-= L2VPN rack connection problem ?!? =-

Hello guys,

I am trying for the first time to install my part of rack for connecting to INE Voice racks. My setup consists of : 1x7960, 5x7961, 1x2811,1x3550 poe switch.

I have to tell you from the start that I have a session scheduled for tomorow, but I was doing some testing now also.

Here is what I have now :

Router#sh crypto ipsec client ezvpn
Easy VPN Remote Phase: 8

Tunnel name : INEVORACK
Inside interface list: FastEthernet0/0.102, Loopback0
Outside interface: FastEthernet0/0.101
Current State: READY
Last Event: CONN_DOWN
Save Password: Disallowed
Current EzVPN Peer: 75.140.41.126

Should the server respond to my pings ? Cause it's not :

Router#ping 75.140.41.126

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 75.140.41.126, timeout is 2 seconds:
....
Success rate is 0 percent (0/4)

And I am getting this messages (obviously) :

*Jul 22 19:02:29.611: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client)  User=  Group=vorack11  Client_public_addr=10.10.45.234  Server_public_addr=75.140.41.126

When scheduling, I got vorack11, so I edited the config corespondingly (Or I think so :) ).

To be honest, I didn't understand what to do next, after editing the configs for my sw and router, depending on the voice rack I get when scheduling. I will post my configs below, but please tell me what I should do next, if the vpn is ok. Is there anything I should test or if the vpn is ok then shouldn't I have connectivity to r1,r2,r3,sw1,sw2 and servers ? (I think this is the way it should be, isn't it ?)

Here are my router and switch configs :

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2012.07.22 22:09:17 =~=~=~=~=~=~=~=~=~=~=~=
sh run
Building configuration...

Current configuration : 2727 bytes
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot system flash
boot system flash c2800nm-adventerprisek9-mz.124-22.YB8.bin
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
!
dot11 syslog
ip source-route
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.10.1 192.168.10.10
!
ip dhcp pool INE-VORACK-DHCP
   import all
   network 192.168.10.0 255.255.255.0
   default-router 192.168.10.1
   dns-server 8.8.8.8 4.2.2.2
   lease 7
!
!
no ip domain lookup
ip domain name ine.com
no ipv6 cef
l2tp-class INE-VOICE-L2TP-CLASS
 authentication
 password 7 094F471A1A0A57
 cookie size 4
!
multilink bundle-name authenticated
!
voice-card 0
!
username admin privilege 15 password 0 ciscoine
archive
 log config
  hidekeys
!
!
!
!
crypto ipsec client ezvpn INEVORACK
 connect auto
 group vorack11 key xxxxxx  ! (real password output omitted !)
 mode network-extension
 peer 75.140.41.126
 xauth userid mode interactive
!
pseudowire-class QinQ-XCONNECT
 encapsulation l2tpv3
 protocol l2tpv3 INE-VOICE-L2TP-CLASS
 ip local interface Loopback0
 ip pmtu
!
interface Loopback0
 ip address 177.177.177.1 255.255.255.255
 crypto ipsec client ezvpn INEVORACK inside
!
interface FastEthernet0/0
 description *** Internet and Study Computer - CONNECT to SWITCHPORT Fa0/23 *** 
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/0.101
 description *** Public Outside Internet DHCP Sub-Interface ***
 encapsulation dot1Q 101
 ip address dhcp
 no ip unreachables
 ip nat outside
 ip virtual-reassembly
 crypto ipsec client ezvpn INEVORACK
!
interface FastEthernet0/0.102
 description *** Connect to Switch for both Internet and Study Computer *** 
 encapsulation dot1Q 102
 ip address 192.168.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 crypto ipsec client ezvpn INEVORACK inside
!
interface FastEthernet0/1
 description *** Inside Layer 2 Switched Interface - CONNECT to SWITCHPORT Fa0/24 *** 
 mtu 1508
 no ip address
 duplex auto
 speed auto
 dot1q tunneling ethertype 0x9100
 xconnect 177.177.177.2 123 pw-class QinQ-XCONNECT
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 dhcp
no ip http server
no ip http secure-server
!
!
!
ip access-list extended NAT
 deny   ip 192.168.10.0 0.0.0.255 177.0.0.0 0.255.255.255
 permit ip 192.168.10.0 0.0.0.255 any
!
control-plane
!
!
ccm-manager fax protocol cisco
!
mgcp fax t38 ecm
!
line con 0
line aux 0
line vty 0 4
 login local
 transport input ssh
line vty 5 15
 login local
 transport input ssh
!
scheduler allocate 20000 1000
end

Router#

**********************************************************

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2012.07.22 22:16:35 =~=~=~=~=~=~=~=~=~=~=~=

Switch#sh run
Building configuration...

Current configuration : 6850 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
!
ip subnet-zero
!
vtp mode transparent
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan 101
name Internet
!
vlan 102
 name Computer
!
vlan 2011
 name VORack01-CorpHQ-Ph1
!
vlan 2012
 name VORack01-CorpHQ-Ph2
!
vlan 2013
 name VORack01-PSTN-Ph
!
vlan 2014
 name VORack01-Branch1-Ph1
!
vlan 2015
 name VORack01-Branch2-Ph1
!
vlan 2016
 name VORack01-Branch2-Ph2
!
 vlan 2021
 name VORack02-CorpHQ-Ph1
!
vlan 2022
 name VORack02-CorpHQ-Ph2
!
vlan 2023
 name VORack02-PSTN-Ph
!
vlan 2024
 name VORack02-Branch1-Ph1
!
vlan 2025
 name VORack02-Branch2-Ph1
!
vlan 2026
 name VORack02-Branch2-Ph2
!
vlan 2031
 name VORack03-CorpHQ-Ph1
!
vlan 2032
 name VORack03-CorpHQ-Ph2
!
vlan 2033
 name VORack03-PSTN-Ph
!
vlan 2034
 name VORack03-Branch1-Ph1
!
vlan 2035
 name VORack03-Branch2-Ph1
!
vlan 2036
 name VORack03-Branch2-Ph2
!
vlan 2041
 name VORack04-CorpHQPh1
!
vlan 2042
 name VORack04-CorpHQ-Ph2
!
vlan 2043
 name VORack04-PSTN-Ph
!
vlan 2044
 name VORack04-Branch1-Ph1
!
vlan 2045
 name VORack04-Branch2-Ph1
!
vlan 2046
 name VORack04-Branch2-Ph2
!
vlan 2051
 name VORack05-CorpHQ-Ph1
!
vlan 2052
 name VORack05-CorpHQ-Ph2
!
vlan 2053
 name VORack05-PSTN-Ph
!
vlan 2054
 name VORack05-Branch1-Ph1
!
vlan 2055
 name VORack05-Branch2-Ph1
!
vlan 2056
 name VORack05-Branch2-Ph2
!
vlan 2061
 name VORack06-CorpHQ-Ph1
!
vlan 2062
 name VORack06-CorpHQ-Ph2
!
vlan 2063
 name VORack06-PSTN-Ph
!
vlan 2064
 name VORack06-Branch1-Ph1
!
vlan 2065
 name VORack06-Branch2-Ph1
!
vlan 2066
 name VORack06-Branch2-Ph2
!
vlan 2071
 name VORack07-CorpHQ-Ph1
!
vlan 2072
 name VORack07-CorpHQ-Ph2
!
vlan 2073
 name VORack07-PSTN-Ph
!
vlan 2074
 name VORack07-Branch1-Ph1
!
vlan 2075
 name VORack07-Branch2-Ph1
!
vlan 2076
 name VORack07-Branch2-Ph2
!
vlan 2081
 name VORack08-CorpHQ-Ph1
!
vlan 2082
 name VORack08-CorpHQ-Ph2
!
vlan 2083
 name VORack08-PSTN-Ph
!
vlan 2084
 name VORack08-Branch1-Ph1
!
vlan 2085
 name VORack08-Branch2-Ph1
!
vlan 2086
 name VORack08-Branch2-Ph2
!
vlan 2091
 name VORack09-CorpHQ-Ph1
!
vlan 2092
 name VORack09-CorpHQ-Ph2
!
vlan 2093
 name VORack09-PSTN-Ph
!
vlan 2094
 name VORack09-Branch1-Ph1
!
vlan 2095
 name VORack09-Branch2-Ph1
!
vlan 2096
 name VORack09-Branch2-Ph2
!
vlan 2101
 name VORack10-CorpHQ-Ph1
!
vlan 2102
 name VORack10-CorpHQ-Ph2
!
vlan 2103
 name VORack10-PSTN-Ph
!
vlan 2104
 name VORack10-Branch1-Ph1
!
vlan 2105
 name VORack10-Branch2-Ph1
!
vlan 2106
 name VORack10-Branch2-Ph2
!
vlan 2111
 name VORack11-CorpHQ-Ph1
!
vlan 2112
 name VORack11-CorpHQ-Ph2
!
vlan 2113
 name VORack11-PSTN-Ph
!
vlan 2114
 name VORack11-Branch1-Ph1
!
vlan 2115
 name VORack11-Branch2-Ph1
!
vlan 2116
 name VORack11-Branch2-Ph2
!
vlan 2121
 name VORack12-CorpHQ-Ph1
!
vlan 2122
 name VORack12-CorpHQ-Ph2
!
vlan 2123
 name VORack12-PSTN-Ph
!
vlan 2124
 name VORack12-Branch1-Ph1
!
vlan 2125
 name VORack12-Branch2-Ph1
!
vlan 2126
 name VORack12-Branch2-Ph2
!
vlan 2511
 name VORack51-CorpHQ-Ph1
!
vlan 2512
 name VORack51-CorpHQ-Ph2
!
vlan 2513
 name VORack51-PSTN-Ph
!
vlan 2514
 name VORack51-Branch1-Ph1
!
vlan 2515
 name VORack51-Branch2-Ph1
!
vlan 2516
 name VORack51-Branch2-Ph2
!
vlan 2521
 name VORack52-CorpHQ-Ph1
!
vlan 2522
 name VORack52-CorpHQ-Ph2
!
vlan 2523
 name VORack52-PSTN-Ph
!
vlan 2524
 name VORack52-Branch1-Ph1
!
vlan 2525
 name VORack52-Branch2-Ph1
!
vlan 2526
 name VORack52-Branch2-Ph2
!
!
interface FastEthernet0/1
 description == Connected to Customer CorpHQ Phone 1
 switchport access vlan 2111
 switchport mode dot1q-tunnel
 l2protocol-tunnel cdp
 l2protocol-tunnel stp
 l2protocol-tunnel vtp
 spanning-tree bpdufilter enable
!
interface FastEthernet0/2
 description == Connected to Customer CorpHQ Phone 2
 switchport access vlan 2112
 switchport mode dot1q-tunnel
 l2protocol-tunnel cdp
 l2protocol-tunnel stp
 l2protocol-tunnel vtp
 no cdp enable
 spanning-tree bpdufilter enable
!
interface FastEthernet0/3
 description == Connected to Customer PSTN Phone
 switchport access vlan 2113
 switchport mode dot1q-tunnel
 l2protocol-tunnel cdp
 l2protocol-tunnel stp
 l2protocol-tunnel vtp
!
interface FastEthernet0/4
 description == Connected to Customer Branch 1 Phone 1
 switchport access vlan 2114
 switchport mode dot1q-tunnel
 l2protocol-tunnel cdp
 l2protocol-tunnel stp
 l2protocol-tunnel vtp
 no cdp enable
 spanning-tree bpdufilter enable
!
interface FastEthernet0/5
 description == Connected to Customer Branch 2 Phone 1
 switchport access vlan 2115
 switchport mode dot1q-tunnel
 l2protocol-tunnel cdp
 l2protocol-tunnel stp
 l2protocol-tunnel vtp
 no cdp enable
 spanning-tree bpdufilter enable
!
interface FastEthernet0/6
 description == Connected to Customer Branch 2 Phone 2
 switchport access vlan 2116
 switchport mode dot1q-tunnel
 l2protocol-tunnel cdp
 l2protocol-tunnel stp
 l2protocol-tunnel vtp
 no cdp enable
 spanning-tree bpdufilter enable
!
interface FastEthernet0/7
 switchport mode dynamic desirable
!
interface FastEthernet0/8
 switchport mode dynamic desirable
!
interface FastEthernet0/9
 switchport mode dynamic desirable
!
interface FastEthernet0/10
 switchport mode dynamic desirable
!
interface FastEthernet0/11
 switchport mode dynamic desirable
!
interface FastEthernet0/12
 switchport mode dynamic desirable
!
interface FastEthernet0/13
 switchport mode dynamic desirable
!
interface FastEthernet0/14
 switchport mode dynamic desirable
!
interface FastEthernet0/15
 switchport mode dynamic desirable
!
interface FastEthernet0/16
 switchport mode dynamic desirable
!
interface FastEthernet0/17
 switchport mode dynamic desirable
!
interface FastEthernet0/18
 switchport mode dynamic desirable
!
interface FastEthernet0/19
 switchport mode dynamic desirable
!
interface FastEthernet0/20
 switchport mode dynamic desirable
!
interface FastEthernet0/21
 description == Connected to Customer Internet
 switchport access vlan 101
 switchport mode access
 no cdp enable
!
interface FastEthernet0/22
 description == Connected to Customer Computer
 switchport access vlan 102
 switchport mode access
!
interface FastEthernet0/23
 description == Connected to Customer Router Fa0/0 for Internet and Computer
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 101,102
 switchport mode trunk
!
interface FastEthernet0/24
 description == Connected to Customer Router Fa0/1 for L2TPv3
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2999
 switchport trunk allowed vlan 2000-2999
 switchport mode trunk
!
interface GigabitEthernet0/1
 switchport mode dynamic desirable
!
interface GigabitEthernet0/2
 switchport mode dynamic desirable
!
interface Vlan1
 no ip address
 shutdown
!
ip classless
ip http server
!
!
line con 0
line vty 0 4
 login
line vty 5 15
 login
!
!
end

Switch#

Please guide me on setting my side as I want to start my studies on deepdive modules next week ! [:)]

I hope I've pasted all the output needed and ...thanks guys !

Waiting for your reply !

Kind Regards,

Ciprian.

 

Comments

  • Hi Ciprian, your configuration looks very much okay. But I guess you can't connect to rack before your scheduled time. And, the server 75.140.41.126 replies well for ping (I have just tested from my laptop) - maybe some internet access issue there!

    All the best!

  • hi,

    i tried pinging from the router side. the questions was, should it respond to ping ifnot within rack s heduled time ? if so , what to check nwxt ?

    also, i asked, is there anything to do after this problem is solved or i should have conn. to all equipments and servers ?

    thanks,

    Ciprian

  • Hi Ciprian,

    As we can ping that IP from anywhere, maybe also from your laptop, so it should respond back from inside the router too - anytime.

    After you can connect the L2VPN tunnel you will be able to ping the site routers and servers, your switch configuration seems okay to connect with vorack11 so I don't think you will face any challenge further. :)

    However, post here if you still face any issue.

  • Hi Mijanur,

    Just realized that my internet conn is broadband pppoe. Guess what, no pppoe conn., no internet ! :D

    I will ask my friend "google" if it knows anything about ppope accounts and come back with a review.

    Thanks, Ciprian.

     

  • Hi,

    STill not working! I am in the time slot now on rack rental; I configured pppoe on the router, I can ping the server now but no VPN.

    I have added the following to my router config :

    ! To sub interf fa 0/0.101
    pppoe enable
    pppoe-client dial-pool-number 1


    ------------------------

    interface Dialer1         
    mtu 1508
    ip address negotiated
    ip nat outside              
    ip virtual-reassembly
    encapsulation ppp
    ip tcp adjust-mss 1452
    dialer pool 1
    dialer-group 1
    ppp pap sent-username PH12590882 password 123456
    ppp ipcp dns request

    -----------------------

    ip route 0.0.0.0 0.0.0.0 Dialer1   #default route

    ------------------------------------------------------------------------------------------------

    Here are some debugs on the router :


    Router#show crypto ipsec client ezvpn

    Easy VPN Remote Phase: 8

     

    Tunnel name : INEVORACK

    Inside interface list: FastEthernet0/0.102, Loopback0

    Outside interface: FastEthernet0/0.101

    Current
    State: READY

    Last Event: CONN_DOWN

    Save Password: Disallowed

    Current EzVPN Peer: 75.140.41.126

     

    Router#show l2tun

     

    %No active L2TP tunnels

     

    Router#show crypto ipsec sa

     

    No SAs found

     

    Debugs :

     

    Router#debug crypto isakmp

    Crypto ISAKMP debugging is on

    Router#debug crypto ipsec

    Crypto IPSEC debugging is on

    Router#debug l2tun

                    ^

    % Invalid input detected at '^' marker.

     

    Router#debug xconnect

    *Jul 23 17:24:40.667: ISAKMP:(0): retransmitting phase 1
    AG_INIT_EXCH...

    *Jul 23 17:24:40.667: ISAKMP (0): incrementing error counter
    on sa, attempt 2 of 5: retransmit phase 1

    *Jul 23 17:24:40.667: ISAKMP:(0): retransmitting phase 1
    AG_INIT_EXCH

    *Jul 23 17:24:40.667: ISAKMP:(0): sending packet to
    75.140.41.126 my_port 500 peer_port 500 (I) AG_INIT_EXCH

    *Jul 23 17:24:40.667: ISAKMP:(0):Sending an IKE IPv4 Packet.

    % Incomplete command.

     

    Router#debug xconnect ?

      error  Xconnect authorization errors

      event  Xconnect authorization events

     

    Router#debug xconnect err

    Xconnect author errors debugging is on

    Router#

    *Jul 23 17:24:50.667: ISAKMP:(0): retransmitting phase 1
    AG_INIT_EXCH...

    *Jul 23 17:24:50.667: ISAKMP (0): incrementing error counter
    on sa, attempt 3 of 5: retransmit phase 1

    *Jul 23 17:24:50.667: ISAKMP:(0): retransmitting phase 1
    AG_INIT_EXCH

    *Jul 23 17:24:50.667: ISAKMP:(0): sending packet to
    75.140.41.126 my_port 500 peer_port 500 (I) AG_INIT_EXCH

    *Jul 23 17:24:50.667: ISAKMP:(0):Sending an IKE IPv4 Packet.debug
    xconnect eve

    Xconnect author events debugging is on

    Router#

    *Jul 23 17:25:00.667: ISAKMP:(0): retransmitting phase 1
    AG_INIT_EXCH...

    *Jul 23 17:25:00.667: ISAKMP (0): incrementing error counter
    on sa, attempt 4 of 5: retransmit phase 1

    *Jul 23 17:25:00.667: ISAKMP:(0): retransmitting phase 1
    AG_INIT_EXCH

    *Jul 23 17:25:00.667: ISAKMP:(0): sending packet to
    75.140.41.126 my_port 500 peer_port 500 (I) AG_INIT_EXCH

    *Jul 23 17:25:00.667: ISAKMP:(0):Sending an IKE IPv4 Packet.

    *Jul 23 17:25:00.955: XC L2TP: Received L2TUN socket message
    <CDN - Session Disconnected>

    *Jul 23 17:25:00.959: XC L2TP: uid:1[177.177.177.2/123]
    Event <CDN - L2TUN Socket Session Disconnected>, state Connecting ->
    Connecting

    *Jul 23 17:25:00.959: XC L2TP: uid:1[177.177.177.2/123]
    Event <Start Connect Timer>, state Connecting -> Waiting for timer to
    connect

    *Jul 23 17:25:00.959: XC L2TP: uid:1[177.177.177.2/123]   with 50% jitter

    Router#

    Router#

    Router#

    Router#

    Router#

    Router#

    Router#

    *Jul 23 17:25:10.667: ISAKMP:(0): retransmitting phase 1
    AG_INIT_EXCH...

    *Jul 23 17:25:10.667: ISAKMP (0): incrementing error counter
    on sa, attempt 5 of 5: retransmit phase 1

    *Jul 23 17:25:10.667: ISAKMP:(0): retransmitting phase 1
    AG_INIT_EXCH

    *Jul 23 17:25:10.667: ISAKMP:(0): sending packet to
    75.140.41.126 my_port 500 peer_port 500 (I) AG_INIT_EXCH

    *Jul 23 17:25:10.667: ISAKMP:(0):Sending an IKE IPv4 Packet.

    *Jul 23
    17:25:19.419: ISAKMP:(0):purging SA., sa=49CABCFC, delme=49CABCFC

    *Jul 23 17:25:20.667: ISAKMP:(0): retransmitting phase 1
    AG_INIT_EXCH...

    *Jul 23 17:25:20.667: ISAKMP:(0):peer does not do paranoid
    keepalives.

     

    *Jul 23 17:25:20.667: ISAKMP:(0):deleting SA reason
    "Death by retransmission P1" state (I) AG_INIT_EXCH (peer
    75.140.41.126)

    *Jul 23 17:25:20.667: %CRYPTO-6-EZVPN_CONNECTION_DOWN:
    (Client)  User=  Group=vorack11  Client_public_addr=10.10.45.234  Server_public_addr=75.140.41.126

    *Jul 23 17:25:20.667: ISAKMP:isadb_key_addr_delete: no key
    for address 75.140.41.126 (NULL root)

    *Jul 23 17:25:20.667: ISAKMP:(0):deleting SA reason
    "Death by retransmission P1" state (I) AG_INIT_EXCH (peer
    75.140.41.126)

    *Jul 23 17:25:20.667: ISAKMP: Unlocking peer struct
    0x49EDCBA8 for isadb_mark_sa_deleted(), count 0

    *Jul 23 17:25:20.667: ISAKMP: Deleting peer node by
    peer_reap for 75.140.41.126: 49EDCBA8

    *Jul 23 17:25:20.667: ISAKMP:(0):Input = IKE_MESG_INTERNAL,
    IKE_PHASE1_DEL

    *Jul 23 17:25:20.667: ISAKMP:(0):Old State
    = IKE_I_AM1  New State = IKE_DEST_SA

     

    *Jul 23 17:25:20.671: IPSEC(key_engine): got a queue event
    with 1 KMI message(s)

    *Jul 23 17:25:22.355: del_node src 10.10.45.234:500 dst
    75.140.41.126:500 fvrf 0x0, ivrf 0x0

    *Jul 23 17:25:22.355: ISAKMP:(0):peer does not do paranoid
    keepalives.

     

    *Jul 23 17:25:22.355: IPSEC(key_engine): got a queue event
    with 1 KMI message(s)

    *Jul 23 17:25:22.355: ISAKMP:(0): SA request profile is
    (NULL)

    *Jul 23 17:25:22.355: ISAKMP: Created a peer struct for
    75.140.41.126, peer port 500

    *Jul 23 17:25:22.355: ISAKMP: New peer created peer =
    0x49EDCBA8 peer_handle = 0x80000012

    *Jul 23 17:25:22.355: ISAKMP: Locking peer struct
    0x49EDCBA8, refcount 1 for isakmp_initiator

    *Jul 23 17:25:22.355: ISAKMP:(0):Setting client config
    settings 49EDD2C0

    *Jul 23 17:25:22.355: ISAKMP: local port 500, remote port
    500

    *Jul 23 17:25:22.359: ISAKMP: Find a dup sa in the avl tree
    during calling isadb_insert sa = 49CABCFC

    *Jul 23 17:25:22.359: ISAKMP:(0): client mode configured.

    *Jul 23 17:25:22.359: ISAKMP:(0): constructed NAT-T
    vendor-rfc3947 ID

    *Jul 23 17:25:22.359: ISAKMP:(0): constructed NAT-T
    vendor-07 ID

    *Jul 23 17:25:22.359: ISAKMP:(0): constructed NAT-T
    vendor-03 ID

    *Jul 23 17:25:22.359: ISAKMP:(0): constructed NAT-T
    vendor-02 ID

    *Jul 23 17:25:22.359: ISKAMP: growing send buffer from 1024
    to 3072

    *Jul 23 17:25:22.359: ISAKMP:(0):SA is doing pre-shared key
    authentication plus XAUTH using id type ID_KEY_ID

    *Jul 23 17:25:22.359: ISAKMP (0): ID payload

            next-payload :
    13

            type         : 11

            group id     : vorack11

            protocol     : 17

            port         : 0

            length       : 16

    *Jul 23 17:25:22.359: ISAKMP:(0):Total payload length: 16

    *Jul 23 17:25:22.359: ISAKMP:(0):Input =
    IKE_MESG_FROM_IPSEC, IKE_SA_REQ_AM

    *Jul 23 17:25:22.359: ISAKMP:(0):Old State
    = IKE_READY  New State = IKE_I_AM1

     

    *Jul 23 17:25:22.359: ISAKMP:(0): beginning Aggressive Mode
    exchange

    *Jul 23 17:25:22.359: ISAKMP:(0): sending packet to
    75.140.41.126 my_port 500 peer_port 500 (I) AG_INIT_EXCH

    *Jul 23 17:25:22.363: ISAKMP:(0):Sending an IKE IPv4
    Packet.un all

    All possible debugging has been turned off

     

     

    Router#debug l2tp all

    L2TP most commonly used debugs debugging is on

    Router#

    *Jul 23 17:26:10.675: L2X 
    00001:_____:________: APP->L2TP: Session reopen,

    *Jul 23 17:26:10.675: L2X 
    00001:_____:________:           
    sock 0xCC000001

    *Jul 23 17:26:10.675: L2X 
    00001:_____:________:           
    serv 0x00000000

    *Jul 23 17:26:10.675: L2X 
    00001:_____:________:           
    data 0x497E105C[92]

    *Jul 23 17:26:10.675: L2X 
    00001:_____:________:

    *Jul 23 17:26:10.675: L2TP 00001:_____:________: Create
    session

    *Jul 23 17:26:10.675: L2TP 00001:_____:________:   App type set to XCONNECT

    *Jul 23 17:26:10.675: L2TP 00001:_____:________:   Need cc version: Cisco-V3

    *Jul 23 17:26:10.679: L2TP 00001:_____:________:   Session classname INE-VOICE-L2TP-CLASS

    *Jul 23 17:26:10.679: L2TP 00001:_____:________:   L2TPoIP session needed between

    *Jul 23 17:26:10.679: L2TP 00001:_____:________:    
    177.177.177.1:31992<->177.177.177.2:18861

    *Jul 23 17:26:10.679: L2TP 00001:_____:________:   Using ICRQ FSM

    *Jul 23 17:26:10.679: L2TP 00001:_____:________:     remote ip set to 177.177.177.2

    *Jul 23 17:26:10.679: L2TP 00001:_____:________:     local ip set to 177.177.177.1

    *Jul 23 17:26:10.679: L2TP 00001:_____:________: cc 4 byte
    cookies enabled

    *Jul 23 17:26:10.679: L2TP 00001:_____:________:   via l2tp class INE-VOICE-L2TP-CLASS

    *Jul 23 17:26:10.679: L2TP 00001:_____:________: no session
    cfg cookie set, use cc

    *Jul 23 17:26:10.679: L2TP 00001:_____:________: 4 byte
    cookies enabled

    *Jul 23 17:26:10.679: L2TP 00001:_____:________: FSM-Sn ev
    App-Conn

    *Jul 23 17:26:10.679: L2TP 00001:_____:________: FSM-Sn    Idle->Wt-CC

    *Jul 23 17:26:10.679: L2TP 00001:_____:________: FSM-Sn do
    App-Connect

    *Jul 23 17:26:10.679: L2TP 00001:_____:________: Find or
    create cc for session

    *Jul 23 17:26:10.679: L2TP       _____:________: Find cc between

    *Jul 23 17:26:10.679: L2TP       _____:________:   177.177.177.1<->177.177.177.2

    *Jul 23 17:26:10.679: L2TP       _____:________:   with class: INE-VOICE-L2TP-CLASS

    *Jul 23 17:26:10.679: L2TP       _____:________:   and IP proto: L2TPoIP

    *Jul 23 17:26:10.679: L2TP       _____:________:   and framing type: none

    *Jul 23 17:26:10.679: L2TP       _____:________:   and bearer type: none

    *Jul 23 17:26:10.679: L2TP  
        _____:________:   and version: Cisco-V3

    *Jul 23 17:26:10.679: L2TP       _____:________:   and local hostname: Router

    *Jul 23 17:26:10.679: L2TP       _____:________: Need to instigate
    control channel

    *Jul 23 17:26:10.683: L2X 
    tnl   01039:________: Create
    logical tunnel

    *Jul 23 17:26:10.683: L2TP tnl   01039:________: Create tunnel

    *Jul 23 17:26:10.683: L2TP tnl   01039:________:     version set to Cisco-V3

    *Jul 23 17:26:10.687: L2TP tnl   01039:________:     remote ip set to 177.177.177.2

    *Jul 23 17:26:10.687: L2TP tnl   01039:________:     local ip set to 177.177.177.1

    *Jul 23 17:26:10.691: L2TP tnl   01039:00006DC8:     class name INE-VOICE-L2TP-CLASS

    *Jul 23 17:26:10.691: L2TP tnl   01039:00006DC8: FSM-CC ev Session-Conn

    *Jul 23 17:26:10.691: L2TP tnl   01039:00006DC8: FSM-CC    Idle->Wt-Sock

    *Jul 23 17:26:10.691: L2TP tnl   01039:00006DC8: FSM-CC do Session-Conn-Sock

    *Jul 23 17:26:10.691: L2TP tnl   01039:00006DC8:   Session count now 1

    *Jul 23 17:26:10.691: L2TP tnl   01039:00006DC8:   XCONNECT Session count now 1

    *Jul 23 17:26:10.691: L2TP tnl   01039:00006DC8:   Session PMTU count now 1

    *Jul 23 17:26:10.695: L2TP tnl   01039:00006DC8: Open sock
    177.177.177.1:0->177.177.177.2:0

    *Jul 23 17:26:10.695: L2TP tnl   01039:00006DC8: FSM-CC ev Sock-Ready

    *Jul 23 17:26:10.695: L2TP tnl   01039:00006DC8: FSM-CC    Wt-Sock->Wt-SCCRP

    *Jul 23 17:26:10.695: L2TP tnl   01039:00006DC8: FSM-CC do Tx-SCCRQ

    *Jul 23 17:26:10.699: L2TP tnl   01039:00006DC8:

    *Jul 23 17:26:10.699: L2TP tnl   01039:00006DC8: O SCCRQ to 177.177.177.2

    *Jul 23 17:26:10.699: L2TP tnl   01039:00006DC8:  IETF v2:

    *Jul 23 17:26:10.699: L2TP tnl   01039:00006DC8:   Protocol Version  1, Revision 0

    *Jul 23 17:26:10.699: L2TP tnl   01039:00006DC8:   Framing Cap       none(0x0)

    *Jul 23 17:26:10.699: L2TP tnl   01039:00006DC8:   Tie Breaker

    *Jul 23 17:26:10.703: L2TP tnl   01039:00006DC8:     9920198418538540963

    *Jul 23 17:26:10.703: L2TP tnl   01039:00006DC8:   Firmware Ver      0x1130

    *Jul 23 17:26:10.703: L2TP tnl   01039:00006DC8:   Hostname          "Router"

    *Jul 23 17:26:10.703: L2TP tnl   01039:00006DC8:   Vendor Name

    *Jul 23 17:26:10.703: L2TP tnl   01039:00006DC8:     "Cisco Systems, Inc."

    *Jul 23 17:26:10.703: L2TP tnl   01039:00006DC8:   Rx Window Size    1024

    *Jul 23 17:26:10.703: L2TP tnl   01039:00006DC8:   Challenge         [16]

    *Jul 23 17:26:10.703: L2TP tnl   01039:00006DC8:     0x21028AD3178612DA66BAAE7136B0E74D

    *Jul 23 17:26:10.703: L2TP tnl   01039:00006DC8:  Cisco v3:

    *Jul 23 17:26:10.703: L2TP tnl   01039:00006DC8:   Assigned Control  28104

    *Jul 23 17:26:10.703: L2TP tnl   01039:00006DC8:   PW Capabilities

    *Jul 23 17:26:10.707: L2TP tnl   01039:00006DC8:     Eth Vlan HDLC PPP FR ATM-Port

    *Jul 23 17:26:10.707: L2TP tnl   01039:00006DC8:     ATM-VP ATM-VC IP

    *Jul 23 17:26:10.707: L2TP tnl   01039:00006DC8:   Draft Version     1

    *Jul 23 17:26:10.707: L2TP tnl   01039:00006DC8:  IETF v3:

    *Jul 23 17:26:10.707: L2TP tnl   01039:00006DC8:   Router ID         177.177.177.1

    *Jul 23 17:26:10.707: L2TP tnl   01039:00006DC8:   Assigned Control  28104

    *Jul 23 17:26:10.707: L2TP tnl   01039:00006DC8:   PW Capabilities

    *Jul 23 17:26:10.707: L2TP tnl   01039:00006DC8:     Eth Vlan HDLC PPP FR ATM-Port

    *Jul 23 17:26:10.707: L2TP tnl   01039:00006DC8:     ATM-VP ATM-VC IP

    *Jul 23 17:26:10.707: L2TP tnl   01039:00006DC8:

    *Jul 23 17:26:10.711: L2TP 00001:01039:00003E43: Session
    attached

    *Jul 23 17:26:10.711: L2TP 00001:01039:00003E43:

    *Jul 23 17:26:10.711: L2TP 00001:01039:00003E43:
    APP->L2TP: setup dataplane,

    *Jul 23 17:26:10.711: L2TP 00001:01039:00003E43:            sock 0xCC000001

    *Jul 23 17:26:10.711: L2TP 00001:01039:00003E43:            serv 0x00000000

    *Jul 23 17:26:10.711: L2TP 00001:01039:00003E43:            no serv hdl yet; use socket

    *Jul 23 17:26:10.711: L2TP 00001:01039:00003E43:

    *Jul 23 17:26:10.711: L2TP 00001:01039:00003E43: FSM-Sn ev
    DP-Setup

    *Jul 23 17:26:10.711: L2TP 00001:01039:00003E43: FSM-Sn    in Wt-CC

    *Jul 23 17:26:10.711: L2TP 00001:01039:00003E43: FSM-Sn do
    Ignore-DP-Setup

    *Jul 23 17:26:11.711: L2TP tnl   01039:00006DC8: O Resend SCCRQ, flg TLS, ver
    3, len 213

    *Jul 23 17:26:11.711: L2TP tnl   01039:00006DC8: Drain unsentQ, cur/max
    resendQ sz 1/4, unsentQ 0

    *Jul 23 17:26:13.711: L2TP tnl   01039:00006DC8: O Resend SCCRQ, flg TLS, ver
    3, len 213

    *Jul 23 17:26:13.711: L2TP tnl   01039:00006DC8: Drain unsentQ, cur/max
    resendQ sz 1/4, unsentQ 0

    *Jul 23 17:26:17.711: L2TP tnl   01039:00006DC8:

    *Jul 23 17:26:17.711: L2TP tnl   01039:00006DC8: Shutting down tunnel

    *Jul 23 17:26:17.711: L2TP tnl   01039:00006DC8:   With 1 session

    *Jul 23 17:26:17.711: L2TP tnl   01039:00006DC8:   Result Code

    *Jul 23 17:26:17.711: L2TP tnl   01039:00006DC8:     Request to clear control connection

    *Jul 23 17:26:17.711: L2TP tnl   01039:00006DC8:   Error Code

    *Jul 23 17:26:17.711: L2TP tnl   01039:00006DC8:     Vendor specific

    *Jul 23 17:26:17.711: L2TP tnl   01039:00006DC8:   Vendor Error

    *Jul 23 17:26:17.711: L2TP tnl   01039:00006DC8:     Tunnel shut

    *Jul 23 17:26:17.711: L2TP tnl   01039:00006DC8:   Optional Message

    *Jul 23 17:26:17.711: L2TP tnl   01039:00006DC8:     "Too many retransmits to
    177.177.177.2"

    *Jul 23 17:26:17.711: L2TP tnl   01039:00006DC8:

    *Jul 23 17:26:17.711: L2TP tnl   01039:00006DC8: FSM-CC ev Shut

    *Jul 23 17:26:17.711: L2TP tnl   01039:00006DC8: FSM-CC    Wt-SCCRP->Wt-STOPACK

    *Jul 23 17:26:17.711: L2TP tnl   01039:00006DC8: FSM-CC do Tx-StopCCN-Error

    *Jul 23 17:26:17.711: L2TP 00001:01039:00003E43: FSM-Sn ev
    CC-Down

    *Jul 23 17:26:17.711: L2TP 00001:01039:00003E43: FSM-Sn    Wt-CC->Idle

    *Jul 23 17:26:17.711: L2TP 00001:01039:00003E43: FSM-Sn do
    CC-Down

    *Jul 23 17:26:17.715: L2TP 00001:01039:00003E43:

    *Jul 23 17:26:17.715: L2TP 00001:01039:00003E43: Shutting
    down session

    *Jul 23 17:26:17.715: L2TP 00001:01039:00003E43:   Result Code

    *Jul 23 17:26:17.715: L2TP 00001:01039:00003E43:     Request to clear control connection (2)

    *Jul 23 17:26:17.715: L2TP 00001:01039:00003E43:   Error Code

    *Jul 23 17:26:17.715: L2TP 00001:01039:00003E43:     Vendor specific (6)

    *Jul 23 17:26:17.715: L2TP 00001:01039:00003E43:   Vendor Error

    *Jul 23 17:26:17.715: L2TP 00001:01039:00003E43:     Tunnel shut (1)

    *Jul 23 17:26:17.715: L2TP 00001:01039:00003E43:   Optional Message

    *Jul 23 17:26:17.715: L2TP 00001:01039:00003E43:     "Too many retransmits to
    177.177.177.2"

    *Jul 23 17:26:17.715: L2TP 00001:01039:00003E43:

    *Jul 23 17:26:17.715: L2TP 00001:01039:00003E43: FSM-Sn ev
    Shut

    *Jul 23 17:26:17.715: L2TP 00001:01039:00003E43: FSM-Sn    Idle->Dead

    *Jul 23 17:26:17.715: L2TP 00001:01039:00003E43: FSM-Sn do
    Destroy

    *Jul 23 17:26:17.715: L2TP 00001:01039:00003E43:

    *Jul 23 17:26:17.715: L2TP 00001:01039:00003E43:
    APP<-L2TP: disconnect

    *Jul 23 17:26:17.715: L2TP 00001:01039:00003E43:            sock 0xCC000001

    *Jul 23 17:26:17.715: L2TP 00001:01039:00003E43:            serv 0x00001000

    *Jul 23 17:26:17.715: L2TP 00001:01039:00003E43:

    *Jul 23 17:26:17.719: L2TP 00001:01039:00003E43: Session
    down

    *Jul 23 17:26:17.719: L2TP 00001:01039:00003E43:   177.177.177.1<->177.177.177.2

    *Jul 23 17:26:17.719: L2TP 00001:01039:00003E43: Destroying
    session

    *Jul 23 17:26:17.719: L2TP tnl   01039:00006DC8: FSM-CC ev Session-Disc

    *Jul 23 17:26:17.719: L2TP tnl   01039:00006DC8: FSM-CC    in Wt-STOPACK

    *Jul 23 17:26:17.719: L2TP tnl   01039:00006DC8: FSM-CC do Session-Disc-Shut

    *Jul 23 17:26:17.719: L2TP tnl   01039:00006DC8:   Session count now 0

    *Jul 23 17:26:17.719: L2TP tnl   01039:00006DC8:   XCONNECT Session count now 0

    *Jul 23 17:26:17.719: L2TP tnl   01039:00006DC8:   Session PMTU count now 0

    *Jul 23 17:26:17.719: L2TP 00001:_____:________: Session
    detached

    *Jul 23 17:26:17.723: L2TP tnl   01039:00006DC8:

    *Jul 23 17:26:17.723: L2TP tnl   01039:00006DC8: O StopCCN to 177.177.177.2

    *Jul 23 17:26:17.723: L2TP tnl   01039:00006DC8:  IETF v2:

    *Jul 23 17:26:17.723: L2TP tnl   01039:00006DC8:   Result Code

    *Jul 23 17:26:17.723: L2TP tnl   01039:00006DC8:     Request to clear control connection(2)

    *Jul 23 17:26:17.723: L2TP tnl   01039:00006DC8:     Error code

    *Jul 23 17:26:17.723: L2TP tnl   01039:00006DC8:       Vendor specific(6)

    *Jul 23 17:26:17.723: L2TP tnl   01039:00006DC8:     Optional msg

    *Jul 23 17:26:17.723: L2TP tnl   01039:00006DC8:       "Too many retransmits to
    177.177.177.2"

    *Jul 23 17:26:17.727: L2TP tnl   01039:00006DC8:  Cisco v2:

    *Jul 23 17:26:17.727: L2TP tnl   01039:00006DC8:   Vendor Error Code

    *Jul 23 17:26:17.727: L2TP tnl   01039:00006DC8:     Error code

    *Jul 23 17:26:17.727: L2TP tnl   01039:00006DC8:       Tunnel shut(1)

    *Jul 23 17:26:17.727: L2TP tnl   01039:00006DC8:  Cisco v3:

    *Jul 23 17:26:17.727: L2TP tnl   01039:00006DC8:   Assigned Control  28104

    *Jul 23 17:26:17.727: L2TP tnl   01039:00006DC8:  IETF v3:

    *Jul 23 17:26:17.727: L2TP tnl   01039:00006DC8:   Assigned Control  28104

    *Jul 23 17:26:17.727: L2TP tnl   01039:00006DC8:

    *Jul 23 17:26:22.363: %CRYPTO-6-EZVPN_CONNECTION_DOWN:
    (Client)  User=  Group=vorack11  Client_public_addr=10.10.45.234  Server_public_addr=75.140.41.126

    *Jul 23 17:26:22.731: L2TP tnl   01039:00006DC8: FSM-CC ev Shut

    *Jul 23 17:26:22.731: L2TP un alltnl   01039:00006DC8: FSM-CC    in Wt-STOPACK

    *Jul 23 17:26:22.731: L2TP tnl   01039:00006DC8: FSM-CC do Shutnow

    *Jul 23 17:26:22.731: L2TP tnl   01039:00006DC8: FSM-CC ev Shut-Comp

    *Jul 23 17:26:22.731: L2TP tnl   01039:00006DC8: FSM-CC    Wt-STOPACK->Dead

    *Jul 23 17:26:22.731: L2TP tnl   01039:00006DC8: FSM-CC do Shutdown-Completed

    *Jul 23 17:26:22.731: L2TP tnl   01039:00006DC8: Control channel down

    *Jul 23 17:26:22.731: L2TP tnl   01039:00006DC8:   177.177.177.1<->177.177.177.2

    *Jul 23 17:26:22.731: L2TP tnl   01039:00006DC8: Destroying tunnel

    *Jul 23 17:26:22.739: L2X 
    tnl   01039:________: Destroying
    logical tunnel

    All possible debugging has been turned off

    Router#

    Router#un all

    All possible debugging has been turned off

    Please support me as I want ti have my rack ready for my next rack rental time slot !

    Many thanks,

    Ciprian.

    PS : I have opened a 911 ticket, Mr. Steve replied saying that the ticket is at Tier2 now, but I don't think it will answered in time, that's why I posted here also.

    PSS : If anything else is needed please do ASK ! :) Thanks !

     

     

  • Hi guys,

    Good news are always welcomed, right ?

    So I have the VPN working now ... Mark's advice of trying to get voracktest going was the piece ... After some hours of TS, it's UP :

    Here's what I got now :


    Router#sh crypto ipsec client ezvpn
    Easy VPN Remote Phase: 8

    Tunnel name : INEVORACK
    Inside interface list: FastEthernet0/0.102, Loopback0
    Outside interface: Dialer1
    Current State: IPSEC_ACTIVE
    Last Event: MTU_CHANGED
    Save Password: Allowed
    Split Tunnel List: 1
           Address    : 177.0.0.0
           Mask       : 255.0.0.0
           Protocol   : 0x0
           Source Port: 0
           Dest Port  : 0
    Current EzVPN Peer: 75.140.41.126
    _______________________________________________

    Router#sh crypto isakmp sa
    IPv4 Crypto ISAKMP SA
    dst             src             state          conn-id status
    75.140.41.126   79.113.190.112  QM_IDLE           1002 ACTIVE

    IPv6 Crypto ISAKMP SA

    _____________________________________________________

    Router#show crypto ipsec sa
         PFS (Y/N): N, DH group: none
         PFS (Y/N): N, DH group: none
         PFS (Y/N): N, DH group: none
         PFS (Y/N): N, DH group: none

    interface: Dialer1
        Crypto map tag: Dialer1-head-0, local addr 79.113.190.112

       protected vrf: (none)
       local  ident (addr/mask/prot/port): (192.168.10.0/255.255.255.0/0/0)
       remote ident (addr/mask/prot/port): (177.0.0.0/255.0.0.0/0/0)
       current_peer 75.140.41.126 port 500
         PERMIT, flags={origin_is_acl,}
        #pkts encaps: 6737, #pkts encrypt: 6737, #pkts digest: 6737
        #pkts decaps: 8420, #pkts decrypt: 8420, #pkts verify: 8420
        #pkts compressed: 0, #pkts decompressed: 0
        #pkts not compressed: 0, #pkts compr. failed: 0
        #pkts not decompressed: 0, #pkts decompress failed: 0
        #send errors 0, #recv errors 0

         local crypto endpt.: 79.113.190.112, remote crypto endpt.: 75.140.41.126
         path mtu 1492, ip mtu 1492, ip mtu idb Dialer1
         current outbound spi: 0x1E6ED24E(510579278)

         inbound esp sas:
          spi: 0xFD50E91F(4249938207)
            transform: esp-3des esp-sha-hmac ,
            in use settings ={Tunnel, }
            conn id: 2005, flow_id: NETGX:5, sibling_flags 80000046, crypto map: Dialer1-head-0
            sa timing: remaining key lifetime (k/sec): (4510960/79881)
            IV size: 8 bytes
            replay detection support: Y
            Status: ACTIVE

         inbound ah sas:

         inbound pcp sas:

         outbound esp sas:
          spi: 0x1E6ED24E(510579278)
            transform: esp-3des esp-sha-hmac ,
            in use settings ={Tunnel, }
            conn id: 2006, flow_id: NETGX:6, sibling_flags 80000046, crypto map: Dialer1-head-0
            sa timing: remaining key lifetime (k/sec): (4516790/79881)
            IV size: 8 bytes
            replay detection support: Y
            Status: ACTIVE

         outbound ah sas:

         outbound pcp sas:

       protected vrf: (none)
       local  ident (addr/mask/prot/port): (177.177.177.1/255.255.255.255/0/0)
       remote ident (addr/mask/prot/port): (177.0.0.0/255.0.0.0/0/0)
       current_peer 75.140.41.126 port 500
         PERMIT, flags={origin_is_acl,}
        #pkts encaps: 824, #pkts encrypt: 824, #pkts digest: 824
        #pkts decaps: 820, #pkts decrypt: 820, #pkts verify: 820
        #pkts compressed: 0, #pkts decompressed: 0
        #pkts not compressed: 0, #pkts compr. failed: 0
        #pkts not decompressed: 0, #pkts decompress failed: 0
        #send errors 0, #recv errors 0

         local crypto endpt.: 79.113.190.112, remote crypto endpt.: 75.140.41.126
         path mtu 1492, ip mtu 1492, ip mtu idb Dialer1
         current outbound spi: 0xC905DD86(3372604806)

         inbound esp sas:
          spi: 0xE29259AC(3801242028)
            transform: esp-3des esp-sha-hmac ,
            in use settings ={Tunnel, }
            conn id: 2007, flow_id: NETGX:7, sibling_flags 80000046, crypto map: Dialer1-head-0
            sa timing: remaining key lifetime (k/sec): (4442068/79881)
            IV size: 8 bytes
            replay detection support: Y
            Status: ACTIVE

         inbound ah sas:

         inbound pcp sas:

         outbound esp sas:
          spi: 0xC905DD86(3372604806)
            transform: esp-3des esp-sha-hmac ,
            in use settings ={Tunnel, }
            conn id: 2008, flow_id: NETGX:8, sibling_flags 80000046, crypto map: Dialer1-head-0
            sa timing: remaining key lifetime (k/sec): (4442042/79881)
            IV size: 8 bytes
            replay detection support: Y
            Status: ACTIVE

         outbound ah sas:

         outbound pcp sas:

    interface: Virtual-Access2
        Crypto map tag: Dialer1-head-0, local addr 79.113.190.112

       protected vrf: (none)
       local  ident (addr/mask/prot/port): (192.168.10.0/255.255.255.0/0/0)
       remote ident (addr/mask/prot/port): (177.0.0.0/255.0.0.0/0/0)
       current_peer 75.140.41.126 port 500
         PERMIT, flags={origin_is_acl,}
        #pkts encaps: 6737, #pkts encrypt: 6737, #pkts digest: 6737
        #pkts decaps: 8420, #pkts decrypt: 8420, #pkts verify: 8420
        #pkts compressed: 0, #pkts decompressed: 0
        #pkts not compressed: 0, #pkts compr. failed: 0
        #pkts not decompressed: 0, #pkts decompress failed: 0
        #send errors 0, #recv errors 0

         local crypto endpt.: 79.113.190.112, remote crypto endpt.: 75.140.41.126
         path mtu 1492, ip mtu 1492, ip mtu idb Dialer1
         current outbound spi: 0x1E6ED24E(510579278)

         inbound esp sas:
          spi: 0xFD50E91F(4249938207)
            transform: esp-3des esp-sha-hmac ,
            in use settings ={Tunnel, }
            conn id: 2005, flow_id: NETGX:5, sibling_flags 80000046, crypto map: Dialer1-head-0
            sa timing: remaining key lifetime (k/sec): (4510960/79881)
            IV size: 8 bytes
            replay detection support: Y
            Status: ACTIVE

         inbound ah sas:

         inbound pcp sas:

         outbound esp sas:
          spi: 0x1E6ED24E(510579278)
            transform: esp-3des esp-sha-hmac ,
            in use settings ={Tunnel, }
            conn id: 2006, flow_id: NETGX:6, sibling_flags 80000046, crypto map: Dialer1-head-0
            sa timing: remaining key lifetime (k/sec): (4516790/79881)
            IV size: 8 bytes
            replay detection support: Y
            Status: ACTIVE

         outbound ah sas:

         outbound pcp sas:

       protected vrf: (none)
       local  ident (addr/mask/prot/port): (177.177.177.1/255.255.255.255/0/0)
       remote ident (addr/mask/prot/port): (177.0.0.0/255.0.0.0/0/0)
       current_peer 75.140.41.126 port 500
         PERMIT, flags={origin_is_acl,}
        #pkts encaps: 824, #pkts encrypt: 824, #pkts digest: 824
        #pkts decaps: 820, #pkts decrypt: 820, #pkts verify: 820
        #pkts compressed: 0, #pkts decompressed: 0
        #pkts not compressed: 0, #pkts compr. failed: 0
        #pkts not decompressed: 0, #pkts decompress failed: 0
        #send errors 0, #recv errors 0

         local crypto endpt.: 79.113.190.112, remote crypto endpt.: 75.140.41.126
         path mtu 1492, ip mtu 1492, ip mtu idb Dialer1
         current outbound spi: 0xC905DD86(3372604806)

         inbound esp sas:
          spi: 0xE29259AC(3801242028)
            transform: esp-3des esp-sha-hmac ,
            in use settings ={Tunnel, }
            conn id: 2007, flow_id: NETGX:7, sibling_flags 80000046, crypto map: Dialer1-head-0
            sa timing: remaining key lifetime (k/sec): (4442068/79881)
            IV size: 8 bytes
            replay detection support: Y
            Status: ACTIVE

         inbound ah sas:

         inbound pcp sas:

         outbound esp sas:
          spi: 0xC905DD86(3372604806)
            transform: esp-3des esp-sha-hmac ,
            in use settings ={Tunnel, }
            conn id: 2008, flow_id: NETGX:8, sibling_flags 80000046, crypto map: Dialer1-head-0
            sa timing: remaining key lifetime (k/sec): (4442042/79881)
            IV size: 8 bytes
            replay detection support: Y
            Status: ACTIVE

         outbound ah sas:

         outbound pcp sas:
    _____________________________________________________________________________

    But No L2TP:

    Router#show l2tun

    %No active L2TP tunnels

    I suppose this is why ip phones aren't registering to cucm and stuf ... I just see them blinking ...

    What's next guys ? What trail should I follow ?

    Thanks Ciprian.

  • Hey,

    Forget to say that all leds, except 7960 phone led, are amber, dont turn to green.

    Thanks,

    Ciprian.

  • For all those new starters who need to test the L2VPN connection before even scheduling any lab and wasting tokens on testing L2VPN please stop and read this whole message.

    "So I have the VPN working now ... Mark's advice of trying to get voracktest going was the piece ... After some hours of TS, it's UP :"

    Please see the link below for more detail of what Mark was referring to:

    http://labs.ine.com/workbook/view/collaboration-access-guide/task/testing-your-hardware-vpn-prior-to-your-lab-rack-session-NTQ0

    Thank you,

    ZB

Sign In or Register to comment.