ASA 5505 config ppp / lcp timeout / nailed up connection - preventing disconnect

Discussion in 'Cisco' started by colin, Mar 8, 2009.

  1. colin

    colin Guest

    hi ng,

    i'm loosing the ppp / lcp connection every so often, the ASA 5505 providing
    me with following console messages:

    %ASA-3-403503:pPPoE:pPP link down:
    %ASA-3-403503:pPPoE:pPP link down:peer Terminated
    %ASA-3-403503:pPPoE:pPP link down:
    %ASA-3-403503:pPPoE:pPP link down:LCP down

    My Hardware Config:
    ISP ---> Zyxel ME623 (Bridged-Mode) ---> Cisco ASA 5505

    The DSL Signal to and from the ISP to my Bridged-Mode Router was checked,
    and is ok, this by the ISP and my Device.
    Rebooting the Bridged-Mode Router in this case the Zyxel ME623 helps... for
    around 10 minutes until the ASA or my Provider disconnects.

    used debugs:

    debug ppp auth
    debug ppp ccp
    debug ppp fsm
    debug ppp ipcp
    debug ppp lcp
    debug ppp mppe
    debug ppp neg
    debug pppoe error
    debug pppoe event
    debug pppoe packet

    debug of the intense command: # debug ppp int (I/O interface events)
    tells me following:

    # PPP No response to 4 echo-requests
    # PPP link appears to be disconnected.

    how do i change the ppp timeout parameters? since i guess i timeout every so
    often, either the timing bedween the LCP oder the PPP is wrong.
    I'm not sure but, i think if i could config my ASA to ignore PPP Packets
    totaly after connecting it would workout, not timing out.. since i'm a lucky
    DSL client with a nailed-up connection using a static IP address.

    The other thing discovered is that i get a PADT message of my Provider
    containing a Code of 0xA7 as following.

    #PPPoE: Ver:1 Type:1 Code:A7=PADT Sess:4868 Len:0

    According to the RFC 2516, describing PPPoE:

    ========= RFC 2516 snip =========

    Control connection teardown
    The PPPoE Active Discovery Terminate (PADT) packet may be sent any time
    after a session is established to indicate that a PPPoE session has been
    terminated. It may be sent by either the host or the Access Concentrator.
    The DESTINATION_ADDR field is a unicast Ethernet address, the CODE field is
    set to 0xa7 and the SESSION_ID must be set to indicate which session is to
    be terminated. No tags are required. When a PADT is received, no further PPP
    traffic is allowed to be sent using that session. Even normal PPP
    termination packets must not be sent after sending or receiving a PADT. A
    PPP peer should use the PPP protocol itself to bring down a PPPoE session,
    but the PADT may be used when PPP cannot be used.

    ========= RFC 2516 snip =========


    I guess my Provider is disconnecting me according to the RFC?
    But does this happend because of my ASA misses the PPP packets?
    Timing then out, not responding to LCPs, finaly gets PADT close session from
    my provider? gets in a loop to reconnect while sending out PADI Packets,
    which then are not answered, because the DSLAM Hardware of my ISP still has
    the session going on for my timed out session? so i have to restart my
    Bridged-Mode Router,
    in order to restart the session on the ISP side? so that my ASA then can
    connect again, waiting until 4 PPP Packets are lost, and then the it loops
    again, me restarting the Bridge-Mode Router.


    ATTACHED debugs / configs:

    #1: successfull connecting
    #2: loosing the connection
    #3: endlessly recurring padi timer expired messages:
    #4: relevant config snips

    Guys, i'm realy sorry for those huuuge outputs...
    Help needed!! thank you

    colin






    ==============DEBUG of Successfull PPP login BEG===============
    ciscoasa#
    ciscoasa#
    ciscoasa#
    ciscoasa# PPPoE: send_padi:(Snd) Dest:ffff.ffff.ffff Src:1001.1111.1112
    Type:0x8863=PPPoE-Discovery
    PPPoE: Ver:1 Type:1 Code:09=PADI Sess:0 Len:12
    PPPoE: Type:0101:SVCNAME-Service Name Len:0
    PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4
    PPPoE: 00000001
    PPPoE: padi timer expired

    PPPoE: send_padi:(Snd) Dest:ffff.ffff.ffff Src:1001.1111.1112
    Type:0x8863=PPPoE-Discovery
    PPPoE: Ver:1 Type:1 Code:09=PADI Sess:0 Len:12
    PPPoE: Type:0101:SVCNAME-Service Name Len:0
    PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4
    PPPoE: 00000001

    PPP virtual access open, ifc = 2

    PPP ccp init: dev=1
    LCP Option: MAGIC_NUMBER, len: 6, data: 421dc130
    PPPoE: padi timer expired

    PPPoE: PPPoE:(Rcv) Dest:1001.1111.1112 Src:0090.1a41.45bc
    Type:0x8863=PPPoE-Discovery
    PPPoE: Ver:1 Type:1 Code:07=PADO Sess:0 Len:54
    PPPoE: Type:0102:ACNAME-AC Name Len:18
    LCP Option: Max_Rcv_Units, len: 4, data: 05d4
    LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22305
    LCP Option: MAGIC_NUMBER, len: 6, data: 38e01764

    PPP lcp reqci: returning CONFACK.LCP Option: Max_Rcv_Units, len: 4, data:
    05d4
    LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22305
    LCP Option: MAGIC_NUMBER, len: 6, data: 38e01764
    LCP Option: MAGIC_NUMBER, len: 6, data: 421dc130

    PPP ipcp lowerup: fsm=0x1b2d848, dev=1, state=0

    PPP ccp lowerup: fsm=0x1b2d728, dev=1, state=0
    PPPoE: ipc-bsg620-r-br-02

    PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4
    PPPoE: 00000001
    PPPoE: Type:0101:SVCNAME-Service Name Len:0
    PPPoE: Type:0104:ACCOOKIE-AC Cookie Len:16
    PPPoE: 7DE12668
    PPPoE: 838F5F2A
    PPPoE: EFCD3A0B
    LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22305
    LCP Option: MAGIC_NUMBER, len: 6, data: d5825725

    PPP ipcp lowerdn: fsm=0x1b2d848, dev=1, state=2

    PPP ipcp close: fsm=0x1b2d848, dev=1, state=0

    PPP ccp lowerdn: fsm=0x1b2d728, dev=1, state=2

    PPP ccp close: fsm=0x1b2d728, dev=1, state=0
    LCP Option: MAGIC_NUMBER, len: 6, data: 52a811a9

    PPP lcp reqci: returning CONFACK.LCP Option: AUTHENTICATION_TYPES, len: 5,
    data: c22305
    LCP Option: MAGIC_NUMBER, len: 6, data: d5825725
    LCP Option: MAGIC_NUMBER, len: 6, data: 52a811a9

    PPP ipcp lowerup: fsm=0x1b2d848, dev=1, state=0

    PPP ccp lowerup: fsm=0x1b2d728, dev=1, state=0
    PPPoE: D7B36545

    PPP ipcp open: fsm=0x1b2d848, dev=1, state=2
    IPCP Option: Config IP, IP = 212.101.X.Y
    IPCP Option: Config DNS Server1, IP = 0.0.0.0
    IPCP Option: Config DNS Server2, IP = 0.0.0.0
    IPCP Option: Config WINS Server1, IP = 0.0.0.0
    IPCP Option: Config WINS Server2, IP = 0.0.0.0

    PPP ccp open: fsm=0x1b2d728, dev=1, state=2

    PPP ccp resetci: fsm=0x1b2d728, dev=1, state=2

    PPP ipcp input: fsm=0x1b2d848, dev=1, state=6, in_len:38,
    data:0101000a0306d46501c800000000000000000000000000000000000000000000000000000000
    IPCP Option: Config IP, IP = 212.101.1.200

    PPP ipcp reqci: fsm=0x1b2d848, dev=1, state=6, datalen=6, data:0306d46501c8

    PPP ipcp: returning Configure-ACKIPCP Option: Config IP, IP = 212.101.1.200

    PPP ipcp input: fsm=0x1b2d848, dev=1, state=8, in_len:38,
    data:0301001c8106d46504fd8306d465000a8206d46504fd8406d465000a00000000000000000000
    IPCP Option: Config DNS Server1, IP = 212.101.4.253
    IPCP Option: Config DNS Server2, IP = 212.101.0.10
    IPCP Option: Config WINS Server1, IP = 212.101.4.253
    IPCP Option: Config WINS Server2, IP = 212.101.0.10

    PPP ipcp nakci: fsm=0x1b2d848, dev=1, state=8
    IPCP Option: Config IP, IP = 212.101.X.Y
    PPPoE:


    PPP ipcp input: fsm=0x1b2d848, dev=1, state=8, in_len:38,
    data:0302000a8106d46504fd00000000000000000000000000000000000000000000000000000000
    IPCP Option: Config DNS Server1, IP = 212.101.4.253

    PPP ipcp nakci: fsm=0x1b2d848, dev=1, state=8
    IPCP Option: Config IP, IP = 212.101.X.Y
    PPPoE: PADO


    PPP ipcp input: fsm=0x1b2d848, dev=1, state=8, in_len:38,
    data:0203000a0306d46513e900000000000000000000000000000000000000000000000000000000
    IPCP Option: Config IP, IP = 212.101.X.Y
    PPP ipcp ackci: fsm=0x1b2d848, dev=1, state=8

    PPP ipcp up: fsm=0x1b2d848, dev=1, state=9
    PPPoE: send_padr:(Snd) Dest:0090.1a41.45bc Src:1001.1111.1112
    Type:0x8863=PPPoE-Discovery
    PPPoE: Ver:1 Type:1 Code:19=PADR Sess:0 Len:54
    PPPoE: Type:0102:ACNAME-AC Name Len:18
    PPPoE: ipc-bsg620-r-br-02

    PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4
    PPPoE: 00000001
    PPPoE: Type:0101:SVCNAME-Service Name Len:0
    PPPoE: Type:0104:ACCOOKIE-AC Cookie Len:16
    PPPoE: 7DE12668
    PPPoE: 838F5F2A
    PPPoE: EFCD3A0B
    PPPoE: D7B36545
    PPPoE:

    PPPoE: PPPoE:(Rcv) Dest:1001.1111.1112 Src:0090.1a41.45bc
    Type:0x8863=PPPoE-Discovery
    PPPoE: Ver:1 Type:1 Code:65=PADS Sess:4868 Len:54
    PPPoE: Type:0101:SVCNAME-Service Name Len:0
    PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4
    PPPoE: 00000001
    PPPoE: Type:0102:ACNAME-AC Name Len:18
    PPPoE: ipc-bsg620-r-br-02

    PPPoE: Type:0104:ACCOOKIE-AC Cookie Len:16
    PPPoE: 7DE12668
    PPPoE: 838F5F2A
    PPPoE: EFCD3A0B
    PPPoE: D7B36545
    PPPoE:

    PPPoE: PADS

    PPPoE: IN PADS from PPPoE tunnel

    PPPoE: Opening PPP link and starting negotiations.

    ==============DEBUG of Successfull PPP login END===============



    ==============DEBUG of Failing PPP connection BEG===============

    PPP va close, device = 1

    PPP ipcp lowerdn: fsm=0x1b2d848, dev=1, state=9

    PPP ipcp down: fsm=0x1b2d848, dev=1, state=9

    PPP ipcp close: fsm=0x1b2d848, dev=1, state=1

    PPP ccp lowerdn: fsm=0x1b2d728, dev=1, state=3

    PPP ccp close: fsm=0x1b2d728, dev=1, state=1
    PPPoE: PPPoE:(Rcv) Dest:1001.1111.1112 Src:0090.1a41.45bc
    Type:0x8863=PPPoE-Discovery
    PPPoE: Ver:1 Type:1 Code:A7=PADT Sess:4868 Len:0
    PPPoE: PADT

    PPPoE: Shutting down client session

    PPPoE: send_padi:(Snd) Dest:ffff.ffff.ffff Src:1001.1111.1112
    Type:0x8863=PPPoE-Discovery
    PPPoE: Ver:1 Type:1 Code:09=PADI Sess:0 Len:12
    PPPoE: Type:0101:SVCNAME-Service Name Len:0
    PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4
    PPPoE: 00000001
    PPPoE: send_padi:(Snd) Dest:ffff.ffff.ffff Src:1001.1111.1112
    Type:0x8863=PPPoE-Discovery
    PPPoE: Ver:1 Type:1 Code:09=PADI Sess:0 Len:12
    PPPoE: Type:0101:SVCNAME-Service Name Len:0
    PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4
    PPPoE: 00000001
    PPPoE: padi timer expired

    ==============DEBUG of Failing PPP connection END===============





    ===DEBUG of endless Messages, never reconnecting again, until rebooting the
    DSL-Modem in front of the ASA==BEG====

    PPPoE: send_padi:(Snd) Dest:ffff.ffff.ffff Src:1001.1111.1112
    Type:0x8863=PPPoE-Discovery
    PPPoE: Ver:1 Type:1 Code:09=PADI Sess:0 Len:12
    PPPoE: Type:0101:SVCNAME-Service Name Len:0
    PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4
    PPPoE: 00000001
    PPPoE: padi timer expired

    PPPoE: send_padi:(Snd) Dest:ffff.ffff.ffff Src:1001.1111.1112
    Type:0x8863=PPPoE-Discovery
    PPPoE: Ver:1 Type:1 Code:09=PADI Sess:0 Len:12
    PPPoE: Type:0101:SVCNAME-Service Name Len:0
    PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4
    PPPoE: 00000001
    PPPoE: padi timer expired


    ===DEBUG of endless Messages, never reconnecting again, until rebooting the
    DSL-Modem in front of the ASA==END====



    ======= ASA Config snips BEG==================

    interface Ethernet0/0
    description OUTSIDE PPPoE
    switchport access vlan 2

    interface Vlan2
    mac-address 1001.1111.1112
    nameif outside
    security-level 0
    pppoe client vpdn group XXXX.ch
    ip address 212.101.XX.YY 255.255.255.255 pppoe setroute

    vpdn group XXXX.ch request dialout pppoe
    vpdn group XXXX.ch localname
    vpdn group XXXX.ch ppp authentication chap
    vpdn username XXXX password *********
    vpdn username password *********

    mtu outside 1492

    ======= ASA Config snips END==================
    colin, Mar 8, 2009
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. John Hardin
    Replies:
    1
    Views:
    486
    John Hardin
    Nov 10, 2004
  2. Replies:
    1
    Views:
    3,295
  3. Mike

    Cisco ASA 5505 VPN timeout?

    Mike, Jul 27, 2007, in forum: Cisco
    Replies:
    0
    Views:
    820
  4. colin
    Replies:
    1
    Views:
    4,630
    colin
    Feb 27, 2009
  5. Dogg Child

    Re: ASA 5505 behind ASA 5505

    Dogg Child, Jun 7, 2010, in forum: Cisco
    Replies:
    0
    Views:
    576
    Dogg Child
    Jun 7, 2010
Loading...

Share This Page