Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
590
Views
0
Helpful
0
Replies

L2TP VPN stopped working

brcruz001
Level 1
Level 1

‎08-04-2017 04:48 PM

Hi Gents,

I need help with my VPN setup. I configured L2TP on my 2901. Everything was working fine, until last week. I was following CISCO hardening guide, but I can't be sure that my VPN stopped right after I change a few lines on my router. Anyway, I can't see what is wrong. From every device I try to connect I've got the same message: "The VPN server did not respond." I don't see anything on Syslog, neither on debug.

Here's my conf:

R2901#show running-config
Building configuration...

Current configuration : 4910 bytes
!
! Last configuration change at 23:04:57 UTC Fri Aug 4 2017 by bruno
!
version 15.1
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec localtime year
service password-encryption
no service password-recovery
!
hostname R2901
!
boot-start-marker
boot system flash0:c2900-universalk9-mz.SPA.151-2.T2.bin
boot-end-marker
!
!
no logging monitor
enable secret XXXXXXXXXXXXXXXXX.
enable password XXXXXXXXXXXXXXX
!
aaa new-model
aaa local authentication attempts max-fail 3
!
!
aaa authentication login default local
aaa authentication ppp default local
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
!
process cpu threshold type total rising 80 interval 5 falling 60 interval 5
!
no ipv6 source-route
no ipv6 cef
no ip source-route
no ip icmp rate-limit unreachable
ip cef
!
!
!
ip dhcp bootp ignore
!
!
no ip bootp server
ip domain name XXXXX
ip host BORDERROUTER 192.168.1.1
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip ddns update method XXXXXXXX
 X
  add XXXXXX://XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 interval minimum 0 0 1 0
!
!
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group 1
 ! Default PPTP VPDN group
 accept-dialin
  protocol pptp
  virtual-template 1
 l2tp tunnel timeout no-session 15
!
vpdn-group L2TP
 ! Default L2TP VPDN group
 accept-dialin
  protocol l2tp
  virtual-template 1
 no l2tp tunnel authentication
!
!
!
!
!
crypto pki token default removal timeout 0
!
!
voice-card 0
!
!
!
!
!
!
!
license udi pid CISCO2901/K9 sn XXXXXXXXXX
hw-module pvdm 0/0
!
hw-module pvdm 0/1
!
!
!
memory reserve critical 10000
memory reserve console 4096
memory free low-watermark processor 333000
memory free low-watermark IO 41000
username XXXXXXXX password XXXXXXXXXXXX
username XXXXXX
!
redundancy
!
!
!
!
ip ssh time-out 60
!
!
crypto isakmp policy 10
 encr 3des
 authentication pre-share
 group 2
 lifetime 3600
crypto isakmp key XXXXXX address 0.0.0.0 0.0.0.0 no-xauth
crypto isakmp keepalive 3600
!
crypto isakmp client configuration group 1
!
!
crypto ipsec transform-set ipnetconfig esp-3des esp-sha-hmac
 mode transport
!
crypto dynamic-map ipnetconfig-map 10
 set nat demux
 set transform-set ipnetconfig
!
!
crypto map cisco 10 ipsec-isakmp dynamic ipnetconfig-map
!
!
!
!
!
interface Loopback0
 ip address 192.168.254.1 255.255.255.0
 ip virtual-reassembly in
!
interface GigabitEthernet0/0
 description XXXXXXXXXXX
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 rate-limit input access-group 160 64000 8000 8000 conform-action transmit exceed-action drop
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 1
 no cdp enable
!
interface GigabitEthernet0/1
 description LAN
 ip address 192.168.1.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly in
 no ip route-cache cef
 no ip route-cache
 duplex auto
 speed auto
 no cdp enable
 no mop enabled
!
interface Virtual-Template1
 ip unnumbered Dialer1
 ip virtual-reassembly in
 peer default ip address pool poolvpn
 no keepalive
 ppp encrypt mppe 40
 ppp authentication ms-chap-v2
!
interface Dialer1
 ip ddns update hostname XXXXXXXXX
 ip ddns update XXXXXX
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly in
 rate-limit input access-group 160 64000 8000 8000 conform-action transmit exceed-action drop
 encapsulation ppp
 no ip route-cache same-interface
 no ip route-cache cef
 no ip route-cache
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer-group 1
 ppp chap hostname XXXXX
 ppp chap password XXXXXXXXXXX
 ppp pap sent-username XXXXXXXXX password XXXXXXXXXXX
 no cdp enable
 crypto map cisco
!
ip local pool test 192.168.2.10 192.168.2.20
ip local pool poolvpn 10.10.10.1 10.10.10.6
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip dns server queue limit forwarder 10000
ip dns server
ip nat inside source list 1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
logging 192.168.1.4
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 160 deny   tcp any any established
access-list 160 permit tcp any any syn
dialer-list 1 protocol ip permit
!
no cdp run
!
!
!
route-map livetim permit 10
 match ip address 10
 match interface Dialer1
!
!
snmp-server enable traps cpu threshold
!
!
control-plane
!
!
!
!
!
!
!
!
gatekeeper
 shutdown
!
banner exec ^CEntering EXEC mode on R2901...^C
!
line con 0
line aux 0
 no activation-character
 no exec
 transport preferred none
 transport input all
 stopbits 1
line vty 0 4
 password XXXXXXXXXXXX
 transport input ssh
!
exception memory ignore overflow processor
exception memory ignore overflow io
scheduler allocate 20000 1000
ntp server 200.160.7.186
ntp server 200.186.125.195
end

Is there anything wrong with my conf?

Regards.

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents