Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

l2tp client initiated tunnel fails to connect after new config with dmvpn

I have a router that is currently supporting a central office and a single crypto map vpn tunnel. It also supports a connection to a 3rd party network via a client initiated l2tp tunnel.

UPDATE: fogotten details: router 1841, with 12.4(15)T4

I have a need to begin supporting multiple branch office VPNs so I wanted to implement dmvpn, I also wanted to clean up the config a little.

After switching to the new config, the l2tp tunnel was unable to connect, other than cleaning up and reorganizing I don't believe I changed the what is being filtered, but I did switch from "allow established" to reflexive ACLs.

Also I need to filter traffic from the 3rd party's tunnel from accessing our internal nets, can an inbound ACL be applied to the Virtual-PPP interface, or do I need block with outbound ACLs on our internal interfaces?

cofigs (current-messy;new-clean) and error from l2tp connection attempt attached.

Thanks,

Jeff

current (messy)

1 REPLY
Hall of Fame Super Silver

Re: l2tp client initiated tunnel fails to connect after new conf

Hello Jeff,

this kind of errors

12:13.723: %L2TP-3-ILLEGAL: _____:_____: failed to get cc: no l2tp

db hdl, -Traceback= 0x60C1122C 0x61D0E258 0x61D0E410 0x61D0C104 0x61D2EE5C 0x60

6E0DEC 0x606DEB70 0x606E11F0 0x606DFE34 0x61289954 0x6102F318 0x6102F4C8 0x6102F

548 0x6102F74C

*Nov 1 08:12:13.731: %L2TP-3-ILLEGAL: _____:_____: ERROR: [l2tp_db_get_cc::1035

], -Traceback= 0x60C1122C 0x61D0E258 0x61D0E3FC 0x61D0C104 0x61D2EE5C 0x606E0DE

C 0x606DEB70 0x606E11F0 0x606DFE34 0x61289954 0x6102F318 0x6102F4C8 0x6102F548 0

x6102F74C

*Nov 1 08:12:13.735: %L2TP-3-ILLEGAL: _____:_____: failed to get cc: no l2tp

db hdl, -Traceback= 0x60C1122C 0x61D0E258 0x61D0E410 0x61D0C104 0x61D2EE5C 0x60

6E0DEC 0x606DEB70 0x606E11F0 0x606DFE34 0x61289954 0x6102F318 0x6102F4C8 0x6102F

548 0x6102F74C

*Nov 1 08:12:13.743: %L2TP-3-ILLEGAL: _____:_____: ERROR: [l2tp_db_get_cc::1035

], -Traceback= 0x60C1122C 0x61D0E258 0x61D0E3FC 0x61D0C104 0x61D2EE5C 0x606E0DE

C 0x606DEB70 0x606E11F0 0x606DFE34 0x61289954 0x6102F318 0x6102F4C8 0x6102F548 0

x6102F74C

*Nov 1 08:12:13.747: %L2TP-3-ILLEGAL: _____:_____: failed to get cc: no l2tp

db hdl, -Traceback= 0x60C1122C 0x61D0E258 0x61D0E410 0x61D0C104 0x61D2EE5C 0x60

6E

are the sign of a SW defect.

without seeing your configuration it is difficult to say more.

However, you should be able to apply an ACL in virtual-PPP interface, for example in one of our routers we have a crypto map applied in virtual-PPP.

I can see non-zero input packet counters in my virtual-PPP so it should be possible to apply an ACL inbound on it.

Hope to help

Giuseppe

1116
Views
0
Helpful
1
Replies