Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

L2TPv3 through MX

LaurentUlmi
Conversationalist
‎Jan 27 2022 6:46 AM
‎Jan 27 2022 6:46 AM

L2TPv3 through MX

Hello

 

I need to establish an L2TP tunnel from a Cisco device connected on the LAN behind an MX firewall to another Cisco device on the Internet.

The public IP of the peer can be reached from the LAN (ping is ok from the LAN interface of the MX or from the core switch).

When I run a capture from the MX, I can see the following continuously :

No. Time Source Destination Protocol Length Info
34 63.916202 10.128.2.55 1xx.xxx.xxx.xx4 L2TPv3 233 Control Message - SCCRQ (tunnel id=0)
35 64.915625 10.128.2.55 1xx.xxx.xxx.xx4 L2TPv3 233 Control Message - SCCRQ (tunnel id=0)
36 66.915588 10.128.2.55 1xx.xxx.xxx.xx4 L2TPv3 233 Control Message - SCCRQ (tunnel id=0)
37 69.999936 Cisco_49:02:e6 Cisco_49:02:e6 LOOP 64 Reply
38 70.915855 10.128.2.55 1xx.xxx.xxx.xx4 L2TPv3 129 Control Message - StopCCN (tunnel id=0)

The tunnel is never established.

I have no specific ACL on the MX or the core.

Do you have any idea where to look at ? I 've no specific log.

Could it be related to the L2TP configuration ?

 

If I connect the Cisco device directly on a DSL line, the L2TP tunnel is established immediatly.

 

Thanks

Regards

Labels:
0 Kudos
Subscribe
5 Replies 5
Aztec_Ninja
Getting noticed
‎Jan 27 2022 10:29 AM
‎Jan 27 2022 10:29 AM

You can find logs here >

 

Network-wide >  Monitor > Event Log >  Filter by All-Non Meraki VPN /Client VPN

0 Kudos
Subscribe
In response to Aztec_Ninja
LaurentUlmi
Conversationalist
‎Jan 27 2022 11:23 PM
‎Jan 27 2022 11:23 PM

Thanks for your reply.

When I said I had no log, I meant I can find logs related to any error in the Event logs.

 

Regards

0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 27 2022 12:21 PM
‎Jan 27 2022 12:21 PM

I don't think you'll get L2TP working through a NAT device.  You'd need to use something like L2TP over IPSec (note you could use the NULL encryption "cipher").

 

When it was working on the DSL device - did the DSL router have the public IP on it so there was no NAT?

0 Kudos
Subscribe
In response to PhilipDAth
MLG
New here
‎Jan 27 2022 11:24 PM
‎Jan 27 2022 11:24 PM

I confirm when it was working on the DSL device, the DSL router have the public IP ; so it performs NAT translation.

0 Kudos
Subscribe
In response to PhilipDAth
LaurentUlmi
Conversationalist
‎Jan 27 2022 11:32 PM
‎Jan 27 2022 11:32 PM

Thanks for your message.

We will try to connect the router directly on one available LAN port of the firewall to be as if we were behind the DSL box (e.g by bypassing the core switch).

Laurent

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.