Каждые 10 минут рвется VPN (cisco 7505)
Добавлено: 07 июл 2009, 14:05
Ситуация такая. Пользователи подключаются по pptp, туннели терминируются на cisco 7505. Вот конфиг:
У пользователей каждые 10 минут рвется соединение. Т.е. висят пользователи:
Так вот у x1 туннель не рвется, и 2-х других дисконнект каждые 10 минут. Если посмотреть на виртуальные интерфейсы то:
- Код: Выделить всё
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime localtime
service password-encryption
service single-slot-reload-enable
!
hostname pptp
!
boot-start-marker
boot-end-marker
!
no logging rate-limit
enable secret 5 xxxxxx
!
username admin privilege 15 password 7 xxxxx
username bill privilege 8 password 7 xxxxxx
clock timezone YEKT 6
aaa new-model
!
!
aaa authentication login default local
aaa authentication ppp default group radius
aaa authorization exec default if-authenticated
aaa authorization network default group radius
aaa accounting update periodic 10
aaa accounting network default start-stop group radius
aaa session-id common
ip subnet-zero
no ip rcmd domain-lookup
ip rcmd rsh-enable
ip rcmd remote-host bill 10.10.1.10 bill enable
!
!
ip name-server 101.10.10.53
!
ip cef
vpdn enable
vpdn session-limit 1
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 10.10.1.1 255.255.255.255
no ip route-cache
!
interface FastEthernet3/0/0
no ip address
no ip route-cache
full-duplex
!
!
interface FastEthernet3/0/0.10
description -=vlan pptp=-
encapsulation dot1Q 10
ip address 192.168.0.1 255.255.255.0
ip access-group 100 in
no ip route-cache
!
interface FastEthernet3/1/0
ip address 10.2.0.1 255.255.255.128 secondary
ip address 10.3.0.1 255.255.255.128 secondary
ip address 10.1.0.1 255.255.255.0
no ip route-cache
full-duplex
!
interface Virtual-Template1
ip unnumbered Loopback0
ip access-group 105 in
ip tcp header-compression
ip mroute-cache
timeout absolute 1440 0
no peer default ip address
ppp authentication ms-chap-v2 chap
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.0.1
no ip http server
!
!
access-list 1 permit 10.10.1.10
access-list 100 permit gre 192.168.0.0 0.0.0.255 host 192.168.0.1
access-list 100 permit tcp 192.168.0.0 0.0.0.255 host 192.168.0.1 eq 1723
access-list 100 permit icmp 192.168.0.0 0.0.0.255 host 192.168.0.1
access-list 100 deny ip any any
access-list 105 permit ip any host 10.10.1.10 any
access-list 105 dynamic test1 permit ip any any
access-list 106 permit ip any host 10.10.1.10
access-list 106 dynamic test2 permit ip any any
!
!
radius-server host 10.10.1.10 auth-port 1812 acct-port 1813
radius-server timeout 10
radius-server key 7 xxxxxxxx
!
!
!
privilege exec level 8 access-enable
privilege exec level 8 access-template
privilege exec level 8 access-profile
privilege exec level 8 clear access-template
privilege exec level 8 clear
!
line con 0
line aux 0
line vty 0 4
access-class 1 in
transport input telnet
!
!
!
end
У пользователей каждые 10 минут рвется соединение. Т.е. висят пользователи:
- Код: Выделить всё
#sh vpdn session
%No active L2TP tunnels
%No active L2F tunnels
PPTP Session Information Total tunnels 3 sessions 3
LocID RemID TunID Intf Username State Last Chg Uniq ID
21 0 21 Vi4 x1 estabd 00:12:41 20
24 2355 24 Vi6 x2 estabd 00:02:05 23
25 32768 25 Vi5 x3 estabd 00:01:50 24
Так вот у x1 туннель не рвется, и 2-х других дисконнект каждые 10 минут. Если посмотреть на виртуальные интерфейсы то:
- Код: Выделить всё
sh int Vi6
Virtual-Access6 is up, line protocol is up
Hardware is Virtual Access interface
Interface is unnumbered. Using address of Loopback0 (10.10.1.1)
MTU 1500 bytes, BW 100000 Kbit, DLY 100000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Open: IPCP
PPPoVPDN vaccess, cloned from Virtual-Template1
Vaccess status 0x44
Protocol pptp, tunnel id 24, session id 24, loopback not set
DTR is pulsed for 5 seconds on reset
[b]Time to interface disconnect: absolute 23:53:47[/b]
Last input 00:00:08, output never, output hang never
Last clearing of "show interface" counters 00:15:25
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
57 packets input, 3272 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
59 packets output, 2602 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions