<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-CA link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Nathan,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>In my experience it’s best to stuff the interfaces facing the provider in a VRF, and point a default route out to their gateway. This way if they add new routes in the future (for new LACs), you don’t need to make any changes. This also works very well when you have multiple loop providers that use private address ranges for their LAC networks, as it ensures you don’t have any conflicts with your routing.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>One provider in particular up here in Canuckistan likes to add new LAC subnets without telling anyone, then migrate customers to new LACs on these subnets and leave the ISPs to figure out why hundreds or thousands of their customers are down.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Cheers,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><br>GTG<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div style='border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt'><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> cisco-bba [mailto:cisco-bba-bounces@puck.nether.net] <b>On Behalf Of </b>Nathan Downes<br><b>Sent:</b> July 31, 2015 6:49 PM<br><b>To:</b> cisco-bba@puck.nether.net<br><b>Subject:</b> Re: [cisco-bba] 7204vxr as LNS - provider is LAC<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'>Hi Wayne,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'>Thankyou we have progress!!! This shows how laziness causes problems later, when we setup the call termination service 3 years ago I had to specifically route 2 ranges through a private lan.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'>202.10.4.0/28<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'>202.10.4.16/28<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'>Stupid me decided to be lazy and do the below on our core switch the 7204vxr connects to save typing both out<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'>ip route 202.10.4.0 255.255.255.0 10.239.238.121<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'>turns out they use 202.10.4.128/25 for the LACs across all the states..<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'>Fixed the above and I can at least ping it now </span><span lang=EN-AU style='font-size:11.0pt;font-family:Wingdings;color:#1F497D;mso-fareast-language:EN-US'>J</span><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'>Sending 5, 100-byte ICMP Echos to 202.10.4.147, timeout is 2 seconds:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'>!!!!!<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'>Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'>Tunnel wont attempts again until modem tries connecting to LAC, it slows down reattempts as time goes on, seeing if I can get it restarted. We have progress!<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><b><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> Wayne Lee [<a href="mailto:linkconnect@googlemail.com">mailto:linkconnect@googlemail.com</a>] <br><b>Sent:</b> Friday, 31 July 2015 8:47 PM<br><b>To:</b> Nathan Downes <<a href="mailto:nathandownes@hotmail.com">nathandownes@hotmail.com</a>><br><b>Subject:</b> Re: [cisco-bba] 7204vxr as LNS - provider is LAC<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p><div><p class=MsoNormal><span lang=EN-AU>How are you getting back to </span><span lang=EN-AU style='font-size:9.0pt;font-family:Consolas;color:black'>202.10.4.147</span><span lang=EN-AU><o:p></o:p></span></p><div><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p></div><div><p class=MsoNormal><span lang=EN-AU style='font-size:9.0pt;font-family:Consolas;color:black'>You will need a route back to the tunnel sources </span><span lang=EN-AU><o:p></o:p></span></p></div></div><div><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p><div><p class=MsoNormal><span lang=EN-AU>On 31 July 2015 at 11:38, Nathan Downes <<a href="mailto:nathandownes@hotmail.com" target="_blank">nathandownes@hotmail.com</a>> wrote:<o:p></o:p></span></p><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt'><p class=MsoNormal><span lang=EN-AU>Hi James,<br><br>I thought that solved it, I didn't have a source-ip set so I set source-ip<br>to .29 but it still appears to fail due to unreachable .28??<br><br><a href="http://pastebin.com/h0cagDPk" target="_blank">http://pastebin.com/h0cagDPk</a><br><br>From what I gather I get the SCCRQ and for some reason a SCCRP is not making<br>it back, then tunnel is killed.<o:p></o:p></span></p><div><div><p class=MsoNormal><span lang=EN-AU><br><br><br>-----Original Message-----<br>From: cisco-bba [mailto:<a href="mailto:cisco-bba-bounces@puck.nether.net">cisco-bba-bounces@puck.nether.net</a>] On Behalf Of<br>James Bensley<br>Sent: Friday, 31 July 2015 7:49 PM<br>To: <a href="mailto:cisco-bba@puck.nether.net">cisco-bba@puck.nether.net</a><br>Subject: Re: [cisco-bba] 7204vxr as LNS - provider is LAC<br><br>Hi Nathan,<br><br>Have you made a configruation mistake in your VPDN group maybe?<br>Perhaps you can share your config, that is always helpful.<br><br>You have this in your logs:<br><br><br>Jul 31 18:22:04.352: L2TP tnl 08060:________: remote ip set to<br>202.10.4.147<br>Jul 31 18:22:04.352: L2TP tnl 08060:________: local ip set to<br>203.111.114.28<br>...<br>Jul 31 18:22:04.352: L2TP tnl 08060:00003A1E: local ip set to<br>203.111.114.29<br><br>Then this:<br><br>Jul 31 18:22:11.348: L2TP _____:________: I StopCCN, flg TLS,<br>ver 2, len 75<br>...<br>Jul 31 18:22:11.352: L2TP _____:________: "203.111.114.28<br>is unreachable"<br>....<br>Jul 31 18:22:11.352: L2TP tnl 08060:00003A1E: Shutting down tunnel<br>Jul 31 18:22:11.352: L2TP tnl 08060:00003A1E: Result Code<br>Jul 31 18:22:11.352: L2TP tnl 08060:00003A1E: General error -<br>refer to error code<br>Jul 31 18:22:11.352: L2TP tnl 08060:00003A1E: Error Code<br>Jul 31 18:22:11.352: L2TP tnl 08060:00003A1E: Vendor specific<br>Jul 31 18:22:11.352: L2TP tnl 08060:00003A1E: Vendor Error<br>Jul 31 18:22:11.352: L2TP tnl 08060:00003A1E: Tunnel shut<br>Jul 31 18:22:11.352: L2TP tnl 08060:00003A1E: Optional Message<br>Jul 31 18:22:11.352: L2TP tnl 08060:00003A1E: "203.111.114.28 is<br>unreachable"<br><br>Have you got a mismatch between you "source-ip" on the VPDN group and actual<br>interface IP?<br><br>Cheers,<br>James.<br>_______________________________________________<br>cisco-bba mailing list<br><a href="mailto:cisco-bba@puck.nether.net">cisco-bba@puck.nether.net</a><br><a href="https://puck.nether.net/mailman/listinfo/cisco-bba" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-bba</a><br>_______________________________________________<br>cisco-bba mailing list<br><a href="mailto:cisco-bba@puck.nether.net">cisco-bba@puck.nether.net</a><br><a href="https://puck.nether.net/mailman/listinfo/cisco-bba" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-bba</a><o:p></o:p></span></p></div></div></blockquote></div><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p></div></div></div></body></html>