[c-nsp] Virtual-Access Interfacse doesn't forward traffic

[Marco Eulenfeld]

Hi,

i have a very strange problem with a Virtual-Access Interface, which
is used for a dial-backup. If the CPE is connected to the LNS, ICMP
traffic is forwarded, but if i try to ssh/ telnet to the router, nothing
is send to the CPE. If i put an ACL on the Virtual-Template, which
explict allows the telnet traffic to the IP, it works ....

With this ACL attached to the VT, it works:

Extended IP access list gna
    10 permit ip any host $hostip log
    20 permit ip any any

This one doesn't:

Extended IP access list any
    10 permit ip any $iprange 0.0.0.255 (2 matches)
    20 permit ip any any

Extended IP access list any2
    10 permit tcp any any (3 matches)
    20 permit udp any any (23 matches)
    30 permit ip any any (2 matches)

The counters are increasing, but an ACL on the CPE shows, that no
telnet/ ssh traffic is coming inbound on the dialer interface. ICMP
works tho :(

Has someone seen this before?

Regards,

Marco

##################

Some config parts:

Version 12.3(11)T3 (72xx) on the LNS 

interface Virtual-Template5
 ip unnumbered Loopback1
 no ip redirects
 no ip proxy-arp
 ip mtu 1448
 ip tcp adjust-mss 1402
 ppp authentication chap callin

interface Loopback7030
ip vrf forwarding customer 
 ip address 1.1.1.1 255.255.255.255

interface Virtual-Access26
 ip vrf forwarding customer 
 ip unnumbered Loopback7030
 no ip redirects
 no ip proxy-arp
 ip mtu 1448
 ip tcp adjust-mss 1402