ā07-24-2022 04:01 PM - edited ā07-24-2022 04:06 PM
interface Virtual-Template down status down protocole
i try to create vpn
but in i set this command show ip int brife
interface Virtual-Template is down status down protocole
how i can make it up
this vpn is not workign good . no ping for any ip
Current configuration : 2685 bytes
!
! Last configuration change at 00:12:15 AST Wed Jul 20 2022
!
version 16.8
service timestamps debug datetime msec
service timestamps log datetime localtime
service password-encryption
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname router1
!
boot-start-marker
boot-end-marker
!
!
logging buffered 10000
enable secret 5 *******************************
enable password 7 *******************************
!
aaa new-model
!
!
aaa authentication login telnet local
aaa authentication ppp default local
aaa authorization network default local
!
!
!
!
!
!
aaa session-id common
clock timezone AST 3 0
!
ip dhcp excluded-address 192.168.1.1 192.168.1.10
ip dhcp excluded-address 192.168.1.110 192.168.1.160
ip dhcp excluded-address 192.168.1.230
!
ip dhcp pool LAN
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 212.43.18.22 95.66.18.22
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
!
multilink bundle-name authenticated
vpdn enable
!
vpdn-group SUP
! Default L2TP VPDN group
! Default PPTP VPDN group
accept-dialin
protocol any
virtual-template 8
no l2tp tunnel authentication
!
!
!
!
!
!
license udi pid ISR4221/K9 sn FGL2416LVKH
no license smart enable
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
!
!
username ******************************* privilege 15 password 7 *******************************
!
redundancy
mode none
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
no ip address
negotiation auto
!
interface GigabitEthernet0/0/0.900
description WAN-Internet
encapsulation dot1Q 900
ip address 172.17.77.174 255.255.255.252
ip nat outside
!
interface GigabitEthernet0/0/1
description LAN-Internet
ip address 192.168.1.1 255.255.255.0 secondary
ip address 31.214.xxx.xxx 255.255.255.248 >> remote ip
ip nat inside
negotiation auto
ip virtual-reassembly
!
interface Virtual-Template8
ip unnumbered GigabitEthernet0/0/1
ip nat inside
peer default ip address pool mvpnco
no keepalive
ppp authentication ms-chap-v2
ip virtual-reassembly
!
ip local pool mvpnco 192.168.1.109 192.168.1.120
ip nat pool LAN 31.214.xxx.xxx 31.214.xxx.xxx prefix-length 29
ip nat inside source static 192.168.1.10 31.214.23.146 extendable
ip nat inside source list 1 pool LAN overload
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip route 0.0.0.0 0.0.0.0 172.17.77.173 name Internet
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
!
!
!
!
!
control-plane
!
!
line con 0
password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
transport input none
stopbits 1
line vty 0 4
password 7 13061E010803
transport input all
!
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify
!
!
end
Solved! Go to Solution.
ā07-24-2022 04:34 PM
You use LO IP in same subnet of POOL?
ā07-26-2022 08:06 PM
this is workign good and it is done
ā07-24-2022 04:16 PM
https://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/335-cisco-router-ppp.html
always the virtual-template is down/down
ā07-24-2022 04:21 PM
some time virtual-interface IP conflict with other IP.
better way is
config LO have IP same subnet of Virtual-template POOL
use this LO as IP unnumbered of virtual-template
ā07-24-2022 04:27 PM
can u give me command how to do that . i try to use loopback interface and it is same error
ā07-24-2022 04:32 PM
interface Virtual-Template8
ip unnumbered loopback 0
!
ip local pool mvpnco 192.168.1.110 192.168.1.120
!
in loopback 0
ip add 192.168.1.109 255.255.255.255
ā07-24-2022 04:33 PM
I did this before and it didn't work
ā07-24-2022 04:34 PM
You use LO IP in same subnet of POOL?
ā07-24-2022 04:51 PM
yes sir . if u need i can give u telnet access to see error
ā07-24-2022 05:01 PM
can you share error here ?
ā07-24-2022 05:48 PM
aaa authentication ppp default local <-delete this
aaa authorization network default local <- delete this
!
interface Virtual-Template8
ip unnumbered loopback 0
ip nat inside
peer default ip address pool mvpnco
no keepalive
ppp authentication CHAP callout
ip virtual-reassembly
!
in loopback 0
ip add 192.168.1.109 255.255.255.255
!
In router add the Username and password you use in Win auth with CHAP
when end do
show ppp all
you must see that remote get IP from POOL
ā07-24-2022 06:05 PM
in loopback 0
ip add 192.168.1.109 255.255.255.255
% 192.168.1.109 overlaps with secondary address on GigabitEthernet0/0/1
ā07-24-2022 06:12 PM
Now you can Ping?
ā07-24-2022 06:26 PM - edited ā07-24-2022 06:27 PM
aaa authentication ppp default local <-deleted
aaa authorization network default local <- deleted
interface Loopback2
ip address 192.168.2.1 255.255.255.0
!
vpdn-group SUP
! Default L2TP VPDN group
! Default PPTP VPDN group
accept-dialin
protocol any
virtual-template 8
no l2tp tunnel authentication
interface Virtual-Template8
ip unnumbered Loopback2
ip nat inside
peer default ip address pool mvpnco
no keepalive
ppp authentication chap callout
ip virtual-reassembly
ip local pool mvpnco 192.168.2.109 192.168.2.120
from vpn ping
ping 192.168.2.1 >> timeout
ping 192.168.1.1 timeout
show ppp all
from cisco telnet on i ping 192.168.2.109 >> timeout
ā07-24-2022 06:32 PM - edited ā07-24-2022 06:37 PM
Now disconnect the VPN client and connect again you must get another IP
this test
L2TP
PPP (LCP & Auth)
ā07-24-2022 06:34 PM
yes i get a new ip
first time 109
last time 110
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide