Traffico L2TP scartato dall'interfaccia outside

Virtual private networks e affini

Moderatore: Federico.Lagni

Rispondi
sandman42
n00b
Messaggi: 20
Iscritto il: lun 19 mag , 2008 2:21 pm

Ciao,

ho una VPN L2TP per accedere a un Pix 501 con sw 6.3(5).

Ha smesso di funzionare da un giorno a quell'altro con il seguente errore:

710005: UDP request discarded from <PEER_DYNAMIC_IP>/1701 to outside:<PIX_PUBLIC_STATIC_IP>/1701

Cosa c'è che non va? :?

Questo è un estratto della configurazione:

Codice: Seleziona tutto

nameif ethernet0 outside security0
nameif ethernet1 inside security100
[...]
access-list inside_outbound_nat0_acl permit ip any host <L2TP IP>
access-list outside_cryptomap_dyn_20 permit ip any host 10.21.0.20
access-list outside_cryptomap_dyn_20 permit ip any host <L2TP IP>
[...]
ip local pool L2TPUSer <L2TP IP> mask 255.255.255.255
[...]
pdm location <L2TP IP> 255.255.255.255 outside
[...]
global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
route outside 0.0.0.0 0.0.0.0 <PIX_PUBLIC_STATIC_IP> 1
[...]
aaa-server LOCAL protocol local
[...]
sysopt connection permit-ipsec
sysopt connection permit-l2tp
[...]
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5
[...]
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
[...]
vpdn group L2TPgrp accept dialin l2tp
vpdn group L2TPgrp ppp authentication mschap
vpdn group L2TPgrp client configuration address local MyL2TPUser
vpdn group L2TPgrp client configuration dns x.x.x.x
vpdn group L2TPgrp client authentication local
vpdn group L2TPgrp l2tp tunnel hello 60
vpdn username MyL2TPUser password *********
vpdn enable outside
Grazie

Ciao
Top
Rispondi

Torna a “VPN”