URL: https://www.opennet.me/cgi-bin/openforum/vsluhboard.cgi
Форум: vsluhforumID6
Нить номер: 21677
[ Назад ]

Исходное сообщение
"Cisco 881. Не получается подключиться по L2TP к Провайдеру."

Отправлено Balabans , 01-Окт-10 21:24 
L2tp server
tp.internet.beeline.ru (85.21.0.239)
DNS 213.234.192.8 и 85.21.192.3
--------------------------------------------
Melchior#sh ver
Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9_NPE-M), Version 15.1(1)T1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Mon 19-Jul-10 07:17 by prod_rel_team

ROM: System Bootstrap, Version 12.4(22r)YB5, RELEASE SOFTWARE (fc1)

Melchior uptime is 2 minutes
System returned to ROM by reload at 21:11:10 MSD Fri Oct 1 2010
System image file is "flash:c880data-universalk9_npe-mz.151-1.T1.bin"
Last reload type: Normal Reload
Last reload reason: Reload Command

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 881 (MPC8300) processor (revision 1.0) with 236544K/25600K bytes of memory.
Processor board ID FCZ143393X0

5 FastEthernet interfaces
256K bytes of non-volatile configuration memory.
125440K bytes of ATA CompactFlash (Read/Write)


License Info:

License UDI:

-------------------------------------------------
Device#   PID                   SN
-------------------------------------------------
*0        CISCO881-K9           FCZ143393X0    

License Information for 'c880-data'
    License Level: advsecurity_npe   Type: Permanent
    Next reboot license Level: advsecurity_npe


Сonfiguration register is 0x2102
-------------------------------------------------------------------------------
Melchior#sh running-c
Building configuration...

Current configuration : 2021 bytes
!
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Melchior
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret 5 ******
enable password ******
!
no aaa new-model
no process cpu extended history
no process cpu autoprofile hog
memory-size iomem 10
clock timezone Moscow 3
clock summer-time MSD recurring last Sun Mar 2:00 last Sun Oct 2:00
ip source-route
no ip routing
!
!
!
!
no ip cef
no ip domain lookup
ip name-server 213.234.192.8
ip name-server 85.21.192.3
no ipv6 cef
l2tp-class beeline
receive-window 128
!
!
!
no virtual-template snmp
!
!
license udi pid CISCO881-K9 sn FCZ143393X0
!
!
!
!
pseudowire-class class1
encapsulation l2tpv2
ip local interface FastEthernet4
!
!
!
!
!
interface FastEthernet0
duplex full
speed 100
no cdp enable
!
interface FastEthernet1
shutdown
no cdp enable
!
interface FastEthernet2
shutdown
no cdp enable
!
interface FastEthernet3
shutdown
no cdp enable
!
interface FastEthernet4
description +++ L2TP Provoder +++
ip address dhcp
ip nat outside
ip virtual-reassembly
no ip route-cache
duplex full
speed 100
no cdp enable
!
interface Virtual-PPP1
description --- L2TP virtual ---
ip address negotiated
no ip proxy-arp
ip mtu 1452
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1320
no peer neighbor-route
keepalive 10000
ppp authentication chap callin
ppp chap hostname ***
ppp chap password 0 ***
no cdp enable
pseudowire 85.21.0.239 10 pw-class class1
!
interface Vlan1
description === LAN ===
ip address 192.168.1.100 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 Virtual-PPP1
!
no cdp run

!
!
!
!
!        
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
password ***
login
transport input all
!
scheduler max-task-time 5000
end
------------------------------------------------------------
Melchior#sh ip interface
FastEthernet0 is up, line protocol is up
  Internet protocol processing disabled
FastEthernet1 is administratively down, line protocol is down
  Internet protocol processing disabled
FastEthernet2 is administratively down, line protocol is down
  Internet protocol processing disabled
FastEthernet3 is administratively down, line protocol is down
  Internet protocol processing disabled
FastEthernet4 is up, line protocol is up
  Internet address will be negotiated using DHCP
  Broadcast address is 255.255.255.255
  MTU is 1500 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is disabled
  IP fast switching on the same interface is disabled
  IP Flow switching is disabled
  IP CEF switching is disabled
  IP Null turbo vector
  IP multicast fast switching is disabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are None
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Policy routing is disabled
  Network address translation is enabled, interface in domain outside
  BGP Policy Mapping is disabled
  Input features: Stateful Inspection, Virtual Fragment Reassembly, Virtual Fragment Reassembly After IPSec Decryption, NAT Outside, MCI Check
  Output features: Post-routing NAT Outside, Stateful Inspection
NVI0 is administratively down, line protocol is down
  Internet protocol processing disabled
Virtual-PPP1 is up, line protocol is down
  Internet address will be negotiated using IPCP
  Broadcast address is 255.255.255.255
  MTU is 1452 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is disabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is disabled
  IP fast switching on the same interface is enabled
  IP Flow switching is disabled
  IP CEF switching is disabled
  IP Null turbo vector
  IP Null turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Policy routing is disabled
  Network address translation is enabled, interface in domain outside
  BGP Policy Mapping is disabled
  Input features: Stateful Inspection, Virtual Fragment Reassembly, Virtual Fragment Reassembly After IPSec Decryption, NAT Outside, MCI Check, TCP Adjust MSS
  Output features: Post-routing NAT Outside, Stateful Inspection, TCP Adjust MSS
Vlan1 is up, line protocol is up
  Internet address is 192.168.1.100/24
  Broadcast address is 255.255.255.255
  Address determined by non-volatile memory
  MTU is 1500 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is disabled
  IP fast switching on the same interface is disabled
  IP Flow switching is disabled
  IP CEF switching is disabled
  IP Null turbo vector
  IP Null turbo vector
  IP multicast fast switching is disabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are None
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Policy routing is disabled
  Network address translation is enabled, interface in domain inside
  BGP Policy Mapping is disabled
  Input features: Stateful Inspection, Virtual Fragment Reassembly, Virtual Fragment Reassembly After IPSec Decryption, MCI Check
  Output features: NAT Inside, Stateful Inspection
-------------------------------------------------------------
Melchior#sh vpdn

%No active L2TP tunnels


Содержание

Сообщения в этом обсуждении
"Cisco 881. Не получается подключиться по L2TP к Провайдеру."
Отправлено sat , 01-Окт-10 23:36 
вот кусок моего рабочего конфига, который может помочь разобраться.

l2tp-class corbina
!
pseudowire-class class1
encapsulation l2tpv2
protocol l2tpv2 corbina
ip local interface FastEthernet4
!
interface FastEthernet4
ip address dhcp
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Virtual-PPP1
ip address negotiated
ip access-group FIREWALL in
ip mtu 1460
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1420
no peer neighbor-route
ppp chap hostname *
ppp chap password 7 *
no cdp enable
pseudowire 85.21.0.255 10 pw-class class1
!
ip nat inside source list LAN interface FastEthernet4 overload
ip nat inside source list WAN interface Virtual-PPP1 overload
ip route 0.0.0.0 0.0.0.0 Virtual-PPP1
ip route 10.0.0.0 255.0.0.0 dhcp
ip route 83.102.146.96 255.255.255.224 dhcp
ip route 85.21.29.242 255.255.255.255 dhcp
ip route 85.21.79.0 255.255.255.0 dhcp
ip route 85.21.90.0 255.255.255.0 dhcp
ip route 195.14.50.16 255.255.255.255 dhcp
ip route 85.21.17.253 255.255.255.255 dhcp
ip route 89.179.135.67 255.255.255.255 dhcp
ip route 195.14.50.21 255.255.255.255 dhcp
ip route 195.14.50.1 255.255.255.255 dhcp
ip route 85.21.0.251 255.255.255.255 dhcp
ip route 85.21.0.253 255.255.255.255 dhcp
ip route 172.16.16.0 255.255.255.0 dhcp
ip route 85.21.108.19 255.255.255.255 dhcp
ip route 195.14.50.26 255.255.255.255 dhcp
ip route 85.21.72.83 255.255.255.255 dhcp
ip route 85.21.0.255 255.255.255.255 dhcp

!
ip access-list extended FIREWALL
deny   tcp any eq 139 any
deny   udp any eq netbios-ns any eq netbios-ns
deny   udp any eq netbios-dgm any eq netbios-dgm
deny   udp any eq netbios-ss any eq netbios-ss
deny   udp any any range snmp snmptrap
deny   tcp any any eq 3128
deny   ip 10.0.0.0 0.0.255.255 any
deny   ip 127.0.0.0 0.0.0.255 any
deny   udp any any range 130 140
deny   tcp any any range 130 140
deny   tcp any any eq 8080
permit ip any any
permit udp any any
permit gre any any
permit tcp any any
permit icmp any any
permit pcp any any
permit esp any any
permit ipinip any any
permit nos any any
ip access-list extended LAN
permit ip 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255
permit ip 192.168.1.0 0.0.0.255 83.102.146.0 0.0.0.231
permit ip 192.168.1.0 0.0.0.255 host 85.21.29.242
permit ip 192.168.1.0 0.0.0.255 85.21.79.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 85.21.90.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 host 195.14.50.16
permit ip 192.168.1.0 0.0.0.255 host 195.14.50.26
ip access-list extended WAN
permit ip 192.168.1.0 0.0.0.255 any
!

и хотелось бы увидеть дебаг, что выводится при попытке установки соединения.


"Cisco 881. Не получается подключиться по L2TP к Провайдеру."
Отправлено Balabans , 02-Окт-10 22:01 
По прежнему
Melchior#sh interface virtual-ppp1
Virtual-PPP1 is up, line protocol is down
  Hardware is Virtual PPP interface
  Description: --- L2TP virtual ---
  Internet address will be negotiated using IPCP
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, LCP Closed, loopback not set
  Keepalive set (10000 sec)
  DTR is pulsed for 1 seconds on reset
  Last input never, output never, output hang never
  Last clearing of "show interface" counters 00:07:17
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions

> и хотелось бы увидеть дебаг, что выводится при попытке установки соединения.

Как добраться до дебага?


"Cisco 881. Не получается подключиться по L2TP к Провайдеру."
Отправлено sat , 03-Окт-10 00:24 
>> и хотелось бы увидеть дебаг, что выводится при попытке установки соединения.
> Как добраться до дебага?

debug ppp nego
debug vpdn l2x-errors
debug vpdn l2x-packets

и сюда выложить кусочек, чтобы понятно было почему не устанавливается

ps. прошивкой не поделитесь, если не жалко? на рапиду например, или на почту olegbelkov на gmail.com


"Cisco 881. Не получается подключиться по L2TP к Провайдеру."
Отправлено Fsh , 03-Окт-10 08:55 
> ip source-route
> no ip routing
> !

Для начала:
ip routing
> !
> !
> no ip cef

ip cef


"Cisco 881. Не получается подключиться по L2TP к Провайдеру."
Отправлено Balabans , 03-Окт-10 21:51 
Конфиг немного изменился...
!
! Last configuration change at 15:01:32 MSD Sun Oct 3 2010
!
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime localtime show-timezone
no service password-encryption
!
hostname Melchior
!
boot-start-marker
boot-end-marker
!
logging buffered 4096
no logging console
enable secret 5 ***
enable password ***
!
no aaa new-model
no process cpu extended history
no process cpu autoprofile hog
memory-size iomem 10
clock timezone Moscow 3
clock summer-time MSD recurring last Sun Mar 2:00 last Sun Oct 2:00
no ip source-route
!
!
!
!
ip cef
no ip domain lookup
ip name-server 213.234.192.8
ip name-server 85.21.192.3
ip inspect name InspectRule icmp
ip inspect name InspectRule tcp
ip inspect name InspectRule udp
no ipv6 cef
l2tp-class corbina
!
!
!
no virtual-template snmp
!
!
license udi pid CISCO881-K9 sn FCZ143393X0
!
!
!
!
pseudowire-class class1
encapsulation l2tpv2
protocol l2tpv2 corbina
ip local interface FastEthernet4
!
!
!
!
!
interface Loopback0
ip address 192.168.0.1 255.255.255.0
ip virtual-reassembly
shutdown
!
interface Null0
no ip unreachables
!
interface FastEthernet0
description *** LAN ***
duplex full
speed 100
no cdp enable
spanning-tree portfast
!
interface FastEthernet1
shutdown
no cdp enable
spanning-tree portfast
!
interface FastEthernet2
shutdown
no cdp enable
spanning-tree portfast
!
interface FastEthernet3
shutdown
no cdp enable
spanning-tree portfast
!
interface FastEthernet4
description +++ L2TP Provider +++
ip address dhcp
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex full
speed 100
no cdp enable
!
interface Virtual-PPP1
description --- L2TP virtual ---
ip address negotiated
ip access-group FireVal in
ip mtu 1460
ip nat outside
ip inspect InspectRule in
ip virtual-reassembly
ip tcp adjust-mss 1420
no peer neighbor-route
no keepalive
ppp chap hostname ***
ppp chap password 7 ***
no cdp enable
pseudowire 85.21.0.255 10 pw-class class1
!
interface Vlan1
description === Lan ===
ip address 192.168.1.100 255.255.255.0
ip access-group FireVal in
ip nat inside
ip inspect InspectRule in
ip virtual-reassembly
!
no ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source static udp 192.168.1.11 7476 interface Virtual-PPP1 7476
ip nat inside source static tcp 192.168.1.11 7474 interface Virtual-PPP1 7474
ip nat inside source static udp 192.168.1.11 12966 interface Virtual-PPP1 12966
ip nat inside source list LAN interface FastEthernet4 overload
ip nat inside source list WAN interface Virtual-PPP1 overload
ip route 0.0.0.0 0.0.0.0 Virtual-PPP1
ip route 10.0.0.0 255.0.0.0 dhcp
ip route 83.102.146.96 255.255.255.224 dhcp
ip route 85.21.29.242 255.255.255.255 dhcp
ip route 85.21.79.0 255.255.255.0 dhcp
ip route 85.21.90.0 255.255.255.0 dhcp
ip route 195.14.50.16 255.255.255.255 dhcp
ip route 85.21.17.253 255.255.255.255 dhcp
ip route 89.179.135.67 255.255.255.255 dhcp
ip route 195.14.50.21 255.255.255.255 dhcp
ip route 195.14.50.1 255.255.255.255 dhcp
ip route 85.21.0.251 255.255.255.255 dhcp
ip route 85.21.0.253 255.255.255.255 dhcp
ip route 172.16.16.0 255.255.255.0 dhcp
ip route 85.21.108.19 255.255.255.255 dhcp
ip route 195.14.50.26 255.255.255.255 dhcp
ip route 85.21.72.83 255.255.255.255 dhcp
ip route 85.21.0.255 255.255.255.255 dhcp
!
ip access-list extended FireVal
deny   tcp any eq 139 any
deny   udp any eq netbios-ns any eq netbios-ns
deny   udp any eq netbios-dgm any eq netbios-dgm
deny   udp any eq netbios-ss any eq netbios-ss
deny   udp any any range snmp snmptrap
deny   tcp any any eq 3128
deny   ip 10.0.0.0 0.0.255.255 any
deny   ip 127.0.0.0 0.0.0.255 any
deny   udp any any range 130 140
deny   tcp any any range 130 140
deny   tcp any any eq 8080
permit ip any any
permit udp any any
permit gre any any
permit tcp any any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit pcp any any
permit esp any any
permit ipinip any any
permit nos any any
permit tcp any any eq 7474
permit udp any any eq 7476
permit udp any any eq 12966
deny   ip any any
ip access-list extended LAN
permit ip 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255
permit ip 192.168.1.0 0.0.0.255 83.102.146.0 0.0.0.231
permit ip 192.168.1.0 0.0.0.255 host 85.21.29.242
permit ip 192.168.1.0 0.0.0.255 85.21.79.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 85.21.90.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 host 195.14.50.16
permit ip 192.168.1.0 0.0.0.255 host 195.14.50.26
deny   ip any any
ip access-list extended WAN
permit ip 192.168.1.0 0.0.0.255 any
deny   ip any any
!
logging trap emergencies
logging 192.168.1.11
access-list 115 permit ip 192.168.1.0 0.0.0.255 any
no cdp run

!
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class 115 in
password ***
login
transport input telnet
transport output none
!
scheduler max-task-time 5000
ntp server 207.232.83.70
end
---------------------------------------------------------------
Melchior#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, + - replicated route

Gateway of last resort is 10.73.16.1 to network 0.0.0.0

S*    0.0.0.0/0 [254/0] via 10.73.16.1
      10.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
S        10.0.0.0/8 [1/0] via 10.73.16.1
C        10.73.16.0/21 is directly connected, FastEthernet4
L        10.73.19.232/32 is directly connected, FastEthernet4
      83.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
S        83.102.146.96/27 [1/0] via 10.73.16.1
S        83.102.233.202/32 [254/0] via 10.73.16.1, FastEthernet4
      85.0.0.0/8 is variably subnetted, 9 subnets, 2 masks
S        85.21.0.251/32 [1/0] via 10.73.16.1
S        85.21.0.253/32 [1/0] via 10.73.16.1
S        85.21.0.255/32 [1/0] via 10.73.16.1
S        85.21.17.253/32 [1/0] via 10.73.16.1
S        85.21.29.242/32 [1/0] via 10.73.16.1
S        85.21.72.83/32 [1/0] via 10.73.16.1
S        85.21.79.0/24 [1/0] via 10.73.16.1
S        85.21.90.0/24 [1/0] via 10.73.16.1
S        85.21.108.19/32 [1/0] via 10.73.16.1
      89.0.0.0/32 is subnetted, 1 subnets
S        89.179.135.67 [254/0] via 10.73.16.1
      172.16.0.0/24 is subnetted, 1 subnets
S        172.16.16.0 [1/0] via 10.73.16.1
      192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.1.0/24 is directly connected, Vlan1
L        192.168.1.100/32 is directly connected, Vlan1
      195.14.50.0/32 is subnetted, 4 subnets
S        195.14.50.1 [1/0] via 10.73.16.1
S        195.14.50.16 [1/0] via 10.73.16.1
S        195.14.50.21 [1/0] via 10.73.16.1
S        195.14.50.26 [254/0] via 10.73.16.1
---------------------------------------------------
Melchior#sh vpdn

L2TP Tunnel and Session Information Total tunnels 1 sessions 1

LocTunID   RemTunID   Remote Name   State  Remote Address  Sessn L2TP Class/
                                                           Count VPDN Group
31039      31236      bras255.msk   est    85.21.0.255     1     corbina        

LocID      RemID      TunID      Username, Intf/      State  Last Chg Uniq ID  
                                 Vcid, Circuit                                  
63913      32344      31039      10, Vp1              est    00:00:01 1        
---------------------------------------------------------
Melchior#sh ip int br
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0              unassigned      YES unset  up                    up      
FastEthernet1              unassigned      YES unset  administratively down down    
FastEthernet2              unassigned      YES unset  administratively down down    
FastEthernet3              unassigned      YES unset  administratively down down    
FastEthernet4              10.73.19.232    YES DHCP   up                    up      
Loopback0                  192.168.0.1     YES NVRAM  administratively down down    
NVI0                       unassigned      YES unset  administratively down down    
Virtual-PPP1               unassigned      YES NVRAM  up                    down    
Vlan1                      192.168.1.100   YES NVRAM  up                    up      
-------------------------------------------
Melchior#show ip interface virtual-ppp1
Virtual-PPP1 is up, line protocol is down
  Internet address will be negotiated using IPCP
  Broadcast address is 255.255.255.255
  MTU is 1460 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Outgoing access list is not set
  Inbound  access list is FireVal
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is enabled
  IP fast switching on the same interface is enabled
  IP Flow switching is disabled
  IP CEF switching is enabled
  IP CEF switching turbo vector
  IP Null turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast, CEF
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Policy routing is disabled
  Network address translation is enabled, interface in domain outside
  BGP Policy Mapping is disabled
  Input features: Stateful Inspection, Virtual Fragment Reassembly, Access List, Virtual Fragment Reassembly After IPSec Decryption, NAT Outside, MCI Check, TCP Adjust MSS
  Output features: CCE Output Classification, Post-routing NAT Outside, Stateful Inspection, Firewall (NAT), Firewall (inspect), TCP Adjust MSS
  Inbound inspection rule is InspectRule
----------------------------------------------

Почему интерфейс Virtual-PPP1 теряет адрес ip?

Как через него пойдёт роутинг? (ip route 0.0.0.0 0.0.0.0 Virtual-PPP1)

С интерфейса FastEthernet0 идут пинги в локалку, а с FastEthernet4 пингуются интернет сервера по ip.
------------------------------
Вот дебаг
*Mar  1 00:00:02.667: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = c880-data Next reboot level = advsecurity_npe and License = advsecurity_npe
*Oct  3 17:33:58.051: %IFMGR-7-NO_IFINDEX_FILE: Unable to open nvram:/ifIndex-table No such file or directory
*Oct  3 17:34:15.643: %LINK-3-UPDOWN: Interface FastEthernet4, changed state to up
*Oct  3 17:34:16.587: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
*Oct  3 17:34:16.643: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4, changed state to up
*Oct  3 20:34:18 Moscow: %SYS-6-CLOCKUPDATE: System clock has been updated from 17:34:18 UTC Sun Oct 3 2010 to 20:34:18 Moscow Sun Oct 3 2010, configured from console by console.
*Oct  3 21:34:18 MSD: %SYS-6-CLOCKUPDATE: System clock has been updated from 20:34:18 Moscow Sun Oct 3 2010 to 21:34:18 MSD Sun Oct 3 2010, configured from console by console.
*Oct  3 21:34:19 MSD: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to up
*Oct  3 21:34:20 MSD: %LINK-5-CHANGED: Interface Loopback0, changed state to administratively down
*Oct  3 21:34:20 MSD: %LINK-5-CHANGED: Interface FastEthernet1, changed state to administratively down
*Oct  3 21:34:20 MSD: %LINK-5-CHANGED: Interface FastEthernet2, changed state to administratively down
*Oct  3 21:34:20 MSD: %LINK-5-CHANGED: Interface FastEthernet3, changed state to administratively down
*Oct  3 21:34:21 MSD: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1, changed state to down
*Oct  3 21:34:21 MSD: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet2, changed state to down
*Oct  3 21:34:21 MSD: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet3, changed state to down
*Oct  3 21:34:27 MSD: %SYS-5-CONFIG_I: Configured from memory by console
*Oct  3 21:34:27 MSD: %FW-6-INIT: Firewall inspection startup completed; beginning operation.
*Oct  3 21:34:27 MSD: %LINK-3-UPDOWN: Interface Virtual-PPP1, changed state to up
*Oct  3 21:34:31 MSD: %LINK-5-CHANGED: Interface NVI0, changed state to administratively down
*Oct  3 21:34:31 MSD: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9_NPE-M), Version 15.1(1)T1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Mon 19-Jul-10 07:17 by prod_rel_team
*Oct  3 21:34:31 MSD: %SNMP-5-COLDSTART: SNMP agent on host Melchior is undergoing a cold start
*Oct  3 21:34:32 MSD: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
*Oct  3 21:34:32 MSD: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to down
*Oct  3 21:34:32 MSD: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up
*Oct  3 21:34:41 MSD: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet4 assigned DHCP address 10.73.19.232, mask 255.255.248.0, hostname Melchior
-------------------------------------------


"Cisco 881. Не получается подключиться по L2TP к Провайдеру."
Отправлено Balabans , 04-Окт-10 02:27 
Звонилка...
interface Virtual-PPP1
description --- L2TP virtual ---
ip address negotiated
ip access-group FireVal in
ip mtu 1460
ip nat outside
ip inspect InspectRule in
ip virtual-reassembly
ip tcp adjust-mss 1420
no peer neighbor-route
no keepalive
ppp authentication chap ms-chap ms-chap-v2 callin
ppp chap hostname 0893724777
ppp chap password 7 0893724777
no cdp enable
pseudowire 85.21.0.255 10 pw-class class1
-------------
Строчку ppp authentication chap ms-chap ms-chap-v2 callin
Менял на ppp authentication chap callin
и на пустоту

Всё равно не АУТИНФИЦИРУЕТ!
------------------------------------------
Melchior#debug ppp nego
PPP protocol negotiation debugging is on
Melchior#debug l2tp error
L2TP errors debugging is on
Melchior#debug l2tp packet error
L2TP packet errors debugging is on
Melchior#show logging
Syslog logging: enabled (0 messages dropped, 2 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.

No Inactive Message Discriminator.


    Console logging: level informational, 25 messages logged, xml disabled,
                     filtering disabled
    Monitor logging: level debugging, 0 messages logged, xml disabled,
                     filtering disabled
    Buffer logging:  level debugging, 353 messages logged, xml disabled,
                    filtering disabled
    Exception Logging: size (4096 bytes)
    Count and timestamp logging messages: disabled
    Persistent logging: disabled

No active filter modules.

    Trap logging: level emergencies, 0 message lines logged
        Logging to 192.168.1.11  (udp port 514,  audit disabled,
              authentication disabled, encryption disabled, link down),
              0 message lines logged,
              0 message lines rate-limited,
              0 message lines dropped-by-MD,
              xml disabled, sequence number disabled
              filtering disabled

Log Buffer (4096 bytes):
2:17:16.099: L2TP 00001:08002:0000C5F1: Unknown Cisco AVP 104 in CM CDN
*Oct  3 22:17:16.099: L2TP 00001:08002:0000C5F1:  
*Oct  3 22:17:16.099: Vp1 LCP: Event[CLOSE] State[Stopping to Closing]
*Oct  3 22:17:16.099: Vp1 LCP: Event[DOWN] State[Closing to Initial]
*Oct  3 22:17:16.099: Vp1 PPP: Phase is DOWN
*Oct  3 22:17:20.783: PPP: Alloc Context [84D4A3C8]
*Oct  3 22:17:20.783: ppp1 PPP: Phase is ESTABLISHING
*Oct  3 22:17:20.783: Vp1 PPP: Using default call direction
*Oct  3 22:17:20.783: Vp1 PPP: Treating connection as a dedicated line
*Oct  3 22:17:20.783: Vp1 PPP: Session handle[ED000009] Session id[1]
*Oct  3 22:17:20.783: Vp1 LCP: Event[OPEN] State[Initial to Starting]
*Oct  3 22:17:20.783: Vp1 LCP: O CONFREQ [Starting] id 1 len 15
*Oct  3 22:17:20.783: Vp1 LCP:    AuthProto CHAP (0x0305C22305)
*Oct  3 22:17:20.783: Vp1 LCP:    MagicNumber 0x66F3D30B (0x050666F3D30B)
*Oct  3 22:17:20.783: Vp1 LCP: Event[UP] State[Starting to REQsent]
*Oct  3 22:17:22.771: Vp1 LCP: O CONFREQ [REQsent] id 2 len 15
*Oct  3 22:17:22.771: Vp1 LCP:    AuthProto CHAP (0x0305C22305)
*Oct  3 22:17:22.771: Vp1 LCP:    MagicNumber 0x66F3D30B (0x050666F3D30B)
*Oct  3 22:17:22.771: Vp1 LCP: Event[Timeout+] State[REQsent to REQsent]
*Oct  3 22:17:22.771: Vp1 LCP: I CONFREQ [REQsent] id 1 len 19
*Oct  3 22:17:22.771: Vp1 LCP:    MRU 1460 (0x010405B4)
*Oct  3 22:17:22.771: Vp1 LCP:    AuthProto CHAP (0x0305C22305)
*Oct  3 22:17:22.771: Vp1 LCP:    MagicNumber 0xEB87DDEC (0x0506EB87DDEC)
*Oct  3 22:17:22.771: Vp1 LCP: O CONFNAK [REQsent] id 1 len 8
*Oct  3 22:17:22.771: Vp1 LCP:    MRU 1500 (0x010405DC)
*Oct  3 22:17:22.771: Vp1 LCP: Event[Receive ConfReq-] State[REQsent to REQsent]
*Oct  3 22:17:22.771: Vp1 LCP: I CONFACK [REQsent] id 2 len 15
*Oct  3 22:17:22.771: Vp1 LCP:    AuthProto CHAP (0x0305C22305)
*Oct  3 22:17:22.771: Vp1 LCP:    MagicNumber 0x66F3D30B (0x050666F3D30B)
*Oct  3 22:17:22.771: Vp1 LCP: Event[Receive ConfAck] State[REQsent to ACKrcvd]
*Oct  3 22:17:22.775: Vp1 LCP: I CONFREQ [ACKrcvd] id 2 len 19
*Oct  3 22:17:22.779: Vp1 LCP:    MRU 1500 (0x010405DC)
*Oct  3 22:17:22.779: Vp1 LCP:    AuthProto CHAP (0x0305C22305)
*Oct  3 22:17:22.779: Vp1 LCP:    MagicNumber 0xEB87DDEC (0x0506EB87DDEC)
*Oct  3 22:17:22.779: Vp1 LCP: O CONFACK [ACKrcvd] id 2 len 19
*Oct  3 22:17:22.779: Vp1 LCP:    MRU 1500 (0x010405DC)
*Oct  3 22:17:22.779: Vp1 LCP:    AuthProto CHAP (0x0305C22305)
*Oct  3 22:17:22.779: Vp1 LCP:    MagicNumber 0xEB87DDEC (0x0506EB87DDEC)
*Oct  3 22:17:22.779: Vp1 LCP: Event[Receive ConfReq+] State[ACKrcvd to Open]
*Oct  3 22:17:22.791: Vp1 PPP: Queue CHAP code[1] id[1]
*Oct  3 22:17:22.803: Vp1 PPP: Phase is AUTHENTICATING, by both
*Oct  3 22:17:22.803: Vp1 CHAP: O CHALLENGE id 1 len 31 from "*******"
*Oct  3 22:17:22.803: Vp1 CHAP: Redirect packet to Vp1
*Oct  3 22:17:22.803: Vp1 CHAP: I CHALLENGE id 1 len 32 from "bras255.msk"
*Oct  3 22:17:22.803: Vp1 LCP: State is Open
*Oct  3 22:17:22.803: Vp1 CHAP: Using hostname from interface CHAP
*Oct  3 22:17:22.803: Vp1 CHAP: Using password from interface CHAP
*Oct  3 22:17:22.803: Vp1 CHAP: O RESPONSE id 1 len 31 from "*******"
*Oct  3 22:17:22.815: Vp1 CHAP: I FAILURE id 1 len 25 msg is "Authentication failed"
*Oct  3 22:17:22.815: Vp1 PPP DISC: We failed authentication
*Oct  3 22:17:22.815: Vp1 LCP: I TERMREQ [Open] id 3 len 4
*Oct  3 22:17:22.815: Vp1 LCP: O TERMACK [Open] id 3 len 4
*Oct  3 22:17:22.815: Vp1 LCP: Event[Receive TermReq] State[Open to Stopping]
*Oct  3 22:17:22.815: Vp1 PPP: Phase is TERMINATING
*Oct  3 22:17:22.819: L2TP       _____:________: ERROR: CDN AVP 46, vendor 0: unknown
*Oct  3 22:17:22.819: L2TP 00001:08002:00006415: Unknown IETF AVP 46 in CM CDN
*Oct  3 22:17:22.819: L2TP       _____:________: ERROR: CDN AVP 104, vendor 9: unknown
*Oct  3 22:17:22.819: L2TP 00001:08002:00006415: Unknown Cisco AVP 104 in CM CDN
*Oct  3 22:17:22.823: L2TP 00001:08002:00006415:  
*Oct  3 22:17:22.823: Vp1 LCP: Event[CLOSE] State[Stopping to Closing]
*Oct  3 22:17:22.823: Vp1 LCP: Event[DOWN] State[Closing to Initial]
*Oct  3 22:17:22.823: Vp1 PPP: Phase is DOWN