rich5312
asked on
PPPoE failure - Cisco ASA 5506X
A few time now using a Cisco ASA5506X to dial out with PPPoE has failed and haven't managed ot get to the bottom of it. I know PPPoE works on the line because I can hook my laptop directly using a ADSL/VDSL modem, use the right details and I get connected.
Running a debug on the ASA and I get the following, I have asked the ISP what Optino 19 is referring to but if anyone has any other thoughts on what may be the issue or where to start looking I would be grateful.
Debug messages:
LCP Option: END_POINT_DISCOVERY, len: 20, data: 01434d52542d373230312d5742
LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22305
LCP Option: MAGIC_NUMBER, len: 6, data: 7851ae9d
LCP Option: END_POINT_DISCOVERY, len: 20, data: 01434352542d373230312d5742
PPP lcp reqci: rcvd unknown option 19
PPP lcp reqci: returning CONFREJ.
LCP Option: END_POINT_DISCOVERY, len: 20, data: 01434d52542d373230312d5742
LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22305
LCP Option: MAGIC_NUMBER, len: 6, data: 7851ae9d
LCP Option: END_POINT_DISCOVERY, len: 20, data: 01434352542d373230312d5742
PPP lcp reqci: rcvd unknown option 19
PPP lcp reqci: returning CONFREJ.
LCP Option: END_POINT_DISCOVERY, len: 20, data: 01434d52542d373230312d5742
LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22305
LCP Option: MAGIC_NUMBER, len: 6, data: 7851ae9d
LCP Option: END_POINT_DISCOVERY, len: 20, data: 01434352542d373230312d5742
PPP lcp reqci: rcvd unknown option 19
PPP lcp reqci: returning CONFREJ.
LCP Option: END_POINT_DISCOVERY, len: 20, data: 01434d52542d373230312d5742
LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22305
LCP Option: MAGIC_NUMBER, len: 6, data: 7851ae9d
LCP Option: END_POINT_DISCOVERY, len: 20, data: 01434352542d373230312d5742
PPP lcp reqci: rcvd unknown option 19
PPP lcp reqci: returning CONFREJ.
LCP Option: END_POINT_DISCOVERY, len: 20, data: 01434d52542d373230312d5742
PPP va close, device = 1
Cisco ASA config:
interface GigabitEthernet1/1
nameif outside
security-level 0
pppoe client vpdn group pppoe
ip address pppoe setroute
!
vpdn group pppoe request dialout pppoe
vpdn group pppoe localname example@123.com
vpdn group pppoe ppp authentication chap
vpdn username example@123.com password *****
The MTU has been altered to 1492, 1482, 1436 and also tried PAP, & MSCHAP. Also configured the IP statically but still no joy.
Many thanks,
Richard
Running a debug on the ASA and I get the following, I have asked the ISP what Optino 19 is referring to but if anyone has any other thoughts on what may be the issue or where to start looking I would be grateful.
Debug messages:
LCP Option: END_POINT_DISCOVERY, len: 20, data: 01434d52542d373230312d5742
LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22305
LCP Option: MAGIC_NUMBER, len: 6, data: 7851ae9d
LCP Option: END_POINT_DISCOVERY, len: 20, data: 01434352542d373230312d5742
PPP lcp reqci: rcvd unknown option 19
PPP lcp reqci: returning CONFREJ.
LCP Option: END_POINT_DISCOVERY, len: 20, data: 01434d52542d373230312d5742
LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22305
LCP Option: MAGIC_NUMBER, len: 6, data: 7851ae9d
LCP Option: END_POINT_DISCOVERY, len: 20, data: 01434352542d373230312d5742
PPP lcp reqci: rcvd unknown option 19
PPP lcp reqci: returning CONFREJ.
LCP Option: END_POINT_DISCOVERY, len: 20, data: 01434d52542d373230312d5742
LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22305
LCP Option: MAGIC_NUMBER, len: 6, data: 7851ae9d
LCP Option: END_POINT_DISCOVERY, len: 20, data: 01434352542d373230312d5742
PPP lcp reqci: rcvd unknown option 19
PPP lcp reqci: returning CONFREJ.
LCP Option: END_POINT_DISCOVERY, len: 20, data: 01434d52542d373230312d5742
LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22305
LCP Option: MAGIC_NUMBER, len: 6, data: 7851ae9d
LCP Option: END_POINT_DISCOVERY, len: 20, data: 01434352542d373230312d5742
PPP lcp reqci: rcvd unknown option 19
PPP lcp reqci: returning CONFREJ.
LCP Option: END_POINT_DISCOVERY, len: 20, data: 01434d52542d373230312d5742
PPP va close, device = 1
Cisco ASA config:
interface GigabitEthernet1/1
nameif outside
security-level 0
pppoe client vpdn group pppoe
ip address pppoe setroute
!
vpdn group pppoe request dialout pppoe
vpdn group pppoe localname example@123.com
vpdn group pppoe ppp authentication chap
vpdn username example@123.com password *****
The MTU has been altered to 1492, 1482, 1436 and also tried PAP, & MSCHAP. Also configured the IP statically but still no joy.
Many thanks,
Richard
ASKER
ISP have come back to say they aren't even using Option 19 so even more confused. Gonna try downgrading the IOS to one I know has worked in the past but on a different ISP.
You should leave the MTU at 1500 on the PPPoE side
A packet capture on the PPPoE interface might show you more than the PPPoE debug.
Not sure if the 5506 supports it , but on IOS you coudl set teh MTU on the Ethenet interface to 1508, and then use "pppoe-client ppp-max-payload 1500" to get an MTU of 1500 over the link, if of course the far end supports RFC 4638
A packet capture on the PPPoE interface might show you more than the PPPoE debug.
Not sure if the 5506 supports it , but on IOS you coudl set teh MTU on the Ethenet interface to 1508, and then use "pppoe-client ppp-max-payload 1500" to get an MTU of 1500 over the link, if of course the far end supports RFC 4638
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
I'm not sure if that is causing the issue though. It appears that your ASA doesn't support it, but in that case I would expect the option to simply be ignored.