Solved: Re: Need debug decryption

m.sobolev · ‎05-01-2009

Hello! Please help me to understand debug output (file attached). Interface Virtual-ppp1 gets up for 1 minute, no traffic can pass through and then interfaces goes down. I am trying to investigate the cause.

paolo bevilacqua · ‎05-02-2009

Under virtual interface, "no peer neighbor-route".

View solution in original post

andrew.prince · ‎05-02-2009

You have an issue on line 31 (nice and early in the debug):-

000558: *May 1 19:15:30.602: %CRYPTO-5-IKMP_AG_MODE_DISABLED: Unable to initiate or respond to Aggressive Mode while disabled

Enable aggresive mode ISAKMP and re-test (crypto isakmp aggressive-mode)

HTH>

m.sobolev · ‎05-02-2009

No, you can ignore CRYPTO errors. This message belongs to ipsec lan-to-lan that should be installed over l2tp tunnel. But as I said tunnel is not working and disconnects after 1 minute.

m.sobolev · ‎05-02-2009

While investigating disconnect cause I wander about this debug output:

000527: *May 1 19:15:07.141: Vp1 IPCP: Install route to 83.102.254.234

Is it possible to disable route installation by IPCP?

andrew.prince · ‎05-02-2009

In response to both your posts - without understanding the full topology, and configurations - to find the issue you would have more luck looking for a needle in a haystack.

m.sobolev · ‎05-02-2009

My router (871) is connected to provider ethernet, and gets its Fe4 ip address by DHCP. To connect to the internet router needs to establish L2TP tunnel to provider equipment. Connection goes well (interface virtual-ppp1 - up) but no traffic can pass it and connection drops in one minute. I suppose that IPCP installs route to provider L2TP gateway via L2TP tunnel so this gateway becomes unreachable. I want to disable IPCP route installation.

paolo bevilacqua · ‎05-02-2009

Under virtual interface, "no peer neighbor-route".

m.sobolev · ‎05-02-2009

Yes! Thats it! Thank you!