L2tp server
tp.internet.beeline.ru (85.21.0.239)
DNS 213.234.192.8 и 85.21.192.3
--------------------------------------------
Melchior#sh ver
Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9_NPE-M), Version 15.1(1)T1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Mon 19-Jul-10 07:17 by prod_rel_teamROM: System Bootstrap, Version 12.4(22r)YB5, RELEASE SOFTWARE (fc1)
Melchior uptime is 2 minutes
System returned to ROM by reload at 21:11:10 MSD Fri Oct 1 2010
System image file is "flash:c880data-universalk9_npe-mz.151-1.T1.bin"
Last reload type: Normal Reload
Last reload reason: Reload CommandThis product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.htmlIf you require further assistance please contact us by sending email to
export@cisco.com.Cisco 881 (MPC8300) processor (revision 1.0) with 236544K/25600K bytes of memory.
Processor board ID FCZ143393X05 FastEthernet interfaces
256K bytes of non-volatile configuration memory.
125440K bytes of ATA CompactFlash (Read/Write)
License Info:License UDI:
-------------------------------------------------
Device# PID SN
-------------------------------------------------
*0 CISCO881-K9 FCZ143393X0License Information for 'c880-data'
License Level: advsecurity_npe Type: Permanent
Next reboot license Level: advsecurity_npe
Сonfiguration register is 0x2102
-------------------------------------------------------------------------------
Melchior#sh running-c
Building configuration...Current configuration : 2021 bytes
!
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Melchior
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret 5 ******
enable password ******
!
no aaa new-model
no process cpu extended history
no process cpu autoprofile hog
memory-size iomem 10
clock timezone Moscow 3
clock summer-time MSD recurring last Sun Mar 2:00 last Sun Oct 2:00
ip source-route
no ip routing
!
!
!
!
no ip cef
no ip domain lookup
ip name-server 213.234.192.8
ip name-server 85.21.192.3
no ipv6 cef
l2tp-class beeline
receive-window 128
!
!
!
no virtual-template snmp
!
!
license udi pid CISCO881-K9 sn FCZ143393X0
!
!
!
!
pseudowire-class class1
encapsulation l2tpv2
ip local interface FastEthernet4
!
!
!
!
!
interface FastEthernet0
duplex full
speed 100
no cdp enable
!
interface FastEthernet1
shutdown
no cdp enable
!
interface FastEthernet2
shutdown
no cdp enable
!
interface FastEthernet3
shutdown
no cdp enable
!
interface FastEthernet4
description +++ L2TP Provoder +++
ip address dhcp
ip nat outside
ip virtual-reassembly
no ip route-cache
duplex full
speed 100
no cdp enable
!
interface Virtual-PPP1
description --- L2TP virtual ---
ip address negotiated
no ip proxy-arp
ip mtu 1452
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1320
no peer neighbor-route
keepalive 10000
ppp authentication chap callin
ppp chap hostname ***
ppp chap password 0 ***
no cdp enable
pseudowire 85.21.0.239 10 pw-class class1
!
interface Vlan1
description === LAN ===
ip address 192.168.1.100 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 Virtual-PPP1
!
no cdp run!
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
password ***
login
transport input all
!
scheduler max-task-time 5000
end
------------------------------------------------------------
Melchior#sh ip interface
FastEthernet0 is up, line protocol is up
Internet protocol processing disabled
FastEthernet1 is administratively down, line protocol is down
Internet protocol processing disabled
FastEthernet2 is administratively down, line protocol is down
Internet protocol processing disabled
FastEthernet3 is administratively down, line protocol is down
Internet protocol processing disabled
FastEthernet4 is up, line protocol is up
Internet address will be negotiated using DHCP
Broadcast address is 255.255.255.255
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is disabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is disabled
IP Null turbo vector
IP multicast fast switching is disabled
IP multicast distributed fast switching is disabled
IP route-cache flags are None
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain outside
BGP Policy Mapping is disabled
Input features: Stateful Inspection, Virtual Fragment Reassembly, Virtual Fragment Reassembly After IPSec Decryption, NAT Outside, MCI Check
Output features: Post-routing NAT Outside, Stateful Inspection
NVI0 is administratively down, line protocol is down
Internet protocol processing disabled
Virtual-PPP1 is up, line protocol is down
Internet address will be negotiated using IPCP
Broadcast address is 255.255.255.255
MTU is 1452 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is disabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is disabled
IP fast switching on the same interface is enabled
IP Flow switching is disabled
IP CEF switching is disabled
IP Null turbo vector
IP Null turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain outside
BGP Policy Mapping is disabled
Input features: Stateful Inspection, Virtual Fragment Reassembly, Virtual Fragment Reassembly After IPSec Decryption, NAT Outside, MCI Check, TCP Adjust MSS
Output features: Post-routing NAT Outside, Stateful Inspection, TCP Adjust MSS
Vlan1 is up, line protocol is up
Internet address is 192.168.1.100/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is disabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is disabled
IP Null turbo vector
IP Null turbo vector
IP multicast fast switching is disabled
IP multicast distributed fast switching is disabled
IP route-cache flags are None
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain inside
BGP Policy Mapping is disabled
Input features: Stateful Inspection, Virtual Fragment Reassembly, Virtual Fragment Reassembly After IPSec Decryption, MCI Check
Output features: NAT Inside, Stateful Inspection
-------------------------------------------------------------
Melchior#sh vpdn%No active L2TP tunnels
вот кусок моего рабочего конфига, который может помочь разобраться.l2tp-class corbina
!
pseudowire-class class1
encapsulation l2tpv2
protocol l2tpv2 corbina
ip local interface FastEthernet4
!
interface FastEthernet4
ip address dhcp
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Virtual-PPP1
ip address negotiated
ip access-group FIREWALL in
ip mtu 1460
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1420
no peer neighbor-route
ppp chap hostname *
ppp chap password 7 *
no cdp enable
pseudowire 85.21.0.255 10 pw-class class1
!
ip nat inside source list LAN interface FastEthernet4 overload
ip nat inside source list WAN interface Virtual-PPP1 overload
ip route 0.0.0.0 0.0.0.0 Virtual-PPP1
ip route 10.0.0.0 255.0.0.0 dhcp
ip route 83.102.146.96 255.255.255.224 dhcp
ip route 85.21.29.242 255.255.255.255 dhcp
ip route 85.21.79.0 255.255.255.0 dhcp
ip route 85.21.90.0 255.255.255.0 dhcp
ip route 195.14.50.16 255.255.255.255 dhcp
ip route 85.21.17.253 255.255.255.255 dhcp
ip route 89.179.135.67 255.255.255.255 dhcp
ip route 195.14.50.21 255.255.255.255 dhcp
ip route 195.14.50.1 255.255.255.255 dhcp
ip route 85.21.0.251 255.255.255.255 dhcp
ip route 85.21.0.253 255.255.255.255 dhcp
ip route 172.16.16.0 255.255.255.0 dhcp
ip route 85.21.108.19 255.255.255.255 dhcp
ip route 195.14.50.26 255.255.255.255 dhcp
ip route 85.21.72.83 255.255.255.255 dhcp
ip route 85.21.0.255 255.255.255.255 dhcp!
ip access-list extended FIREWALL
deny tcp any eq 139 any
deny udp any eq netbios-ns any eq netbios-ns
deny udp any eq netbios-dgm any eq netbios-dgm
deny udp any eq netbios-ss any eq netbios-ss
deny udp any any range snmp snmptrap
deny tcp any any eq 3128
deny ip 10.0.0.0 0.0.255.255 any
deny ip 127.0.0.0 0.0.0.255 any
deny udp any any range 130 140
deny tcp any any range 130 140
deny tcp any any eq 8080
permit ip any any
permit udp any any
permit gre any any
permit tcp any any
permit icmp any any
permit pcp any any
permit esp any any
permit ipinip any any
permit nos any any
ip access-list extended LAN
permit ip 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255
permit ip 192.168.1.0 0.0.0.255 83.102.146.0 0.0.0.231
permit ip 192.168.1.0 0.0.0.255 host 85.21.29.242
permit ip 192.168.1.0 0.0.0.255 85.21.79.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 85.21.90.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 host 195.14.50.16
permit ip 192.168.1.0 0.0.0.255 host 195.14.50.26
ip access-list extended WAN
permit ip 192.168.1.0 0.0.0.255 any
!и хотелось бы увидеть дебаг, что выводится при попытке установки соединения.
По прежнему
Melchior#sh interface virtual-ppp1
Virtual-PPP1 is up, line protocol is down
Hardware is Virtual PPP interface
Description: --- L2TP virtual ---
Internet address will be negotiated using IPCP
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Closed, loopback not set
Keepalive set (10000 sec)
DTR is pulsed for 1 seconds on reset
Last input never, output never, output hang never
Last clearing of "show interface" counters 00:07:17
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions> и хотелось бы увидеть дебаг, что выводится при попытке установки соединения.
Как добраться до дебага?
>> и хотелось бы увидеть дебаг, что выводится при попытке установки соединения.
> Как добраться до дебага?debug ppp nego
debug vpdn l2x-errors
debug vpdn l2x-packetsи сюда выложить кусочек, чтобы понятно было почему не устанавливается
ps. прошивкой не поделитесь, если не жалко? на рапиду например, или на почту olegbelkov на gmail.com
> ip source-route
> no ip routing
> !Для начала:
ip routing
> !
> !
> no ip cefip cef
Конфиг немного изменился...
!
! Last configuration change at 15:01:32 MSD Sun Oct 3 2010
!
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime localtime show-timezone
no service password-encryption
!
hostname Melchior
!
boot-start-marker
boot-end-marker
!
logging buffered 4096
no logging console
enable secret 5 ***
enable password ***
!
no aaa new-model
no process cpu extended history
no process cpu autoprofile hog
memory-size iomem 10
clock timezone Moscow 3
clock summer-time MSD recurring last Sun Mar 2:00 last Sun Oct 2:00
no ip source-route
!
!
!
!
ip cef
no ip domain lookup
ip name-server 213.234.192.8
ip name-server 85.21.192.3
ip inspect name InspectRule icmp
ip inspect name InspectRule tcp
ip inspect name InspectRule udp
no ipv6 cef
l2tp-class corbina
!
!
!
no virtual-template snmp
!
!
license udi pid CISCO881-K9 sn FCZ143393X0
!
!
!
!
pseudowire-class class1
encapsulation l2tpv2
protocol l2tpv2 corbina
ip local interface FastEthernet4
!
!
!
!
!
interface Loopback0
ip address 192.168.0.1 255.255.255.0
ip virtual-reassembly
shutdown
!
interface Null0
no ip unreachables
!
interface FastEthernet0
description *** LAN ***
duplex full
speed 100
no cdp enable
spanning-tree portfast
!
interface FastEthernet1
shutdown
no cdp enable
spanning-tree portfast
!
interface FastEthernet2
shutdown
no cdp enable
spanning-tree portfast
!
interface FastEthernet3
shutdown
no cdp enable
spanning-tree portfast
!
interface FastEthernet4
description +++ L2TP Provider +++
ip address dhcp
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex full
speed 100
no cdp enable
!
interface Virtual-PPP1
description --- L2TP virtual ---
ip address negotiated
ip access-group FireVal in
ip mtu 1460
ip nat outside
ip inspect InspectRule in
ip virtual-reassembly
ip tcp adjust-mss 1420
no peer neighbor-route
no keepalive
ppp chap hostname ***
ppp chap password 7 ***
no cdp enable
pseudowire 85.21.0.255 10 pw-class class1
!
interface Vlan1
description === Lan ===
ip address 192.168.1.100 255.255.255.0
ip access-group FireVal in
ip nat inside
ip inspect InspectRule in
ip virtual-reassembly
!
no ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source static udp 192.168.1.11 7476 interface Virtual-PPP1 7476
ip nat inside source static tcp 192.168.1.11 7474 interface Virtual-PPP1 7474
ip nat inside source static udp 192.168.1.11 12966 interface Virtual-PPP1 12966
ip nat inside source list LAN interface FastEthernet4 overload
ip nat inside source list WAN interface Virtual-PPP1 overload
ip route 0.0.0.0 0.0.0.0 Virtual-PPP1
ip route 10.0.0.0 255.0.0.0 dhcp
ip route 83.102.146.96 255.255.255.224 dhcp
ip route 85.21.29.242 255.255.255.255 dhcp
ip route 85.21.79.0 255.255.255.0 dhcp
ip route 85.21.90.0 255.255.255.0 dhcp
ip route 195.14.50.16 255.255.255.255 dhcp
ip route 85.21.17.253 255.255.255.255 dhcp
ip route 89.179.135.67 255.255.255.255 dhcp
ip route 195.14.50.21 255.255.255.255 dhcp
ip route 195.14.50.1 255.255.255.255 dhcp
ip route 85.21.0.251 255.255.255.255 dhcp
ip route 85.21.0.253 255.255.255.255 dhcp
ip route 172.16.16.0 255.255.255.0 dhcp
ip route 85.21.108.19 255.255.255.255 dhcp
ip route 195.14.50.26 255.255.255.255 dhcp
ip route 85.21.72.83 255.255.255.255 dhcp
ip route 85.21.0.255 255.255.255.255 dhcp
!
ip access-list extended FireVal
deny tcp any eq 139 any
deny udp any eq netbios-ns any eq netbios-ns
deny udp any eq netbios-dgm any eq netbios-dgm
deny udp any eq netbios-ss any eq netbios-ss
deny udp any any range snmp snmptrap
deny tcp any any eq 3128
deny ip 10.0.0.0 0.0.255.255 any
deny ip 127.0.0.0 0.0.0.255 any
deny udp any any range 130 140
deny tcp any any range 130 140
deny tcp any any eq 8080
permit ip any any
permit udp any any
permit gre any any
permit tcp any any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit pcp any any
permit esp any any
permit ipinip any any
permit nos any any
permit tcp any any eq 7474
permit udp any any eq 7476
permit udp any any eq 12966
deny ip any any
ip access-list extended LAN
permit ip 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255
permit ip 192.168.1.0 0.0.0.255 83.102.146.0 0.0.0.231
permit ip 192.168.1.0 0.0.0.255 host 85.21.29.242
permit ip 192.168.1.0 0.0.0.255 85.21.79.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 85.21.90.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 host 195.14.50.16
permit ip 192.168.1.0 0.0.0.255 host 195.14.50.26
deny ip any any
ip access-list extended WAN
permit ip 192.168.1.0 0.0.0.255 any
deny ip any any
!
logging trap emergencies
logging 192.168.1.11
access-list 115 permit ip 192.168.1.0 0.0.0.255 any
no cdp run!
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class 115 in
password ***
login
transport input telnet
transport output none
!
scheduler max-task-time 5000
ntp server 207.232.83.70
end
---------------------------------------------------------------
Melchior#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated routeGateway of last resort is 10.73.16.1 to network 0.0.0.0
S* 0.0.0.0/0 [254/0] via 10.73.16.1
10.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
S 10.0.0.0/8 [1/0] via 10.73.16.1
C 10.73.16.0/21 is directly connected, FastEthernet4
L 10.73.19.232/32 is directly connected, FastEthernet4
83.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
S 83.102.146.96/27 [1/0] via 10.73.16.1
S 83.102.233.202/32 [254/0] via 10.73.16.1, FastEthernet4
85.0.0.0/8 is variably subnetted, 9 subnets, 2 masks
S 85.21.0.251/32 [1/0] via 10.73.16.1
S 85.21.0.253/32 [1/0] via 10.73.16.1
S 85.21.0.255/32 [1/0] via 10.73.16.1
S 85.21.17.253/32 [1/0] via 10.73.16.1
S 85.21.29.242/32 [1/0] via 10.73.16.1
S 85.21.72.83/32 [1/0] via 10.73.16.1
S 85.21.79.0/24 [1/0] via 10.73.16.1
S 85.21.90.0/24 [1/0] via 10.73.16.1
S 85.21.108.19/32 [1/0] via 10.73.16.1
89.0.0.0/32 is subnetted, 1 subnets
S 89.179.135.67 [254/0] via 10.73.16.1
172.16.0.0/24 is subnetted, 1 subnets
S 172.16.16.0 [1/0] via 10.73.16.1
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, Vlan1
L 192.168.1.100/32 is directly connected, Vlan1
195.14.50.0/32 is subnetted, 4 subnets
S 195.14.50.1 [1/0] via 10.73.16.1
S 195.14.50.16 [1/0] via 10.73.16.1
S 195.14.50.21 [1/0] via 10.73.16.1
S 195.14.50.26 [254/0] via 10.73.16.1
---------------------------------------------------
Melchior#sh vpdnL2TP Tunnel and Session Information Total tunnels 1 sessions 1
LocTunID RemTunID Remote Name State Remote Address Sessn L2TP Class/
Count VPDN Group
31039 31236 bras255.msk est 85.21.0.255 1 corbinaLocID RemID TunID Username, Intf/ State Last Chg Uniq ID
Vcid, Circuit
63913 32344 31039 10, Vp1 est 00:00:01 1
---------------------------------------------------------
Melchior#sh ip int br
Interface IP-Address OK? Method Status Protocol
FastEthernet0 unassigned YES unset up up
FastEthernet1 unassigned YES unset administratively down down
FastEthernet2 unassigned YES unset administratively down down
FastEthernet3 unassigned YES unset administratively down down
FastEthernet4 10.73.19.232 YES DHCP up up
Loopback0 192.168.0.1 YES NVRAM administratively down down
NVI0 unassigned YES unset administratively down down
Virtual-PPP1 unassigned YES NVRAM up down
Vlan1 192.168.1.100 YES NVRAM up up
-------------------------------------------
Melchior#show ip interface virtual-ppp1
Virtual-PPP1 is up, line protocol is down
Internet address will be negotiated using IPCP
Broadcast address is 255.255.255.255
MTU is 1460 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is FireVal
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF switching turbo vector
IP Null turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain outside
BGP Policy Mapping is disabled
Input features: Stateful Inspection, Virtual Fragment Reassembly, Access List, Virtual Fragment Reassembly After IPSec Decryption, NAT Outside, MCI Check, TCP Adjust MSS
Output features: CCE Output Classification, Post-routing NAT Outside, Stateful Inspection, Firewall (NAT), Firewall (inspect), TCP Adjust MSS
Inbound inspection rule is InspectRule
----------------------------------------------Почему интерфейс Virtual-PPP1 теряет адрес ip?
Как через него пойдёт роутинг? (ip route 0.0.0.0 0.0.0.0 Virtual-PPP1)
С интерфейса FastEthernet0 идут пинги в локалку, а с FastEthernet4 пингуются интернет сервера по ip.
------------------------------
Вот дебаг
*Mar 1 00:00:02.667: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = c880-data Next reboot level = advsecurity_npe and License = advsecurity_npe
*Oct 3 17:33:58.051: %IFMGR-7-NO_IFINDEX_FILE: Unable to open nvram:/ifIndex-table No such file or directory
*Oct 3 17:34:15.643: %LINK-3-UPDOWN: Interface FastEthernet4, changed state to up
*Oct 3 17:34:16.587: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
*Oct 3 17:34:16.643: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4, changed state to up
*Oct 3 20:34:18 Moscow: %SYS-6-CLOCKUPDATE: System clock has been updated from 17:34:18 UTC Sun Oct 3 2010 to 20:34:18 Moscow Sun Oct 3 2010, configured from console by console.
*Oct 3 21:34:18 MSD: %SYS-6-CLOCKUPDATE: System clock has been updated from 20:34:18 Moscow Sun Oct 3 2010 to 21:34:18 MSD Sun Oct 3 2010, configured from console by console.
*Oct 3 21:34:19 MSD: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to up
*Oct 3 21:34:20 MSD: %LINK-5-CHANGED: Interface Loopback0, changed state to administratively down
*Oct 3 21:34:20 MSD: %LINK-5-CHANGED: Interface FastEthernet1, changed state to administratively down
*Oct 3 21:34:20 MSD: %LINK-5-CHANGED: Interface FastEthernet2, changed state to administratively down
*Oct 3 21:34:20 MSD: %LINK-5-CHANGED: Interface FastEthernet3, changed state to administratively down
*Oct 3 21:34:21 MSD: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1, changed state to down
*Oct 3 21:34:21 MSD: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet2, changed state to down
*Oct 3 21:34:21 MSD: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet3, changed state to down
*Oct 3 21:34:27 MSD: %SYS-5-CONFIG_I: Configured from memory by console
*Oct 3 21:34:27 MSD: %FW-6-INIT: Firewall inspection startup completed; beginning operation.
*Oct 3 21:34:27 MSD: %LINK-3-UPDOWN: Interface Virtual-PPP1, changed state to up
*Oct 3 21:34:31 MSD: %LINK-5-CHANGED: Interface NVI0, changed state to administratively down
*Oct 3 21:34:31 MSD: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9_NPE-M), Version 15.1(1)T1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Mon 19-Jul-10 07:17 by prod_rel_team
*Oct 3 21:34:31 MSD: %SNMP-5-COLDSTART: SNMP agent on host Melchior is undergoing a cold start
*Oct 3 21:34:32 MSD: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
*Oct 3 21:34:32 MSD: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to down
*Oct 3 21:34:32 MSD: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up
*Oct 3 21:34:41 MSD: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet4 assigned DHCP address 10.73.19.232, mask 255.255.248.0, hostname Melchior
-------------------------------------------
Звонилка...
interface Virtual-PPP1
description --- L2TP virtual ---
ip address negotiated
ip access-group FireVal in
ip mtu 1460
ip nat outside
ip inspect InspectRule in
ip virtual-reassembly
ip tcp adjust-mss 1420
no peer neighbor-route
no keepalive
ppp authentication chap ms-chap ms-chap-v2 callin
ppp chap hostname 0893724777
ppp chap password 7 0893724777
no cdp enable
pseudowire 85.21.0.255 10 pw-class class1
-------------
Строчку ppp authentication chap ms-chap ms-chap-v2 callin
Менял на ppp authentication chap callin
и на пустотуВсё равно не АУТИНФИЦИРУЕТ!
------------------------------------------
Melchior#debug ppp nego
PPP protocol negotiation debugging is on
Melchior#debug l2tp error
L2TP errors debugging is on
Melchior#debug l2tp packet error
L2TP packet errors debugging is on
Melchior#show logging
Syslog logging: enabled (0 messages dropped, 2 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)No Active Message Discriminator.
No Inactive Message Discriminator.
Console logging: level informational, 25 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 353 messages logged, xml disabled,
filtering disabled
Exception Logging: size (4096 bytes)
Count and timestamp logging messages: disabled
Persistent logging: disabledNo active filter modules.
Trap logging: level emergencies, 0 message lines logged
Logging to 192.168.1.11 (udp port 514, audit disabled,
authentication disabled, encryption disabled, link down),
0 message lines logged,
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabledLog Buffer (4096 bytes):
2:17:16.099: L2TP 00001:08002:0000C5F1: Unknown Cisco AVP 104 in CM CDN
*Oct 3 22:17:16.099: L2TP 00001:08002:0000C5F1:
*Oct 3 22:17:16.099: Vp1 LCP: Event[CLOSE] State[Stopping to Closing]
*Oct 3 22:17:16.099: Vp1 LCP: Event[DOWN] State[Closing to Initial]
*Oct 3 22:17:16.099: Vp1 PPP: Phase is DOWN
*Oct 3 22:17:20.783: PPP: Alloc Context [84D4A3C8]
*Oct 3 22:17:20.783: ppp1 PPP: Phase is ESTABLISHING
*Oct 3 22:17:20.783: Vp1 PPP: Using default call direction
*Oct 3 22:17:20.783: Vp1 PPP: Treating connection as a dedicated line
*Oct 3 22:17:20.783: Vp1 PPP: Session handle[ED000009] Session id[1]
*Oct 3 22:17:20.783: Vp1 LCP: Event[OPEN] State[Initial to Starting]
*Oct 3 22:17:20.783: Vp1 LCP: O CONFREQ [Starting] id 1 len 15
*Oct 3 22:17:20.783: Vp1 LCP: AuthProto CHAP (0x0305C22305)
*Oct 3 22:17:20.783: Vp1 LCP: MagicNumber 0x66F3D30B (0x050666F3D30B)
*Oct 3 22:17:20.783: Vp1 LCP: Event[UP] State[Starting to REQsent]
*Oct 3 22:17:22.771: Vp1 LCP: O CONFREQ [REQsent] id 2 len 15
*Oct 3 22:17:22.771: Vp1 LCP: AuthProto CHAP (0x0305C22305)
*Oct 3 22:17:22.771: Vp1 LCP: MagicNumber 0x66F3D30B (0x050666F3D30B)
*Oct 3 22:17:22.771: Vp1 LCP: Event[Timeout+] State[REQsent to REQsent]
*Oct 3 22:17:22.771: Vp1 LCP: I CONFREQ [REQsent] id 1 len 19
*Oct 3 22:17:22.771: Vp1 LCP: MRU 1460 (0x010405B4)
*Oct 3 22:17:22.771: Vp1 LCP: AuthProto CHAP (0x0305C22305)
*Oct 3 22:17:22.771: Vp1 LCP: MagicNumber 0xEB87DDEC (0x0506EB87DDEC)
*Oct 3 22:17:22.771: Vp1 LCP: O CONFNAK [REQsent] id 1 len 8
*Oct 3 22:17:22.771: Vp1 LCP: MRU 1500 (0x010405DC)
*Oct 3 22:17:22.771: Vp1 LCP: Event[Receive ConfReq-] State[REQsent to REQsent]
*Oct 3 22:17:22.771: Vp1 LCP: I CONFACK [REQsent] id 2 len 15
*Oct 3 22:17:22.771: Vp1 LCP: AuthProto CHAP (0x0305C22305)
*Oct 3 22:17:22.771: Vp1 LCP: MagicNumber 0x66F3D30B (0x050666F3D30B)
*Oct 3 22:17:22.771: Vp1 LCP: Event[Receive ConfAck] State[REQsent to ACKrcvd]
*Oct 3 22:17:22.775: Vp1 LCP: I CONFREQ [ACKrcvd] id 2 len 19
*Oct 3 22:17:22.779: Vp1 LCP: MRU 1500 (0x010405DC)
*Oct 3 22:17:22.779: Vp1 LCP: AuthProto CHAP (0x0305C22305)
*Oct 3 22:17:22.779: Vp1 LCP: MagicNumber 0xEB87DDEC (0x0506EB87DDEC)
*Oct 3 22:17:22.779: Vp1 LCP: O CONFACK [ACKrcvd] id 2 len 19
*Oct 3 22:17:22.779: Vp1 LCP: MRU 1500 (0x010405DC)
*Oct 3 22:17:22.779: Vp1 LCP: AuthProto CHAP (0x0305C22305)
*Oct 3 22:17:22.779: Vp1 LCP: MagicNumber 0xEB87DDEC (0x0506EB87DDEC)
*Oct 3 22:17:22.779: Vp1 LCP: Event[Receive ConfReq+] State[ACKrcvd to Open]
*Oct 3 22:17:22.791: Vp1 PPP: Queue CHAP code[1] id[1]
*Oct 3 22:17:22.803: Vp1 PPP: Phase is AUTHENTICATING, by both
*Oct 3 22:17:22.803: Vp1 CHAP: O CHALLENGE id 1 len 31 from "*******"
*Oct 3 22:17:22.803: Vp1 CHAP: Redirect packet to Vp1
*Oct 3 22:17:22.803: Vp1 CHAP: I CHALLENGE id 1 len 32 from "bras255.msk"
*Oct 3 22:17:22.803: Vp1 LCP: State is Open
*Oct 3 22:17:22.803: Vp1 CHAP: Using hostname from interface CHAP
*Oct 3 22:17:22.803: Vp1 CHAP: Using password from interface CHAP
*Oct 3 22:17:22.803: Vp1 CHAP: O RESPONSE id 1 len 31 from "*******"
*Oct 3 22:17:22.815: Vp1 CHAP: I FAILURE id 1 len 25 msg is "Authentication failed"
*Oct 3 22:17:22.815: Vp1 PPP DISC: We failed authentication
*Oct 3 22:17:22.815: Vp1 LCP: I TERMREQ [Open] id 3 len 4
*Oct 3 22:17:22.815: Vp1 LCP: O TERMACK [Open] id 3 len 4
*Oct 3 22:17:22.815: Vp1 LCP: Event[Receive TermReq] State[Open to Stopping]
*Oct 3 22:17:22.815: Vp1 PPP: Phase is TERMINATING
*Oct 3 22:17:22.819: L2TP _____:________: ERROR: CDN AVP 46, vendor 0: unknown
*Oct 3 22:17:22.819: L2TP 00001:08002:00006415: Unknown IETF AVP 46 in CM CDN
*Oct 3 22:17:22.819: L2TP _____:________: ERROR: CDN AVP 104, vendor 9: unknown
*Oct 3 22:17:22.819: L2TP 00001:08002:00006415: Unknown Cisco AVP 104 in CM CDN
*Oct 3 22:17:22.823: L2TP 00001:08002:00006415:
*Oct 3 22:17:22.823: Vp1 LCP: Event[CLOSE] State[Stopping to Closing]
*Oct 3 22:17:22.823: Vp1 LCP: Event[DOWN] State[Closing to Initial]
*Oct 3 22:17:22.823: Vp1 PPP: Phase is DOWN