Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
528
Views
0
Helpful
0
Replies

Problems establishing an L2TP tunnel between an Iphone and a 3845 ISR

Kimpenp
Level 1
Level 1

‎11-07-2021 07:03 AM

Hi,

 

I'm having trouble making a VPN connection from my iphone to my cisco 3845 ISR router.

The config worked fine for years but I recently impemented HSRP for my internal networks (that setup is working fine) (with a 2921 ISR router).

 

I'm seeing the following when I run debug commands:

 

28224517: *Nov 7 12:51:07.056 UTC: L2TP: I SCCRQ from iPhone tnl 25
28224518: *Nov 7 12:51:07.056 UTC: AAA/BIND(0000018F): Bind i/f
28224519: *Nov 7 12:51:07.056 UTC: Tnl 15082 L2TP: Tunnel Authorization starte d for host iPhone
28224520: *Nov 7 12:51:07.056 UTC: Tnl 15082 L2TP: New tunnel created for remo te iPhone, address 188.188.153.8
28224521: *Nov 7 12:51:07.056 UTC: L2X: Tunnel author reply L2X info not found
28224522: *Nov 7 12:51:07.056 UTC: Tnl 15082 L2TP: Deny SCCRQ, Local interface for IP address 195.130.157.146 is down
28224523: *Nov 7 12:51:07.056 UTC: Tnl 15082 L2TP: Shutdown tunnel
28224524: *Nov 7 12:51:07.852 UTC: L2TP: I SCCRQ from iPhone tnl 25
28224525: *Nov 7 12:51:07.852 UTC: AAA/BIND(00000190): Bind i/f
28224526: *Nov 7 12:51:07.856 UTC: Tnl 1699 L2TP: Tunnel Authorization started for host iPhone
28224527: *Nov 7 12:51:07.856 UTC: Tnl 1699 L2TP: New tunnel created for remot e iPhone, address 188.188.153.8
28224528: *Nov 7 12:51:07.856 UTC: L2X: Tunnel author reply L2X info not found
28224529: *Nov 7 12:51:07.856 UTC: Tnl 1699 L2TP: Deny SCCRQ, Local interface for IP address 195.130.157.146 is down
28224530: *Nov 7 12:51:07.856 UTC: Tnl 1699 L2TP: Shutdown tunnel
28224531: *Nov 7 12:51:09.864 UTC: L2TP: I SCCRQ from iPhone tnl 25
28224532: *Nov 7 12:51:09.864 UTC: AAA/BIND(00000191): Bind i/f
28224533: *Nov 7 12:51:09.864 UTC: Tnl 53852 L2TP: Tunnel Authorization starte d for host iPhone

 

I really don't know the meaning of error: L2X: Tunnel author reply L2X info not found

I can show you my relevant config:

 

aaa new-model
!
!
aaa authentication login default local
aaa authentication login local_auth local
aaa authentication ppp default local
aaa authentication ppp VPDN_AUTH local
aaa authorization exec default local
!
aaa session-id common

vpdn enable
vpdn source-ip < ext. IP address>
!
vpdn-group 1
! Default L2TP VPDN group
 accept-dialin
  protocol l2tp
  virtual-template 1
 no l2tp tunnel authentication

username <username> password 7 <paswoord>

crypto isakmp key <paswoord> address 0.0.0.0 0.0.0.0 no-xauth
crypto isakmp invalid-spi-recovery
crypto isakmp keepalive 10 periodic
crypto isakmp nat keepalive 3600

crypto ipsec transform-set l2tppjk esp-3des esp-sha-hmac
 mode transport

crypto dynamic-map l2tppjk-map 10
 set nat demux
 set transform-set l2tppjk

interface GigabitEthernet0/0
 description De buitenwereld WAN
 ip address <extern IP> 255.255.255.248
 ip access-group 120 in
 ip verify unicast source reachable-via rx allow-default 102
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip inspect autosec_inspect out
 ip virtual-reassembly
 no ip mroute-cache
 duplex auto
 speed auto
 media-type rj45
 no cdp enable
 no mop enabled
 crypto map cisco

interface GigabitEthernet0/1
 description "Lokaal LAN"
 ip address 10.10.10.9 255.255.255.0
 ip access-group 100 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip inspect firewall in
 ip virtual-reassembly
 ip route-cache same-interface
 ip route-cache flow
 ip tcp adjust-mss 1452
 duplex auto
 speed auto
 media-type rj45
 no mop enabled
 standby 2 ip 10.10.10.1
 standby 2 priority 250
 standby 2 preempt

interface Virtual-Template1
 description "VPN connection Iphones"
 ip unnumbered GigabitEthernet0/0
 ip access-group 130 in
 ip nat inside
 ip virtual-reassembly
 load-interval 30
 peer default ip address pool PPTP-Pool
 no keepalive
 ppp encrypt mppe 128
 ppp authentication chap ms-chap ms-chap-v2 VPDN_AUTH
 ppp ipcp dns 10.10.10.80 10.10.10.81

ip local pool PPTP-Pool 10.10.50.30 10.10.50.40

ip nat pool VPNPHONE-POOL 10.10.50.0 10.10.50.255 netmask 255.255.255.0

ip nat inside source list 130 interface GigabitEthernet0/0 overload

access-list 130 permit tcp 10.10.50.0 0.0.0.255 any
access-list 130 permit udp 10.10.50.0 0.0.0.255 any
access-list 130 permit icmp 10.10.50.0 0.0.0.255 any
access-list 130 permit esp 10.10.50.0 0.0.0.255 any
access-list 130 permit gre 10.10.50.0 0.0.0.255 any
access-list 130 deny   ip any any

I did use the following debug commands:

 

Cisco3845# show debugging
General OS:
AAA Authentication debugging is on
VPN:
L2X protocol events debugging is on
L2X protocol errors debugging is on
VPDN events debugging is on
VPDN errors debugging is on
PPP:
PPP authentication debugging is on
PPP protocol negotiation debugging is on

Cryptographic Subsystem:
Crypto ISAKMP debugging is on
Crypto IPSEC debugging is on

 

The keypairs for the tunnel seem to be exchanged fine.

 

If you need anymore debug info, please let me know.

I've searched all over the web but I could not smee to find any relevant info on these errors.

Please let me know if you need any other debug info.

 

Since I need the VPN for work (i am self employed) i would greatly appriciate it if this problem get's solved.

Could you please assist me in solving this case?

 

Best regards,

 

Pieter

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents