Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1853
Views
0
Helpful
1
Replies

l2tp client using vpdn group

j.hlanguyo
Level 1
Level 1

‎05-06-2013 05:58 AM

Can someone please assist me;

I am trying to establish an l2tp over ipsec using a vpdn-group. I can successfully establish a tunnel if I am to use virtual-ppp with pseudowire but when I change this to vpdn-group and dialer interface nothing is comming up even when I debug all vpdn activities. The reason I'm trying to use vpdn-group is so I can use lns redundancy with the initiate-to command. My configuration is as below; I hope someone will be able to pinpoint the problem.

Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9-M), Version 15.1(4)M5, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2012 by Cisco Systems, Inc.

Compiled Tue 04-Sep-12 21:03 by prod_rel_team

ROM: System Bootstrap, Version 12.4(22r)YB5, RELEASE SOFTWARE (fc1)

cisco uptime is 3 hours, 16 minutes

System returned to ROM by reload at 09:37:20 UTC Mon May 6 2013

System restarted at 09:38:06 UTC Mon May 6 2013

System image file is "flash:c880data-universalk9-mz.151-4.M5.bin"

Last reload type: Normal Reload

Last reload reason: Reload Command

Building configuration...

Current configuration : 3087 bytes

!

! Last configuration change at 12:32:23 UTC Mon May 6 2013 by admin

version 15.1

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname cisco

!

boot-start-marker

boot-end-marker

!

!

logging buffered 51200 warnings

!

no aaa new-model

!

memory-size iomem 10

crypto pki token default removal timeout 0

!

!

no ip source-route

!

!

!

no ip dhcp use vrf connected

ip dhcp excluded-address 10.235.0.25

!

ip dhcp pool vlan 1

network 10.235.0.24 255.255.255.248

default-router 10.235.0.25

!

!

ip cef

no ip domain lookup

ip domain name yourdomain.com

no ipv6 cef

!

!

multilink bundle-name authenticated

vpdn enable

!

vpdn-group 1

accept-dialin

  protocol any

request-dialout

  protocol l2tp

  pool-member 1

initiate-to ip x.y.228.40

source-ip 10.237.144.6

local name tst00004

l2tp tunnel password 0 ######

!

license udi pid CISCO886VA-SEC-K9 sn FCZ1514C32U

!

!

username admin privilege 15 password 7 ########

!

!

!

!

controller VDSL 0

!

!

!

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2 

crypto isakmp key ###### address x.y.224.54

!

!

crypto ipsec transform-set ESP_3DES_SHA esp-3des esp-sha-hmac

!

crypto map VPN 10 ipsec-isakmp

set peer 182.214.224.54

set transform-set ESP_3DES_SHA

set pfs group2

match address 101

!

!

!

!

!

interface Loopback0

ip address 10.237.144.6 255.255.255.255

!

interface Ethernet0

no ip address

shutdown

!

interface BRI0

no ip address

encapsulation hdlc

shutdown

isdn termination multidrop

!

interface ATM0

description ISP

no ip address

shutdown

no atm ilmi-keepalive

!

interface FastEthernet0

switchport access vlan 2

no ip address

!

interface FastEthernet1

no ip address

!

interface FastEthernet2

no ip address

!

interface FastEthernet3

no ip address

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$

ip address 10.235.0.25 255.255.255.248

ip tcp adjust-mss 1452

!

interface Vlan2

ip address x.y.220.107 255.255.255.224

pppoe-client dial-pool-number 1

crypto map VPN

!

interface Dialer1

ip address negotiated

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

dialer remote-name hns-dsl-lns-03

dialer vpdn

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname tst00004@tstl2.test.eu

ppp chap password 0 ######

no cdp enable

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

!

ip route 0.0.0.0 0.0.0.0 Vlan2

ip route 10.210.0.0 255.255.0.0 Dialer1

ip route 10.238.0.0 255.255.0.0 Dialer1

!

access-list 101 permit ip host 10.237.144.6 host x.y.228.40

dialer-list 1 protocol ip permit

no cdp run

!

!

!

!

!

control-plane

!

!

line con 0

Please let me know if you need further information/explanation.

Labels:
0 Helpful
1 Reply 1

j.hlanguyo
Level 1
Level 1

‎05-06-2013 06:17 AM

Relevant LNS config is as below;

aaa authentication login default group tacacs+ enable

aaa authentication login no-tacacs enable

aaa authentication ppp default group unified local

aaa authentication ppp unified group unified local

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization network default group radius

aaa authorization network unified group unified if-authenticated

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting network default start-stop group unified

!

!

aaa session-id common

no ip source-route

ip cef

!

multilink bundle-name authenticated

vpdn enable

vpdn logging

vpdn logging tunnel-drop

no vpdn ip udp ignore checksum

!

vpdn-group 1

description Default L2TP VPDN group

accept-dialin

  protocol l2tp

  virtual-template 1

source-ip x.y.228.40

local name tst-lns

l2tp tunnel password 7 ########

l2tp tunnel receive-window 1024

l2tp tunnel timeout no-session 20

!

!

interface Loopback349

description "Test Traffic"

ip address 10.210.5.1 255.255.255.255

!

interface GigabitEthernet0/1

description "To-fw-01 for L2TP termination"

ip address x.y.228.40 255.255.255.224

duplex full

speed 1000

media-type sfp

negotiation auto

!

!

interface Virtual-Template1

ip unnumbered GigabitEthernet0/1

no logging event link-status

load-interval 30

no peer default ip address

ppp mtu adaptive

ppp authentication chap pap

!

!

ip route 0.0.0.0 0.0.0.0 x.y.228.38

0 Helpful
Customers Also Viewed These Support Documents