi

I've recently replaced an 1801 with an ISR4331.  I previously had a PPTP VPN set up for occasional remote access to a server inside the network while not at the site from laptops or mobile phones.  I have copied the config across to the new router and while the VPN will establish I'm unable to send any traffic across it.

 

vpdn enable
!
vpdn-group pptpvpn
 ! Default L2TP VPDN group
 ! Default PPTP VPDN group
 accept-dialin
  protocol any
  virtual-template 10

interface Loopback4
 ip address 10.0.2.129 255.255.255.255

ip local pool VPN-POOL 10.0.2.130 10.0.2.142

interface Virtual-Template10
 ip unnumbered Loopback4
 zone-member security inside
 peer default ip address pool VPN-POOL
 no keepalive
 ppp encrypt mppe auto required
 ppp authentication chap ms-chap-v2 VPN-Auth

After some searching I can see suggestions that PPTP is not supported on the ISR 4K, I am also getting the following error during set-up.

%FMANRP_ESS-4-FULLVAI: Session creation failed due to Full Virtual-Access Interfaces not being supported. Check that all applied Virtual-Template and RADIUS features support Virtual-Access sub-interfaces.

I am not really looking for a super secure/complex solution involving 3rd party applications, have I missed something obvious or do I need to look for an alternative?

 

Thanks

 

Paul

 

 

4 Replies 4

Did you solve the issue?

No I didnt manage to get anywhere with it and there was no reply in here sadly.

Please try to delete the next line in virtual template declaration:

 

 ppp encrypt mppe auto required

and for the records, I have succeeded with my L2TP VPN configuration after enabling APPXK9 feature in evaluation mode.

 

After some time away from this issue I managed to get the appx trial sorted out however I'm still not able to get traffic across a VPN.

If mppe encryption is enabled the router logs an error saying full virtual-interfaces are not supported.  If I remove that the session comes up and I can see traffic passing (via an ACL) however it doesn't seem to reach the client device.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers