URL: https://www.opennet.me/cgi-bin/openforum/vsluhboard.cgi
Форум: vsluhforumID6
Нить номер: 1804
[ Назад ]

Исходное сообщение
"cisco как vpn client"
Отправлено rus73leon , 31-Авг-15 15:15

Hi all !
Есть задачка,
нужно поднять vpn соединение через интернет с cisco роутера до удаленного филиала (mikrotik)
первоначально был cisco 871 12.4(15), vpn поднял:
service internal
l2tp-class leon
receive-window 256
pseudowire-class class1
encapsulation l2tpv2
protocol l2tpv2 leon
ip local interface Dialer0
interface Virtual-PPP1
ip address negotiated
no ip proxy-arp
ip mtu 1450
ip virtual-reassembly
ip tcp adjust-mss 1410
no peer neighbor-route
no cdp enable
ppp pfc local request
ppp authentication chap ms-chap ms-chap-v2 callin
ppp chap hostname ppp_leon2
ppp chap password 7 040A59555B74
pseudowire x.x.x.x 10 pw-class class1
все работает.
сейчас возникла необходимость замены оборудования на cisco 1921 15.4(3)
указаннй выше конфиг уже не работает (((
не могу понять в чем дело. постоянно "line protocol is down"
gw-01#sho int virtual-ppp1
Virtual-PPP1 is up, line protocol is down
  Hardware is Virtual PPP interface
  Internet address will be negotiated using IPCP
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, LCP Closing, loopback not set
  Keepalive set (10 sec)
  DTR is pulsed for 1 seconds on reset
  Last input 00:02:24, output never, output hang never
  Last clearing of "show interface" counters 3d00h
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     584 packets input, 8296 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     373 packets output, 7018 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions
gw-01#sho l2tp
L2TP Tunnel and Session Information Total tunnels 1 sessions 1
LocTunID   RemTunID   Remote Name   State  Remote Address  Sessn L2TP Class/
                                                           Count VPDN Group
21058      4156       MikroTik      est    x.x.x.x   1     leon
LocID      RemID      TunID      Username, Intf/      State  Last Chg Uniq ID
                                 Vcid, Circuit
29340      13         21058      10, Vp1              est    00:09:11 0

Содержание

cisco как vpn client,Merridius, 00:38 , 01-Сен-15
- cisco как vpn client,rus73leon, 11:49 , 02-Сен-15
  - cisco как vpn client,rus73leon, 12:10 , 02-Сен-15

Сообщения в этом обсуждении

"cisco как vpn client"
Отправлено Merridius , 01-Сен-15 00:38

>[оверквотинг удален]
> TunID      Username, Intf/
>   State  Last Chg Uniq ID
>
>
>           Vcid,
> Circuit
> 29340      13
>    21058      10, Vp1
>
>   est    00:09:11 0
Вообще, нормальные люди для целей site-to-site vpn используют ipsec или gre over ipsec.
А по теме, выкладывайте debug ppp negotiation для начала.

"cisco как vpn client"
Отправлено rus73leon , 02-Сен-15 11:49

*Sep  2 08:35:20.331: Vp1 PPP: Phase is DOWN
*Sep  2 08:35:24.823: PPP: Alloc Context [2BAAF2C4]
*Sep  2 08:35:24.823: ppp0 PPP: Phase is ESTABLISHING
*Sep  2 08:35:24.823: Vp1 PPP: Using default call direction
*Sep  2 08:35:24.823: Vp1 PPP: Treating connection as a dedicated line
*Sep  2 08:35:24.823: Vp1 PPP: Session handle[7E00000A] Session id[0]
*Sep  2 08:35:24.823: Vp1 LCP: Event[OPEN] State[Initial to Starting]
*Sep  2 08:35:24.823: Vp1 LCP: O CONFREQ [Starting] id 1 len 17
*Sep  2 08:35:24.823: Vp1 LCP:    AuthProto CHAP (0x0305C22305)
*Sep  2 08:35:24.823: Vp1 LCP:    MagicNumber 0xB820FC82 (0x0506B820FC82)
*Sep  2 08:35:24.823: Vp1 LCP:    PFC (0x0702)
*Sep  2 08:35:24.823: Vp1 LCP: Event[UP] State[Starting to REQsent]
*Sep  2 08:35:25.931: Vp1 LCP: I CONFREQ [REQsent] id 1 len 19
*Sep  2 08:35:25.931: Vp1 LCP:    AuthProto MS-CHAP-V2 (0x0305C22381)
*Sep  2 08:35:25.931: Vp1 LCP:    MRU 1450 (0x010405AA)
*Sep  2 08:35:25.931: Vp1 LCP:    MagicNumber 0x0D6C87DA (0x05060D6C87DA)
*Sep  2 08:35:25.931: Vp1 LCP: O CONFNAK [REQsent] id 1 len 8
*Sep  2 08:35:25.931: Vp1 LCP:    MRU 1500 (0x010405DC)
*Sep  2 08:35:25.931: Vp1 LCP: Event[Receive ConfReq-] State[REQsent to REQsent]
*Sep  2 08:35:25.935: Vp1 LCP: I CONFREQ [REQsent] id 2 len 15
*Sep  2 08:35:25.935: Vp1 LCP:    AuthProto MS-CHAP-V2 (0x0305C22381)
*Sep  2 08:35:25.935: Vp1 LCP:    MagicNumber 0x0D6C87DA (0x05060D6C87DA)
*Sep  2 08:35:25.935: Vp1 LCP: O CONFACK [REQsent] id 2 len 15
*Sep  2 08:35:25.935: Vp1 LCP:    AuthProto MS-CHAP-V2 (0x0305C22381)
*Sep  2 08:35:25.935: Vp1 LCP:    MagicNumber 0x0D6C87DA (0x05060D6C87DA)
*Sep  2 08:35:25.935: Vp1 LCP: Event[Receive ConfReq+] State[REQsent to ACKsent]
*Sep  2 08:35:26.839: Vp1 LCP: O CONFREQ [ACKsent] id 2 len 17
*Sep  2 08:35:26.839: Vp1 LCP:    AuthProto CHAP (0x0305C22305)
*Sep  2 08:35:26.839: Vp1 LCP:    MagicNumber 0xB820FC82 (0x0506B820FC82)
*Sep  2 08:35:26.839: Vp1 LCP:    PFC (0x0702)
*Sep  2 08:35:26.839: Vp1 LCP: Event[Timeout+] State[ACKsent to ACKsent]
*Sep  2 08:35:26.839: Vp1 LCP: I CONFREJ [ACKsent] id 2 len 11
*Sep  2 08:35:26.839: Vp1 LCP:    AuthProto CHAP (0x0305C22305)
*Sep  2 08:35:26.839: Vp1 LCP:    PFC (0x0702)
*Sep  2 08:35:26.839: Vp1 LCP: O CONFREQ [ACKsent] id 3 len 15
*Sep  2 08:35:26.839: Vp1 LCP:    AuthProto MS-CHAP (0x0305C22380)
*Sep  2 08:35:26.843: Vp1 LCP:    MagicNumber 0xB820FC82 (0x0506B820FC82)
*Sep  2 08:35:26.843: Vp1 LCP: Event[Receive ConfNak/Rej] State[ACKsent to ACKsent]
*Sep  2 08:35:26.843: Vp1 LCP: I CONFREJ [ACKsent] id 3 len 9
*Sep  2 08:35:26.843: Vp1 LCP:    AuthProto MS-CHAP (0x0305C22380)
*Sep  2 08:35:26.843: Vp1 LCP: O CONFREQ [ACKsent] id 4 len 15
*Sep  2 08:35:26.843: Vp1 LCP:    AuthProto MS-CHAP-V2 (0x0305C22381)
*Sep  2 08:35:26.843: Vp1 LCP:    MagicNumber 0xB820FC82 (0x0506B820FC82)
*Sep  2 08:35:26.843: Vp1 LCP: Event[Receive ConfNak/Rej] State[ACKsent to ACKsent]
*Sep  2 08:35:26.847: Vp1 LCP: I CONFREJ [ACKsent] id 4 len 9
*Sep  2 08:35:26.851: Vp1 LCP:    AuthProto MS-CHAP-V2 (0x0305C22381)
*Sep  2 08:35:26.851: Vp1 LCP: O CONFREQ [ACKsent] id 5 len 15
*Sep  2 08:35:26.851: Vp1 LCP:    AuthProto CHAP (0x0305C22305)
*Sep  2 08:35:26.851: Vp1 LCP:    MagicNumber 0xB820FC82 (0x0506B820FC82)
*Sep  2 08:35:26.851: Vp1 LCP: Event[Receive ConfNak/Rej] State[ACKsent to ACKsent]
*Sep  2 08:35:26.851: Vp1 LCP: I CONFREJ [ACKsent] id 5 len 9
*Sep  2 08:35:26.851: Vp1 LCP:    AuthProto CHAP (0x0305C22305)
*Sep  2 08:35:26.851: Vp1 LCP: O CONFREQ [ACKsent] id 6 len 15
*Sep  2 08:35:26.851: Vp1 LCP:    AuthProto MS-CHAP (0x0305C22380)
*Sep  2 08:35:26.851: Vp1 LCP:    MagicNumber 0xB820FC82 (0x0506B820FC82)
*Sep  2 08:35:26.851: Vp1 LCP: Event[Receive ConfNak/Rej] State[ACKsent to ACKsent]
*Sep  2 08:35:26.855: Vp1 LCP: I CONFREJ [ACKsent] id 6 len 9
*Sep  2 08:35:26.855: Vp1 LCP:    AuthProto MS-CHAP (0x0305C22380)
*Sep  2 08:35:26.855: Vp1 LCP: O CONFREQ [ACKsent] id 7 len 15
*Sep  2 08:35:26.855: Vp1 LCP:    AuthProto MS-CHAP-V2 (0x0305C22381)
*Sep  2 08:35:26.855: Vp1 LCP:    MagicNumber 0xB820FC82 (0x0506B820FC82)
*Sep  2 08:35:26.855: Vp1 LCP: Event[Receive ConfNak/Rej] State[ACKsent to ACKsent]
*Sep  2 08:35:26.859: Vp1 LCP: I CONFREJ [ACKsent] id 7 len 9
*Sep  2 08:35:26.859: Vp1 LCP:    AuthProto MS-CHAP-V2 (0x0305C22381)
*Sep  2 08:35:26.859: Vp1 LCP: O CONFREQ [ACKsent] id 8 len 15
*Sep  2 08:35:26.859: Vp1 LCP:    AuthProto CHAP (0x0305C22305)
*Sep  2 08:35:26.859: Vp1 LCP:    MagicNumber 0xB820FC82 (0x0506B820FC82)
*Sep  2 08:35:26.859: Vp1 LCP: Event[Receive ConfNak/Rej] State[ACKsent to ACKsent]
*Sep  2 08:35:26.863: Vp1 LCP: I CONFREJ [ACKsent] id 8 len 9
*Sep  2 08:35:26.863: Vp1 LCP:    AuthProto CHAP (0x0305C22305)
*Sep  2 08:35:26.863: Vp1 LCP: O CONFREQ [ACKsent] id 9 len 15
*Sep  2 08:35:26.863: Vp1 LCP:    AuthProto MS-CHAP (0x0305C22380)
*Sep  2 08:35:26.863: Vp1 LCP:    MagicNumber 0xB820FC82 (0x0506B820FC82)
*Sep  2 08:35:26.863: Vp1 LCP: Event[Receive ConfNak/Rej] State[ACKsent to ACKsent]
*Sep  2 08:35:26.867: Vp1 LCP: I CONFREJ [ACKsent] id 9 len 9
*Sep  2 08:35:26.867: Vp1 LCP:    AuthProto MS-CHAP (0x0305C22380)
*Sep  2 08:35:26.867: Vp1 LCP: O CONFREQ [ACKsent] id 10 len 15
*Sep  2 08:35:26.867: Vp1 LCP:    AuthProto MS-CHAP-V2 (0x0305C22381)
*Sep  2 08:35:26.867: Vp1 LCP:    MagicNumber 0xB820FC82 (0x0506B820FC82)
*Sep  2 08:35:26.867: Vp1 LCP: Event[Receive ConfNak/Rej] State[ACKsent to ACKsent]
*Sep  2 08:35:26.871: Vp1 PPP: Control packet rate limit 10 reached
*Sep  2 08:35:26.871: Vp1 PPP: Entering block state for 30 seconds
*Sep  2 08:35:26.871: Vp1 PPP: Packet throttled, Dropping packet
*Sep  2 08:35:26.911: Vp1 PPP: Packet throttled, Dropping packet
*Sep  2 08:35:28.511: Vp1 PPP: Packet throttled, Dropping packet
*Sep  2 08:35:30.703: Vp1 PPP: Packet throttled, Dropping packet
*Sep  2 08:35:33.799: Vp1 PPP: Packet throttled, Dropping packet
*Sep  2 08:35:38.687: Vp1 PPP: Packet throttled, Dropping packet
*Sep  2 08:35:46.607: Vp1 PPP: Packet throttled, Dropping packet
*Sep  2 08:35:49.015: Vp1 LCP: O CONFREQ [ACKsent] id 11 len 15
*Sep  2 08:35:49.015: Vp1 LCP:    AuthProto MS-CHAP-V2 (0x0305C22381)
*Sep  2 08:35:49.015: Vp1 LCP:    MagicNumber 0xB820FC82 (0x0506B820FC82)
*Sep  2 08:35:49.015: Vp1 LCP: Event[Timeout+] State[ACKsent to ACKsent]
*Sep  2 08:35:49.015: Vp1 PPP: Packet throttled, Dropping packet
*Sep  2 08:35:51.031: Vp1 LCP: O CONFREQ [ACKsent] id 12 len 15
*Sep  2 08:35:51.031: Vp1 LCP:    AuthProto MS-CHAP-V2 (0x0305C22381)
*Sep  2 08:35:51.031: Vp1 LCP:    MagicNumber 0xB820FC82 (0x0506B820FC82)
*Sep  2 08:35:51.031: Vp1 LCP: Event[Timeout+] State[ACKsent to ACKsent]
*Sep  2 08:35:51.031: Vp1 PPP: Packet throttled, Dropping packet
*Sep  2 08:35:53.047: Vp1 LCP: O CONFREQ [ACKsent] id 13 len 15
*Sep  2 08:35:53.047: Vp1 LCP:    AuthProto MS-CHAP-V2 (0x0305C22381)
*Sep  2 08:35:53.047: Vp1 LCP:    MagicNumber 0xB820FC82 (0x0506B820FC82)
*Sep  2 08:35:53.047: Vp1 LCP: Event[Timeout+] State[ACKsent to ACKsent]
*Sep  2 08:35:53.047: Vp1 PPP: Packet throttled, Dropping packet
*Sep  2 08:35:55.063: Vp1 LCP: O CONFREQ [ACKsent] id 14 len 15
*Sep  2 08:35:55.063: Vp1 LCP:    AuthProto MS-CHAP-V2 (0x0305C22381)
*Sep  2 08:35:55.063: Vp1 LCP:    MagicNumber 0xB820FC82 (0x0506B820FC82)
*Sep  2 08:35:55.063: Vp1 LCP: Event[Timeout+] State[ACKsent to ACKsent]
*Sep  2 08:35:55.063: Vp1 PPP: Packet throttled, Dropping packet
*Sep  2 08:35:57.079: Vp1 LCP: O CONFREQ [ACKsent] id 15 len 15
*Sep  2 08:35:57.079: Vp1 LCP:    AuthProto MS-CHAP-V2 (0x0305C22381)
*Sep  2 08:35:57.079: Vp1 LCP:    MagicNumber 0xB820FC82 (0x0506B820FC82)
*Sep  2 08:35:57.079: Vp1 LCP: Event[Timeout+] State[ACKsent to ACKsent]
*Sep  2 08:35:57.079: Vp1 LCP: I CONFREJ [ACKsent] id 15 len 9
*Sep  2 08:35:57.079: Vp1 LCP:    AuthProto MS-CHAP-V2 (0x0305C22381)
*Sep  2 08:35:57.079: Vp1 LCP: O CONFREQ [ACKsent] id 16 len 15
*Sep  2 08:35:57.079: Vp1 LCP:    AuthProto CHAP (0x0305C22305)
*Sep  2 08:35:57.083: Vp1 LCP:    MagicNumber 0xB820FC82 (0x0506B820FC82)
*Sep  2 08:35:57.083: Vp1 LCP: Event[Receive ConfNak/Rej] State[ACKsent to ACKsent]
*Sep  2 08:35:57.083: Vp1 LCP: I CONFREJ [ACKsent] id 16 len 9
*Sep  2 08:35:57.083: Vp1 LCP:    AuthProto CHAP (0x0305C22305)
*Sep  2 08:35:57.083: Vp1 LCP: Received too many CONFREJs.  Closing CP
*Sep  2 08:35:57.083: Vp1 PPP DISC: LCP failed to negotiate
*Sep  2 08:35:57.083: PPP: NET STOP send to AAA.
*Sep  2 08:35:57.083: Vp1 LCP: Event[CLOSE] State[ACKsent to Closing]
*Sep  2 08:35:58.467: Vp1 LCP: I CONFREQ [Closing] id 9 len 15
*Sep  2 08:35:58.467: Vp1 LCP:    AuthProto MS-CHAP-V2 (0x0305C22381)
*Sep  2 08:35:58.467: Vp1 LCP:    MagicNumber 0x0D6C87DA (0x05060D6C87DA)
*Sep  2 08:35:58.467: Vp1 LCP: Event[Receive ConfReq+] State[Closing to Closing]
*Sep  2 08:35:59.095: Vp1 LCP: Event[Timeout+] State[Closing to Closing]
*Sep  2 08:36:14.747: Vp1 LCP: I CONFREQ [Closing] id 10 len 15
*Sep  2 08:36:14.747: Vp1 LCP:    AuthProto MS-CHAP-V2 (0x0305C22381)
*Sep  2 08:36:14.747: Vp1 LCP:    MagicNumber 0x0D6C87DA (0x05060D6C87DA)
*Sep  2 08:36:14.747: Vp1 LCP: Event[Receive ConfReq+] State[Closing to Closing]
*Sep  2 08:36:39.295: Vp1 LCP: I CONFREQ [Closing] id 11 len 15
*Sep  2 08:36:39.295: Vp1 LCP:    AuthProto MS-CHAP-V2 (0x0305C22381)
*Sep  2 08:36:39.295: Vp1 LCP:    MagicNumber 0x0D6C87DA (0x05060D6C87DA)
*Sep  2 08:36:39.295: Vp1 LCP: Event[Receive ConfReq+] State[Closing to Closing]
*Sep  2 08:37:14.623: Vp1 LCP: I CONFREQ [Closing] id 12 len 15
*Sep  2 08:37:14.623: Vp1 LCP:    AuthProto MS-CHAP-V2 (0x0305C22381)
*Sep  2 08:37:14.623: Vp1 LCP:    MagicNumber 0x0D6C87DA (0x05060D6C87DA)
*Sep  2 08:37:14.623: Vp1 LCP: Event[Receive ConfReq+] State[Closing to Closing]
*Sep  2 08:38:10.679: Vp1 LCP: Event[CLOSE] State[Closing to Closing]
*Sep  2 08:38:10.679: Vp1 PPP: Phase is TERMINATING
*Sep  2 08:38:10.679: Vp1 LCP: Event[DOWN] State[Closing to Initial]
*Sep  2 08:38:10.679: Vp1 PPP: Phase is DOWN

"cisco как vpn client"
Отправлено rus73leon , 02-Сен-15 12:10

>[оверквотинг удален]
> *Sep  2 08:36:39.295: Vp1 LCP: Event[Receive ConfReq+] State[Closing to Closing]
> *Sep  2 08:37:14.623: Vp1 LCP: I CONFREQ [Closing] id 12 len
> 15
> *Sep  2 08:37:14.623: Vp1 LCP:    AuthProto MS-CHAP-V2 (0x0305C22381)
> *Sep  2 08:37:14.623: Vp1 LCP:    MagicNumber 0x0D6C87DA (0x05060D6C87DA)
> *Sep  2 08:37:14.623: Vp1 LCP: Event[Receive ConfReq+] State[Closing to Closing]
> *Sep  2 08:38:10.679: Vp1 LCP: Event[CLOSE] State[Closing to Closing]
> *Sep  2 08:38:10.679: Vp1 PPP: Phase is TERMINATING
> *Sep  2 08:38:10.679: Vp1 LCP: Event[DOWN] State[Closing to Initial]
> *Sep  2 08:38:10.679: Vp1 PPP: Phase is DOWN
можете подсказать как в данной ситуации с интерфейсом virtual-ppp прикрутить ipsec ?