Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2001
Views
0
Helpful
1
Replies

l2tp client initiated tunnel fails to connect after new config with dmvpn

jlwilliams
Level 1
Level 1

‎11-02-2009 02:15 PM - edited ‎03-04-2019 06:35 AM

I have a router that is currently supporting a central office and a single crypto map vpn tunnel. It also supports a connection to a 3rd party network via a client initiated l2tp tunnel.

UPDATE: fogotten details: router 1841, with 12.4(15)T4

I have a need to begin supporting multiple branch office VPNs so I wanted to implement dmvpn, I also wanted to clean up the config a little.

After switching to the new config, the l2tp tunnel was unable to connect, other than cleaning up and reorganizing I don't believe I changed the what is being filtered, but I did switch from "allow established" to reflexive ACLs.

Also I need to filter traffic from the 3rd party's tunnel from accessing our internal nets, can an inbound ACL be applied to the Virtual-PPP interface, or do I need block with outbound ACLs on our internal interfaces?

cofigs (current-messy;new-clean) and error from l2tp connection attempt attached.

Thanks,

Jeff

current (messy)

Labels:
20996-topost-new
2 KB
20995-topost-current
0 Helpful
1 Reply 1

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎11-03-2009 12:21 AM

Hello Jeff,

this kind of errors

12:13.723: %L2TP-3-ILLEGAL: _____:_____: failed to get cc: no l2tp

db hdl, -Traceback= 0x60C1122C 0x61D0E258 0x61D0E410 0x61D0C104 0x61D2EE5C 0x60

6E0DEC 0x606DEB70 0x606E11F0 0x606DFE34 0x61289954 0x6102F318 0x6102F4C8 0x6102F

548 0x6102F74C

*Nov 1 08:12:13.731: %L2TP-3-ILLEGAL: _____:_____: ERROR: [l2tp_db_get_cc::1035

], -Traceback= 0x60C1122C 0x61D0E258 0x61D0E3FC 0x61D0C104 0x61D2EE5C 0x606E0DE

C 0x606DEB70 0x606E11F0 0x606DFE34 0x61289954 0x6102F318 0x6102F4C8 0x6102F548 0

x6102F74C

*Nov 1 08:12:13.735: %L2TP-3-ILLEGAL: _____:_____: failed to get cc: no l2tp

db hdl, -Traceback= 0x60C1122C 0x61D0E258 0x61D0E410 0x61D0C104 0x61D2EE5C 0x60

6E0DEC 0x606DEB70 0x606E11F0 0x606DFE34 0x61289954 0x6102F318 0x6102F4C8 0x6102F

548 0x6102F74C

*Nov 1 08:12:13.743: %L2TP-3-ILLEGAL: _____:_____: ERROR: [l2tp_db_get_cc::1035

], -Traceback= 0x60C1122C 0x61D0E258 0x61D0E3FC 0x61D0C104 0x61D2EE5C 0x606E0DE

C 0x606DEB70 0x606E11F0 0x606DFE34 0x61289954 0x6102F318 0x6102F4C8 0x6102F548 0

x6102F74C

*Nov 1 08:12:13.747: %L2TP-3-ILLEGAL: _____:_____: failed to get cc: no l2tp

db hdl, -Traceback= 0x60C1122C 0x61D0E258 0x61D0E410 0x61D0C104 0x61D2EE5C 0x60

6E

are the sign of a SW defect.

without seeing your configuration it is difficult to say more.

However, you should be able to apply an ACL in virtual-PPP interface, for example in one of our routers we have a crypto map applied in virtual-PPP.

I can see non-zero input packet counters in my virtual-PPP so it should be possible to apply an ACL inbound on it.

Hope to help

Giuseppe

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card