cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4523
Views
11
Helpful
66
Replies

interface Virtual-Template down status down protocole

zsmo2372
Level 1
Level 1

interface Virtual-Template down status down protocole

i try to create vpn

but in i set this command show ip int brife 

interface Virtual-Template is down status down protocole

 

Untitled.png

how i can make it up

this vpn is not workign good . no ping for any ip

Current configuration : 2685 bytes
!
! Last configuration change at 00:12:15 AST Wed Jul 20 2022
!
version 16.8
service timestamps debug datetime msec
service timestamps log datetime localtime
service password-encryption
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname router1
!
boot-start-marker
boot-end-marker
!
!
logging buffered 10000
enable secret 5 *******************************
enable password 7 *******************************
!
aaa new-model
!
!
aaa authentication login telnet local
aaa authentication ppp default local
aaa authorization network default local
!
!
!
!
!
!
aaa session-id common
clock timezone AST 3 0
!
ip dhcp excluded-address 192.168.1.1 192.168.1.10
ip dhcp excluded-address 192.168.1.110 192.168.1.160
ip dhcp excluded-address 192.168.1.230
!
ip dhcp pool LAN
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 212.43.18.22 95.66.18.22
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
!
multilink bundle-name authenticated
vpdn enable
!
vpdn-group SUP
! Default L2TP VPDN group
! Default PPTP VPDN group
accept-dialin
protocol any
virtual-template 8
no l2tp tunnel authentication
!
!
!
!
!
!
license udi pid ISR4221/K9 sn FGL2416LVKH
no license smart enable
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
!
!
username ******************************* privilege 15 password 7 *******************************
!
redundancy
mode none
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
no ip address
negotiation auto
!
interface GigabitEthernet0/0/0.900
description WAN-Internet
encapsulation dot1Q 900
ip address 172.17.77.174 255.255.255.252
ip nat outside
!
interface GigabitEthernet0/0/1
description LAN-Internet
ip address 192.168.1.1 255.255.255.0 secondary
ip address 31.214.xxx.xxx 255.255.255.248 >> remote ip
ip nat inside
negotiation auto
ip virtual-reassembly
!
interface Virtual-Template8
ip unnumbered GigabitEthernet0/0/1
ip nat inside
peer default ip address pool mvpnco
no keepalive
ppp authentication ms-chap-v2
ip virtual-reassembly
!
ip local pool mvpnco 192.168.1.109 192.168.1.120
ip nat pool LAN 31.214.xxx.xxx 31.214.xxx.xxx prefix-length 29
ip nat inside source static 192.168.1.10 31.214.23.146 extendable
ip nat inside source list 1 pool LAN overload
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip route 0.0.0.0 0.0.0.0 172.17.77.173 name Internet
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
!
!
!
!
!
control-plane
!
!
line con 0
password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
transport input none
stopbits 1
line vty 0 4
password 7 13061E010803
transport input all
!
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify
!
!
end

 
66 Replies 66

i do it all 

after this command 

show vpdn tunnel l2tp  packets

Pkts-In  Constantly increasing after each ping 

and Pkts-Out It never increases. It is fixed to the number 10

show vpdn tunnel l2tp  all
L2TP Tunnel Information Total tunnels 1 sessions 1

Tunnel id 14699 is up, remote id is 97, 1 active sessions
Remotely initiated tunnel
Tunnel state is established, time since change 00:01:35
Tunnel transport is UDP (17)
Remote tunnel name is DESKTOP-T0EJN22
Internet Address (myipaddress), port 53668
Local tunnel name is ECS03105_Behbehani-GMC-Owner-Chalet-Bnaider
Internet Address (routerip), port 1701
L2TP class for tunnel is SUP
Counters, taking last clear into account:
11 packets sent, 225 received
225 bytes sent, 19048 received
Last clearing of counters never
Counters, ignoring last clear:
11 packets sent, 225 received
225 bytes sent, 19048 received
Control Ns 2, Nr 6
Local RWS 1024 (default), Remote RWS 8
Control channel Congestion Control is disabled
Tunnel PMTU checking disabled
Retransmission time 1, max 1 seconds
Unsent queuesize 0, max 0
Resend queuesize 0, max 1
Total resends 0, ZLB ACKs sent 4
Total out-of-order dropped pkts 0
Total out-of-order reorder pkts 0
Total peer authentication failures 0
Current no session pak queue check 0 of 5
Retransmit time distribution: 0 0 0 0 0 0 0 0 0
Control message authentication is disabled
VPDN group for tunnel is SUP

we solve the tunnel issue it UP and get IP I know the problem is return traffic. 
no ip nat inside of g0/0/1
and try ping 

it is no ping sir

can you ping Lo2, I see it in show ip route

 


Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is 172.17.77.173 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 172.17.77.173
31.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C xxx.xxx.xxx.xxx/29 is directly connected, GigabitEthernet0/0/1
L xxx.xxx.xxx.xxx/32 is directly connected, GigabitEthernet0/0/1
L xxx.xxx.xxx.xxx/32 is directly connected, GigabitEthernet0/0/1
172.17.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.17.77.172/30 is directly connected, GigabitEthernet0/0/0.900
L 172.17.77.174/32 is directly connected, GigabitEthernet0/0/0.900
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, GigabitEthernet0/0/1
L 192.168.1.1/32 is directly connected, GigabitEthernet0/0/1
192.168.3.0/24 is variably subnetted, 3 subnets, 2 masks
C 192.168.3.0/24 is directly connected, Loopback2
L 192.168.3.1/32 is directly connected, Loopback2
C 192.168.3.6/32 is directly connected, Virtual-Access2.1

i ping this from router 

i ping 192.168.3.1 and it is good ping 

and ping 192.168.3.6  >> timeout

 

 

 

show interface virtual-access 2.1

 

show interface virtual-access 2.1

Virtual-Access2.1 is up, line protocol is up

  Hardware is Virtual Access interface

  Interface is unnumbered. Using address of Loopback2 (192.168.3.1)

  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 100000 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation PPP, LCP Open

  Open: IPCP

  PPPoVPDN vaccess, cloned from Virtual-Template8

  Vaccess status 0x0

  Protocol l2tp, tunnel id 14699, session id 63914

  Keepalive not set

     4853 packets input, 302345 bytes

     23 packets output, 1025 bytes

  Last clearing of "show interface" counters never

 

 

 

 

show IP interface virtual-access 2.1

Virtual-Access2.1 is up, line protocol is up
Interface is unnumbered. Using address of Loopback2 (192.168.3.1)
Broadcast address is 255.255.255.255
Peer address is 192.168.3.6
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing Common access list is not set
Outgoing access list is not set
Inbound Common access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF switching turbo vector
IP Null turbo vector
Associated unicast routing topologies:
Topology "base", operation state is UP
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Probe proxy name replies are disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
Input features: Virtual Fragment Reassembly, iEdge, MCI Check
Output features: iEdge
IPv4 WCCP Redirect outbound is disabled
IPv4 WCCP Redirect inbound is disabled
IPv4 WCCP Redirect exclude is disabled

how this time I success to identify the issue 
share the output of this
show
 interface virtual-access 2


Virtual-Access2 is up, line protocol is up
Hardware is Virtual Access interface
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Closed
Base PPPoVPDN vaccess
Vaccess status 0x44, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 5 seconds on reset
Last input 00:00:02, output 00:02:36, output hang never
Last clearing of "show interface" counters 06:09:50
Input queue: 0/4096/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
4187 packets input, 288992 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
24 packets output, 1200 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
2 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions

2 unknown protocol drops <- this what I looking for
when ping are this counter increase ?
add below command and disconnect and reconnect the client and see effect

ppp encrypt mppe auto 

ppp encrypt mppe auto
^
% Invalid input detected at '^' marker.

under the virtual-template 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: