I have a strange issue on a Cisco ASR920. I'm setting up a simple L2TP tunnel from a cheap CPE to the ASR920. The ASR920 has a connection to a radius server to authenticate the user as it comes in over the L2TP tunnel.
The L2TP tunnel connects and the user connects fine, I see the radius connection and the ASR920 builds the virtual-template.
If I check the routing table I can see circuit as a connected route and if I check the CEF table I also see it attached. It has the correct IP issues by the radius server.
Finally if I try to ping the IP of the virtual-interface from the ASR920 then it pings fine.
So all looks great...however. If I try to ping the IP from outside of the ASR920 then it doesn't route it to the virtual interface.
In fact if I try to ping it from outside the ASR920 I get a TTL expired as the packet get's to the ASR920 and then it hits it's default-route sending the packet back out the same WAN interface the packet came in on and round and round it goes.
For some very odd reason if a packet destined to the virtual-circuit comes in from outside the ASR it doesn't seem to use the routing-table or CEF table to route it to the virtual-interface despite it being present on both?
Now I've used the same setup on a few different Cisco ISR's and it works fine on all of them. I've also now tried three different IOS versions on the ASR920 to try and resolve the issue as it does seem like a bug.
My next step is to open a TAC case but I just wanted to see if anyone has seen a similar issue before I do so.
Thanks
No comments:
Post a Comment