Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
951
Views
0
Helpful
1
Replies

l2tp/ipsec isr4431/k9 server with android clients problem

alex_bsb_by
Level 1
Level 1

‎07-01-2021 11:41 PM

Hello everyone!

 

Android client can't connect to the l2tp/ipsec isr4431/k9 server with isr4400-universalk9.16.06.04.SPA.bin image and securityk9, ipbasek9, appxk9 licenses. Windows clients work correct.

the same Config list below successfully work on l2tp/ipsec CISCO3925-CHASSIS server with c3900-universalk9-mz.SPA.155-3.M5.bin image and ipbasek9, securityk9 licenses.

Have such L2TP/IPsec config:

 

 

aaa new-model

aaa authentication ppp L2TP local
aaa authorization network L2TP local

ip dhcp excluded-address 10.1.1.1
!
ip dhcp pool L2TP_CLIENT_POOL
network 10.1.1.0 255.255.255.0
default-router 10.1.1.1
option 249 hex 2017.3d23.120a.2665.01
dns-server 8.8.8.8

 

vpdn enable
!
vpdn-group l2tp_group
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 2
no l2tp tunnel authentication

 

username user password user11

 

crypto isakmp policy 5
encr aes 256
authentication pre-share
group 20
lifetime 28800

 

crypto isakmp key PASS address 0.0.0.0 no-xauth

crypto ipsec transform-set L2TP_AES128_SHA esp-aes esp-sha-hmac
mode transport

 

crypto dynamic-map L2TP_DYNAMIC_MAP 10

set nat demux
set transform-set L2TP_AES128_SHA
match address L2TP_ENCRYPT

 

crypto map L2TP_MAP local-address Loopback91
crypto map L2TP_MAP 10 ipsec-isakmp dynamic L2TP_DYNAMIC_MAP

 

interface Loopback91
ip address 15.15.15.15 255.255.255.255

interface Loopback101
ip address 10.1.1.1 255.255.255.255

 

interface GigabitEthernet0/1
description ***************Internet*interface**********
ip address 14.14.14.14 255.255.255.128
no ip redirects
no ip unreachables
no ip proxy-arp

ip virtual-reassembly in
duplex auto
speed auto
no mop enabled
crypto map L2TP_MAP

 

interface Virtual-Template2
ip unnumbered Loopback101
no ip redirects
no ip unreachables
peer default ip address dhcp-pool L2TP_CLIENT_POOL
ppp authentication chap ms-chap-v2 L2TP
ppp authorization L2TP
ip virtual-reassembly
end

 

ip access-list extended L2TP_ENCRYPT
permit udp host 15.15.15.15 eq 1701 any

 

 

 

Labels:
0 Helpful
1 Reply 1

alex_bsb_by
Level 1
Level 1

‎07-02-2021 12:24 AM - edited ‎07-02-2021 12:25 AM

General OS:
AAA Authentication debugging is on
AAA Authorization debugging is on
AAA Local debugs debugging is on
AAA Radius debugs debugging is on
IOSXE Conditional Debug Configs:

Conditional Debug Global State: Stop


IOSXE Packet Tracing Configs:

 

 

L2TP:
L2TP packet events debugging is on
L2TP packet errors debugging is on
L2TP errors debugging is on
L2TP events debugging is on
L2TP L2TUN socket API debugging is on
L2TP export data to applications and cli debugging is on
L2TP application debugs debugging is on
L2TP database events debugging is on
L2TP database errors debugging is on
L2TP database lookups debugging is on
PPP:
PPP authentication debugging is on
PPP authorization debugging is on
PPP protocol errors debugging is on
PPP protocol negotiation debugging is on
Packet Infra debugs:

 

ANDROID CLIENT DEBUG:

 

Jul 2 07:19:45.962: L2TP _____:________:
Jul 2 07:19:45.962: L2TP _____:________: Rx SCCRQ, flg TLS, ver 2, len 69
Jul 2 07:19:45.962: L2TP _____:________: IETF v2:
Jul 2 07:19:45.962: L2TP _____:________: Protocol Version 1, Revision 0
Jul 2 07:19:45.962: L2TP _____:________: Framing Cap both(0x3)
Jul 2 07:19:45.962: L2TP _____:________: Hostname
Jul 2 07:19:45.962: L2TP _____:________: Hostname "anonymous"
Jul 2 07:19:45.962: L2TP _____:________: Assigned Tunnel I 0x00007741 (30529)
Jul 2 07:19:45.962: L2TP _____:________: Recv Window Size 1
Jul 2 07:19:45.963: L2TP _____:________:
Jul 2 07:19:45.963: L2X _____:________: DB: no peer found for 46.216.189.38
Jul 2 07:19:45.963: L2X tnl 08174:________: Create logical tunnel
Jul 2 07:19:45.963: L2TP tnl 08174:________: Create tunnel
Jul 2 07:19:45.963: L2TP tnl 08174:________: version set to V2[1]
Jul 2 07:19:45.963: L2TP tnl 08174:________: remote ip set to 46.216.189.38
Jul 2 07:19:45.963: L2TP tnl 08174:________: local ip set to 15.15.15.15
Jul 2 07:19:45.963: L2X _____:________: DB: adding cc with id 50487 (total 1)
Jul 2 07:19:45.963: L2X _____:________: DB: added cc with id 50487 (total 2)
Jul 2 07:19:45.963: L2X _____:________: DB: added cc under rIP 46.216.189.38, local host cc id 50487 (total 1)
Jul 2 07:19:45.963: L2X _____:________: DB: added cc :rIP 46.216.189.38, rport 13933, r cc id 30529 (total 1)
Jul 2 07:19:45.963: L2TP tnl 08174:0000C537: FSM-CC ev Rx-SCCRQ
Jul 2 07:19:45.963: L2TP tnl 08174:0000C537: FSM-CC Idle->Proc-SCCRQ
Jul 2 07:19:45.963: L2TP tnl 08174:0000C537: FSM-CC do Rx-SCCRQ
Jul 2 07:19:45.963: AAA/BIND(00001FDE): Bind i/f
Jul 2 07:19:45.964: L2TP tnl 08174:0000C537: ACCT(00001FDE): UID allocated
Jul 2 07:19:45.964: L2X _____:________: CC AUTHOR DB: searching for author entry for
Jul 2 07:19:45.964: l ip 15.15.15.15, r ip 46.216.189.38, l name <>, r name <anonymous>
Jul 2 07:19:45.964: L2X _____:________: CC AUTHOR DB: no remote ip tree db entry for 46.216.189.38
Jul 2 07:19:45.964: L2X _____:________: CC AUTHOR DB: no remote name tree db entry for anonymous
Jul 2 07:19:45.964: L2X _____:________: CC AUTHOR DB: no ip entry found, return name entry
Jul 2 07:19:45.964: L2X _____:________: CC AUTHOR DB: no default context for index 1
Jul 2 07:19:45.964: L2TP _____:________: L2TP CC AUTHOR DB: no default l2tp class name found
Jul 2 07:19:45.964: L2X _____:________: CC AUTHOR DB: no default context for index 0
Jul 2 07:19:45.964: L2TP _____:________: L2TP CC AUTHOR DB: no default aaa mlist name found
Jul 2 07:19:45.964: L2TP _____:________: L2TP CC AUTHOR DB: L2TP CC Author attempts to use default mlist name <>
Jul 2 07:19:45.964: L2TP _____:________: L2TP CC AUTHOR DB: L2TP CC Author attemps to query AAA with <null>
Jul 2 07:19:45.964: AAA/AUTHOR (0x1FDE): Pick method list ' local-list 90'
Jul 2 07:19:45.964: L2X _____:________: Tunnel author started for anonymous
Jul 2 07:19:45.964: L2TP _____:________: L2TP CC AUTHOR DB: Queried AAA
Jul 2 07:19:45.965: AAA/LOCAL/AUTHEN: starting
Jul 2 07:19:45.965: AAA/LOCAL/AUTHEN(1FDE): authorizing 0#15.15.15.15#anonymous for service
Jul 2 07:19:45.965: L2X _____:________: Tunnel author found
Jul 2 07:19:45.965: L2TP tnl 08174:0000C537: Author reply, data source: "l2tp_group"
Jul 2 07:19:45.965: L2X _____:________: class [AAA author, group "l2tp_group"]
Jul 2 07:19:45.965: L2X _____:________: created
Jul 2 07:19:45.965: L2X _____:________: class [AAA author, group "l2tp_group"]
Jul 2 07:19:45.965: L2X _____:________: App locked 0->1
Jul 2 07:19:45.965: L2X _____:________: class [AAA author, group "l2tp_group"]
Jul 2 07:19:45.965: L2X _____:________: Protocol locked 0->1
Jul 2 07:19:45.965: L2TP tnl 08174:0000C537: class name AAA author, group "l2tp_group"
Jul 2 07:19:45.965: L2X _____:________: class [AAA author, group "l2tp_group"]
Jul 2 07:19:45.965: L2X _____:________: App unlocked 1->0
Jul 2 07:19:45.965: L2X _____:________: DB: removed cc with id 50487 (total 1)
Jul 2 07:19:45.966: L2X _____:________: DB: removed cc: rIP 46.216.189.38, local host cc id 50487: (total 0)
Jul 2 07:19:45.966: L2X _____:________: DB: removed local host: NONE
Jul 2 07:19:45.966: L2X _____:________: DB: adding cc with id 50487 (total 1)
Jul 2 07:19:45.966: L2X _____:________: DB: added cc with id 50487 (total 2)
Jul 2 07:19:45.966: L2X _____:________: DB: added cc under rIP 46.216.189.38, local host bsb_out_new cc id 50487 (total 1)
Jul 2 07:19:45.966: L2TP tnl 08174:0000C537: peer cap async set
Jul 2 07:19:45.966: L2TP tnl 08174:0000C537: peer cap sync set
Jul 2 07:19:45.966: L2TP tnl 08174:0000C537: FSM-CC ev SCCRQ-OK
Jul 2 07:19:45.966: L2TP tnl 08174:0000C537: FSM-CC Proc-SCCRQ->Wt-SCCCN
Jul 2 07:19:45.966: L2TP tnl 08174:0000C537: FSM-CC do Tx-SCCRP
Jul 2 07:19:45.966: L2TP tnl 08174:0000C537: Open sock 15.15.15.15:1701->46.216.189.38:13933
Jul 2 07:19:45.966: L2TP tnl 08174:0000C537: FSM-CC ev Sock-Ready
Jul 2 07:19:45.966: L2TP tnl 08174:0000C537: FSM-CC in Wt-SCCCN
Jul 2 07:19:45.966: L2TP tnl 08174:0000C537: FSM-CC do Ignore-Sock-Up
Jul 2 07:19:45.966: L2TP tnl 08174:0000C537:
Jul 2 07:19:45.966: L2TP tnl 08174:0000C537: Tx SCCRP to anonymous tnl 30529
Jul 2 07:19:45.966: L2TP tnl 08174:0000C537: IETF v2:
Jul 2 07:19:45.967: L2TP tnl 08174:0000C537: Protocol Version 1, Revision 0
Jul 2 07:19:45.967: L2TP tnl 08174:0000C537: Framing Cap none(0x0)
Jul 2 07:19:45.967: L2TP tnl 08174:0000C537: Firmware Ver 0x1130
Jul 2 07:19:45.967: L2TP tnl 08174:0000C537: Hostname
Jul 2 07:19:45.967: L2TP tnl 08174:0000C537: Hostname "bsb_out_new"
Jul 2 07:19:45.967: L2TP tnl 08174:0000C537: Vendor Name
Jul 2 07:19:45.967: L2TP tnl 08174:0000C537:
Jul 2 07:19:45.967: L2TP tnl 08174:0000C537: "Cisco Systems, Inc."
Jul 2 07:19:45.967: L2TP tnl 08174:0000C537: Assigned Tunnel I 0x0000C537 (50487)
Jul 2 07:19:45.967: L2TP tnl 08174:0000C537: Recv Window Size 1024
Jul 2 07:19:45.967: L2TP tnl 08174:0000C537:
Jul 2 07:19:45.967: L2TP tnl 08174:0000C537: O SCCRP 30529/0 ns/nr 0/1. cur/max resendQ sz 0/1
Jul 2 07:19:47.952: L2TP _____:________:
Jul 2 07:19:47.952: L2TP _____:________: Rx SCCRQ, flg TLS, ver 2, len 69
Jul 2 07:19:47.952: L2TP _____:________: IETF v2:
Jul 2 07:19:47.952: L2TP _____:________: Protocol Version 1, Revision 0
Jul 2 07:19:47.952: L2TP _____:________: Framing Cap both(0x3)
Jul 2 07:19:47.952: L2TP _____:________: Hostname
Jul 2 07:19:47.952: L2TP _____:________: Hostname "anonymous"
Jul 2 07:19:47.952: L2TP _____:________: Assigned Tunnel I 0x00007741 (30529)
Jul 2 07:19:47.952: L2TP _____:________: Recv Window Size 1
Jul 2 07:19:47.952: L2TP _____:________:
Jul 2 07:19:47.953: L2TP _____:________: SCCRQ: processing failed: Tunnel exists, must be a duplicate SCCRQ
Jul 2 07:19:47.953: L2TP _____:________: SCCRQ: dropping packet
Jul 2 07:19:49.952: L2TP _____:________:
Jul 2 07:19:49.952: L2TP _____:________: Rx SCCRQ, flg TLS, ver 2, len 69
Jul 2 07:19:49.952: L2TP _____:________: IETF v2:
Jul 2 07:19:49.952: L2TP _____:________: Protocol Version 1, Revision 0
Jul 2 07:19:49.952: L2TP _____:________: Framing Cap both(0x3)
Jul 2 07:19:49.952: L2TP _____:________: Hostname
Jul 2 07:19:49.952: L2TP _____:________: Hostname "anonymous"
Jul 2 07:19:49.952: L2TP _____:________: Assigned Tunnel I 0x00007741 (30529)
Jul 2 07:19:49.952: L2TP _____:________: Recv Window Size 1
Jul 2 07:19:49.952: L2TP _____:________:
Jul 2 07:19:49.952: L2TP _____:________: SCCRQ: processing failed: Tunnel exists, must be a duplicate SCCRQ
Jul 2 07:19:49.953: L2TP _____:________: SCCRQ: dropping packet
Jul 2 07:19:50.968: L2TP tnl 08174:0000C537: O Resend SCCRP, flg TLS, ver 2, len 104
Jul 2 07:19:51.952: L2TP _____:________:
Jul 2 07:19:51.952: L2TP _____:________: Rx SCCRQ, flg TLS, ver 2, len 69
Jul 2 07:19:51.952: L2TP _____:________: IETF v2:
Jul 2 07:19:51.952: L2TP _____:________: Protocol Version 1, Revision 0
Jul 2 07:19:51.952: L2TP _____:________: Framing Cap both(0x3)
Jul 2 07:19:51.952: L2TP _____:________: Hostname
Jul 2 07:19:51.952: L2TP _____:________: Hostname "anonymous"
Jul 2 07:19:51.953: L2TP _____:________: Assigned Tunnel I 0x00007741 (30529)
Jul 2 07:19:51.953: L2TP _____:________: Recv Window Size 1
Jul 2 07:19:51.953: L2TP _____:________:
Jul 2 07:19:51.953: L2TP _____:________: SCCRQ: processing failed: Tunnel exists, must be a duplicate SCCRQ
Jul 2 07:19:51.953: L2TP _____:________: SCCRQ: dropping packet
Jul 2 07:19:53.972: L2TP _____:________:
Jul 2 07:19:53.972: L2TP _____:________: Rx SCCRQ, flg TLS, ver 2, len 69
Jul 2 07:19:53.972: L2TP _____:________: IETF v2:
Jul 2 07:19:53.972: L2TP _____:________: Protocol Version 1, Revision 0
Jul 2 07:19:53.972: L2TP _____:________: Framing Cap both(0x3)
Jul 2 07:19:53.972: L2TP _____:________: Hostname
Jul 2 07:19:53.972: L2TP _____:________: Hostname "anonymous"
Jul 2 07:19:53.972: L2TP _____:________: Assigned Tunnel I 0x00007741 (30529)
Jul 2 07:19:53.972: L2TP _____:________: Recv Window Size 1
Jul 2 07:19:53.972: L2TP _____:________:
Jul 2 07:19:53.972: L2TP _____:________: SCCRQ: processing failed: Tunnel exists, must be a duplicate SCCRQ
Jul 2 07:19:53.972: L2TP _____:________: SCCRQ: dropping packet
Jul 2 07:19:55.966: L2TP tnl 08174:0000C537: Control channel has outstanding packets, delaying tunnel shutdown 1
Jul 2 07:19:55.966: L2TP tnl 08174:0000C537: resendQ has 1 paks
Jul 2 07:19:55.966: L2TP tnl 08174:0000C537: FSM-CC ev No-Users
Jul 2 07:19:55.966: L2TP tnl 08174:0000C537: FSM-CC in Wt-SCCCN
Jul 2 07:19:55.966: L2TP tnl 08174:0000C537: FSM-CC do No-Users-Ignore-Wait-SCCCN
Jul 2 07:19:55.966: L2TP tnl 08174:0000C537: Control channel has outstanding packets, delaying tunnel shutdown 2
Jul 2 07:19:55.966: L2TP tnl 08174:0000C537: resendQ has 1 paks
Jul 2 07:19:55.966: L2TP tnl 08174:0000C537: FSM-CC ev No-Users
Jul 2 07:19:55.966: L2TP tnl 08174:0000C537: FSM-CC in Wt-SCCCN
Jul 2 07:19:55.966: L2TP tnl 08174:0000C537: FSM-CC do No-Users-Ignore-Wait-SCCCN
Jul 2 07:19:55.966: L2TP tnl 08174:0000C537: Control channel has outstanding packets, delaying tunnel shutdown 3
Jul 2 07:19:55.966: L2TP tnl 08174:0000C537: resendQ has 1 paks
Jul 2 07:19:55.966: L2TP tnl 08174:0000C537: FSM-CC ev No-Users
Jul 2 07:19:55.966: L2TP tnl 08174:0000C537: FSM-CC in Wt-SCCCN
Jul 2 07:19:55.966: L2TP tnl 08174:0000C537: FSM-CC do No-Users-Ignore-Wait-SCCCN
Jul 2 07:19:55.967: L2TP tnl 08174:0000C537: Control channel has outstanding packets, delaying tunnel shutdown 4
Jul 2 07:19:55.967: L2TP tnl 08174:0000C537: resendQ has 1 paks
Jul 2 07:19:55.967: L2TP tnl 08174:0000C537: FSM-CC ev No-Users
Jul 2 07:19:55.967: L2TP tnl 08174:0000C537: FSM-CC in Wt-SCCCN
Jul 2 07:19:55.967: L2TP tnl 08174:0000C537: FSM-CC do No-Users-Ignore-Wait-SCCCN
Jul 2 07:19:55.967: L2TP tnl 08174:0000C537: Control channel has outstanding packets, delaying tunnel shutdown 5
Jul 2 07:19:55.967: L2TP tnl 08174:0000C537: resendQ has 1 paks
Jul 2 07:19:55.967: L2TP tnl 08174:0000C537: FSM-CC ev No-Users
Jul 2 07:19:55.967: L2TP tnl 08174:0000C537: FSM-CC in Wt-SCCCN
Jul 2 07:19:55.967: L2TP tnl 08174:0000C537: FSM-CC do No-Users-Ignore-Wait-SCCCN
Jul 2 07:19:55.967: L2TP tnl 08174:0000C537:
Jul 2 07:19:55.967: L2TP tnl 08174:0000C537: Shutting down tunnel
Jul 2 07:19:55.967: L2TP tnl 08174:0000C537: Result Code
Jul 2 07:19:55.967: L2TP tnl 08174:0000C537: General request to clear control connection
Jul 2 07:19:55.967: L2TP tnl 08174:0000C537: Error Code
Jul 2 07:19:55.967: L2TP tnl 08174:0000C537: No error
Jul 2 07:19:55.967: L2TP tnl 08174:0000C537: Vendor Error
Jul 2 07:19:55.967: L2TP tnl 08174:0000C537: None
Jul 2 07:19:55.967: L2TP tnl 08174:0000C537: Optional Message
Jul 2 07:19:55.967: L2TP tnl 08174:0000C537: "No application/session timer expired"
Jul 2 07:19:55.967: L2TP tnl 08174:0000C537:
Jul 2 07:19:55.967: L2TP tnl 08174:0000C537: FSM-CC ev Shut
Jul 2 07:19:55.967: L2TP tnl 08174:0000C537: FSM-CC Wt-SCCCN->Wt-STOPACK
Jul 2 07:19:55.967: L2TP tnl 08174:0000C537: FSM-CC do Tx-StopCCN-Error
Jul 2 07:19:55.968: L2TP tnl 08174:0000C537:
Jul 2 07:19:55.968: L2TP tnl 08174:0000C537: Tx StopCCN to anonymous tnl 30529
Jul 2 07:19:55.968: L2TP tnl 08174:0000C537: IETF v2:
Jul 2 07:19:55.968: L2TP tnl 08174:0000C537: Result Code
Jul 2 07:19:55.968: L2TP tnl 08174:0000C537: General request to clear control connection(1)
Jul 2 07:19:55.968: L2TP tnl 08174:0000C537: Error code
Jul 2 07:19:55.968: L2TP tnl 08174:0000C537: No error(0)
Jul 2 07:19:55.968: L2TP tnl 08174:0000C537: Optional msg
Jul 2 07:19:55.968: L2TP tnl 08174:0000C537:
Jul 2 07:19:55.968: L2TP tnl 08174:0000C537: "No application/session timer expired"
Jul 2 07:19:55.968: L2TP tnl 08174:0000C537: Assigned Tunnel I 0x0000C537 (50487)
Jul 2 07:19:55.968: L2TP tnl 08174:0000C537:
Jul 2 07:19:55.968: L2TP tnl 08174:0000C537: O StopCCN 30529/0 ns/nr 1/1. cur/max resendQ sz 0/1
Jul 2 07:19:55.982: L2TP _____:________:
Jul 2 07:19:55.982: L2TP _____:________: Rx SCCRQ, flg TLS, ver 2, len 69
Jul 2 07:19:55.982: L2TP _____:________: IETF v2:
Jul 2 07:19:55.982: L2TP _____:________: Protocol Version 1, Revision 0
Jul 2 07:19:55.982: L2TP _____:________: Framing Cap both(0x3)
Jul 2 07:19:55.983: L2TP _____:________: Hostname
Jul 2 07:19:55.983: L2TP _____:________: Hostname "anonymous"
Jul 2 07:19:55.983: L2TP _____:________: Assigned Tunnel I 0x00007741 (30529)
Jul 2 07:19:55.983: L2TP _____:________: Recv Window Size 1
Jul 2 07:19:55.983: L2TP _____:________:
Jul 2 07:19:55.983: L2TP _____:________: SCCRQ: processing failed: Tunnel exists, must be a duplicate SCCRQ
Jul 2 07:19:55.983: L2TP _____:________: SCCRQ: dropping packet

0 Helpful
Customers Also Viewed These Support Documents