Mailing List Archive: L2TP LNS and HSRP

L2TP LNS and HSRP

Dec 29, 2006, 7:17 AM

Post #1 of 4 (5818 views)

Hi,

I am trying to bring up two Cisco 7206 routers as LNS for L2TP dial.
IOS: 12.2(28)SB5. HSRP is configured on the router's outside interface
in order to provide redundancy.

I am getting the following the following error message when a CPE tries
to dialin.

Tnl 18044 L2TP: Deny SCCRQ, Local interface for IP address 192.168.1.1
is down

The relevant configuration:

vpdn enable
!
vpdn-group 1
! Default L2TP VPDN group
description Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 1
source-ip 192.168.1.1
local name lab-dsl-lns
no l2tp tunnel authentication
!
interface GigabitEthernet0/1
description lab-01 out
ip address 192.168.1.2 255.255.255.224
duplex full
speed 100
media-type rj45
no negotiation auto
standby 201 ip 192.168.1.1
standby 201 priority 105
standby 201 preempt
!
interface Virtual-Template1
ip unnumbered GigabitEthernet0/1
ppp authentication chap pap

Can somebody point out what is wrong with the configuration?

Regards,
- Gaurav
_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

Re: L2TP LNS and HSRP [ In reply to ]

oboehmer at cisco

Dec 29, 2006, 12:53 PM

Post #2 of 4 (5646 views)

Permalink

cisco-bba-bounces@puck.nether.net <> wrote on :

> Hi,
>
> I am trying to bring up two Cisco 7206 routers as LNS for L2TP dial.
> IOS: 12.2(28)SB5. HSRP is configured on the router's outside interface
> in order to provide redundancy.
>

You can't terminate the L2TP tunnel on the HSRP address, please use
multiple IP addresses at the LAC (i.e. multiple initiate-to statements)
to provide redundancy/fail-over to both LNS

oli

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

Re: L2TP LNS and HSRP [ In reply to ]

gaurav at inwire

Dec 29, 2006, 1:24 PM

Post #3 of 4 (5661 views)

Permalink

on 12/29/2006 09:53 PM Oliver Boehmer (oboehmer) said the following:
> cisco-bba-bounces@puck.nether.net <> wrote on :
>
>> Hi,
>>
>> I am trying to bring up two Cisco 7206 routers as LNS for L2TP dial.
>> IOS: 12.2(28)SB5. HSRP is configured on the router's outside interface
>> in order to provide redundancy.
>>
>
> You can't terminate the L2TP tunnel on the HSRP address, please use
> multiple IP addresses at the LAC (i.e. multiple initiate-to statements)
> to provide redundancy/fail-over to both LNS

Thanks for the reply. We are going to use client initiated L2TP and we
can't provide multiple LNS via the pseudowire command on the CPE.

Also, why is not possible to use the HSRP to terminate L2TP tunnels?

- Gaurav

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

Re: L2TP LNS and HSRP [ In reply to ]

oboehmer at cisco

Dec 29, 2006, 11:59 PM

Post #4 of 4 (5664 views)

Permalink

Gaurav Sabharwal <mailto:gaurav@inwire.net> wrote on Friday, December
29, 2006 10:24 PM:

> on 12/29/2006 09:53 PM Oliver Boehmer (oboehmer) said the following:
>> cisco-bba-bounces@puck.nether.net <> wrote on :
>>
>>> Hi,
>>>
>>> I am trying to bring up two Cisco 7206 routers as LNS for L2TP dial.
>>> IOS: 12.2(28)SB5. HSRP is configured on the router's outside
>>> interface in order to provide redundancy.
>>>
>>
>> You can't terminate the L2TP tunnel on the HSRP address, please use
>> multiple IP addresses at the LAC (i.e. multiple initiate-to
>> statements) to provide redundancy/fail-over to both LNS
>
> Thanks for the reply. We are going to use client initiated
> L2TP and we can't provide multiple LNS via the pseudowire command on
the CPE.

Ah, ok, understood. Can't tell when we'll be able to support redundancy
here.

> Also, why is not possible to use the HSRP to terminate L2TP tunnels?

I checked again, and it should actually work (at least it worked in the
past). You might be running into CSCsf09874 (LNS denies L2TP SCCRQ
messages to HSRP virtual IP address), 12.4(10a) and later 12.4 releases
have the fix.

oli

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba