[nsp] L2tp into VRF

Steven Godfrey steven.godfrey@intechnology.co.uk
Mon, 2 Sep 2002 13:00:20 +0100 

Hi,
I'm facing a problem terminating an L2TP tunnel in a vrf.

The end user connection I can push in to a vrf no problem but I actually want the L2TP tunnel to terminate in a vrf.

The Tunnel source is a 3rd party and I want to control this access in a vrf. As the remote users connect they are pushed in to the
relevant VRF via a RADIUS attribute.

If I move the interface that the tunnel arrives on in to a VRF the router responds with the correct address from the VRF but then
looks in the Global routing table to route the reply to the tunnel set up.

Has anyone resolved this issue in the past?

I have copied some of the debug below..


(PPP Enduser)---(3rd Party)---L2TP---(My LNS)

The config looks like this:

ip vrf 3rd-Party
 rd 9090:12
 route-target export 9090:12
 route-target import 9090:12
!
ip vrf DYNAMIC-VRF
 rd 1:42
 route-target export 11:11
 route-target import 22:22
!
vpdn-group INTECH
 accept-dialin
  protocol l2tp
  virtual-template 1
 terminate-from hostname LAC
 local name LNS
 source-ip 10.12.13.15
!
interface Loopback45
 ip vrf forwarding 3rd-Party
 ip address 10.12.13.15 255.255.255.255
!
interface FastEthernet0/0
 ip vrf forwarding 3rd-Party
 ip address 12.12.12.6 255.255.255.252
 speed auto
 full-duplex
 no cdp enable
!
interface Virtual-Template1
 ip unnumbered Loopback0
 ip broadcast-address 0.0.0.0
 no peer default ip address
 ppp authentication chap
 ppp chap hostname LNS


The packet debugging:
*Mar 12 23:04:00.332: IP: s=10.12.13.15 (local), d=10.12.13.14, len 178, cef process switched
*Mar 12 23:04:00.332: IP: s=10.12.13.15 (local), d=10.12.13.14, len 178, unroutable
*Mar 12 23:04:06.356: IP: s=10.12.13.15 (local), d=10.12.13.14, len 178, cef process switched
*Mar 12 23:04:06.356: IP: s=10.12.13.15 (local), d=10.12.13.14, len 178, unroutable

VPDN Debugging:
*Mar 12 22:59:51.092:   Tnl34012 L2TP: New tunnel created for remote LAC, address 10.12.13.14
*Mar 12 22:59:51.092:   Tnl34012 L2TP: O SCCRP  to LAC tnlid 61367
*Mar 12 22:59:51.092:   Tnl34012 L2TP: Control channel retransmit delay set to 1 seconds
*Mar 12 22:59:51.092:   Tnl34012 L2TP: Tunnel state change from idle to wait-ctl-reply
*Mar 12 22:59:52.088: L2TP: I SCCRQ from LAC tnl 61367
*Mar 12 22:59:52.088:   Tnl34012 L2TP: Tunnel exists, must be a duplicate SCCRQ
*Mar 12 22:59:52.092:   Tnl34012 L2TP: O Resend SCCRP, flg TLS, ver 2, len 150, tnl 61367, cl 0, ns 0, nr 1
*Mar 12 22:59:52.092:   Tnl34012 L2TP: Control channel retransmit delay set to 2 seconds
*Mar 12 22:59:54.088: L2TP: I SCCRQ from LAC tnl 61367
*Mar 12 22:59:54.088:   Tnl34012 L2TP: Tunnel exists, must be a duplicate SCCRQ
*Mar 12 22:59:54.092:   Tnl34012 L2TP: O Resend SCCRP, flg TLS, ver 2, len 150, tnl 61367, cl 0, ns 0, nr 1
*Mar 12 22:59:54.092:   Tnl34012 L2TP: Control channel retransmit delay set to 4 secondsL2X: Result code(2): 2: General error -
refer to error code
*Mar 12 22:59:58.088:      Error code(6): Vendor specific
*Mar 12 22:59:58.088:      Optional msg: Too many retransmits
*Mar 12 22:59:58.088:   Tnl34012 L2TP: Shutdown tunnel
*Mar 12 22:59:58.088:   Tnl34012 L2TP: Tunnel state change from wait-ctl-reply to idle
*Mar 12 23:00:00.116: L2TP: I SCCRQ from LAC tnl 14130
*Mar 12 23:00:00.116:   Tnl18265 L2TP: Got a challenge in SCCRQ, LAC

etc etc..

thanks in advance..

Regards,

Steven Godfrey


_____________________________________________________________________
This message has been checked for all known viruses by the 
CitC Virus Scanning Service powered by SkyLabs. For further information visit
http://www.citc.it