ASA 5505 config ppp / lcp timeout / nailed up connection

hi ng,

i'm loosing the ppp / lcp connection every so often, the ASA 5505 providing me with following console messages:

%ASA-3-403503:PPPoE:PPP link down: %ASA-3-403503:PPPoE:PPP link down:Peer Terminated %ASA-3-403503:PPPoE:PPP link down: %ASA-3-403503:PPPoE:PPP link down:LCP down

My Hardware Config: ISP ---> Zyxel ME623 (Bridged-Mode) ---> Cisco ASA 5505

The DSL Signal to and from the ISP to my Bridged-Mode Router was checked, and is ok, this by the ISP and my Device. Rebooting the Bridged-Mode Router in this case the Zyxel ME623 helps... for around 10 minutes until the ASA or my Provider disconnects.

used debugs:

debug ppp auth debug ppp ccp debug ppp fsm debug ppp ipcp debug ppp lcp debug ppp mppe debug ppp neg debug pppoe error debug pppoe event debug pppoe packet

debug of the intense command: # debug ppp int (I/O interface events) tells me following:

# PPP No response to 4 echo-requests # PPP link appears to be disconnected.

how do i change the ppp timeout parameters? since i guess i timeout every so often, either the timing bedween the LCP oder the PPP is wrong. I'm not sure but, i think if i could config my ASA to ignore PPP Packets totaly after connecting it would workout, not timing out.. since i'm a lucky DSL client with a nailed-up connection using a static IP address.

The other thing discovered is that i get a PADT message of my Provider containing a Code of 0xA7 as following.

#PPPoE: Ver:1 Type:1 Code:A7=PADT Sess:4868 Len:0

According to the RFC 2516, describing PPPoE:

========= RFC 2516 snip =========

Control connection teardown The PPPoE Active Discovery Terminate (PADT) packet may be sent any time after a session is established to indicate that a PPPoE session has been terminated. It may be sent by either the host or the Access Concentrator. The DESTINATION_ADDR field is a unicast Ethernet address, the CODE field is set to 0xa7 and the SESSION_ID must be set to indicate which session is to be terminated. No tags are required. When a PADT is received, no further PPP traffic is allowed to be sent using that session. Even normal PPP termination packets must not be sent after sending or receiving a PADT. A PPP peer should use the PPP protocol itself to bring down a PPPoE session, but the PADT may be used when PPP cannot be used.

========= RFC 2516 snip =========

I guess my Provider is disconnecting me according to the RFC? But does this happend because of my ASA misses the PPP packets? Timing then out, not responding to LCPs, finaly gets PADT close session from my provider? gets in a loop to reconnect while sending out PADI Packets, which then are not answered, because the DSLAM Hardware of my ISP still has the session going on for my timed out session? so i have to restart my Bridged-Mode Router, in order to restart the session on the ISP side? so that my ASA then can connect again, waiting until 4 PPP Packets are lost, and then the it loops again, me restarting the Bridge-Mode Router.

ATTACHED debugs / configs:

#1: successfull connecting #2: loosing the connection #3: endlessly recurring padi timer expired messages: #4: relevant config snips

Guys, i'm realy sorry for those huuuge outputs... Help needed!! thank you

colin

==============DEBUG of Successfull PPP login BEG=============== ciscoasa# ciscoasa# ciscoasa# ciscoasa# PPPoE: send_padi:(Snd) Dest:ffff.ffff.ffff Src:1001.1111.1112 Type:0x8863=PPPoE-Discovery PPPoE: Ver:1 Type:1 Code:09=PADI Sess:0 Len:12 PPPoE: Type:0101:SVCNAME-Service Name Len:0 PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4 PPPoE: 00000001 PPPoE: padi timer expired

PPP virtual access open, ifc = 2

PPP ccp init: dev=1 LCP Option: MAGIC_NUMBER, len: 6, data: 421dc130 PPPoE: padi timer expired

PPPoE: PPPoE:(Rcv) Dest:1001.1111.1112 Src:0090.1a41.45bc Type:0x8863=PPPoE-Discovery PPPoE: Ver:1 Type:1 Code:07=PADO Sess:0 Len:54 PPPoE: Type:0102:ACNAME-AC Name Len:18 LCP Option: Max_Rcv_Units, len: 4, data: 05d4 LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22305 LCP Option: MAGIC_NUMBER, len: 6, data: 38e01764

PPP lcp reqci: returning CONFACK.LCP Option: Max_Rcv_Units, len: 4, data:

05d4 LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22305 LCP Option: MAGIC_NUMBER, len: 6, data: 38e01764 LCP Option: MAGIC_NUMBER, len: 6, data: 421dc130

PPP ipcp lowerup: fsm=0x1b2d848, dev=1, state=0

PPP ccp lowerup: fsm=0x1b2d728, dev=1, state=0 PPPoE: ipc-bsg620-r-br-02

PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4 PPPoE: 00000001 PPPoE: Type:0101:SVCNAME-Service Name Len:0 PPPoE: Type:0104:ACCOOKIE-AC Cookie Len:16 PPPoE: 7DE12668 PPPoE: 838F5F2A PPPoE: EFCD3A0B LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22305 LCP Option: MAGIC_NUMBER, len: 6, data: d5825725

PPP ipcp lowerdn: fsm=0x1b2d848, dev=1, state=2

PPP ipcp close: fsm=0x1b2d848, dev=1, state=0

PPP ccp lowerdn: fsm=0x1b2d728, dev=1, state=2

PPP ccp close: fsm=0x1b2d728, dev=1, state=0 LCP Option: MAGIC_NUMBER, len: 6, data: 52a811a9

PPP lcp reqci: returning CONFACK.LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22305 LCP Option: MAGIC_NUMBER, len: 6, data: d5825725 LCP Option: MAGIC_NUMBER, len: 6, data: 52a811a9

PPP ipcp lowerup: fsm=0x1b2d848, dev=1, state=0

PPP ccp lowerup: fsm=0x1b2d728, dev=1, state=0 PPPoE: D7B36545

PPP ipcp open: fsm=0x1b2d848, dev=1, state=2 IPCP Option: Config IP, IP = 212.101.X.Y IPCP Option: Config DNS Server1, IP = 0.0.0.0 IPCP Option: Config DNS Server2, IP = 0.0.0.0 IPCP Option: Config WINS Server1, IP = 0.0.0.0 IPCP Option: Config WINS Server2, IP = 0.0.0.0

PPP ccp open: fsm=0x1b2d728, dev=1, state=2

PPP ccp resetci: fsm=0x1b2d728, dev=1, state=2

PPP ipcp input: fsm=0x1b2d848, dev=1, state=6, in_len:38, data:0101000a0306d46501c800000000000000000000000000000000000000000000000000000000 IPCP Option: Config IP, IP = 212.101.1.200

PPP ipcp reqci: fsm=0x1b2d848, dev=1, state=6, datalen=6, data:0306d46501c8

PPP ipcp: returning Configure-ACKIPCP Option: Config IP, IP = 212.101.1.200

PPP ipcp input: fsm=0x1b2d848, dev=1, state=8, in_len:38, data:0301001c8106d46504fd8306d465000a8206d46504fd8406d465000a00000000000000000000 IPCP Option: Config DNS Server1, IP = 212.101.4.253 IPCP Option: Config DNS Server2, IP = 212.101.0.10 IPCP Option: Config WINS Server1, IP = 212.101.4.253 IPCP Option: Config WINS Server2, IP = 212.101.0.10

PPP ipcp nakci: fsm=0x1b2d848, dev=1, state=8 IPCP Option: Config IP, IP = 212.101.X.Y PPPoE:

PPP ipcp input: fsm=0x1b2d848, dev=1, state=8, in_len:38, data:0302000a8106d46504fd00000000000000000000000000000000000000000000000000000000 IPCP Option: Config DNS Server1, IP = 212.101.4.253

PPP ipcp nakci: fsm=0x1b2d848, dev=1, state=8 IPCP Option: Config IP, IP = 212.101.X.Y PPPoE: PADO

PPP ipcp input: fsm=0x1b2d848, dev=1, state=8, in_len:38, data:0203000a0306d46513e900000000000000000000000000000000000000000000000000000000 IPCP Option: Config IP, IP = 212.101.X.Y PPP ipcp ackci: fsm=0x1b2d848, dev=1, state=8

PPP ipcp up: fsm=0x1b2d848, dev=1, state=9 PPPoE: send_padr:(Snd) Dest:0090.1a41.45bc Src:1001.1111.1112 Type:0x8863=PPPoE-Discovery PPPoE: Ver:1 Type:1 Code:19=PADR Sess:0 Len:54 PPPoE: Type:0102:ACNAME-AC Name Len:18 PPPoE: ipc-bsg620-r-br-02

PPPoE: PPPoE:(Rcv) Dest:1001.1111.1112 Src:0090.1a41.45bc Type:0x8863=PPPoE-Discovery PPPoE: Ver:1 Type:1 Code:65=PADS Sess:4868 Len:54 PPPoE: Type:0101:SVCNAME-Service Name Len:0 PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4 PPPoE: 00000001 PPPoE: Type:0102:ACNAME-AC Name Len:18 PPPoE: ipc-bsg620-r-br-02

PPPoE: Type:0104:ACCOOKIE-AC Cookie Len:16 PPPoE: 7DE12668 PPPoE: 838F5F2A PPPoE: EFCD3A0B PPPoE: D7B36545 PPPoE:

PPPoE: PADS

PPPoE: IN PADS from PPPoE tunnel

PPPoE: Opening PPP link and starting negotiations.

==============DEBUG of Successfull PPP login END===============

==============DEBUG of Failing PPP connection BEG===============

PPP va close, device = 1

PPP ipcp lowerdn: fsm=0x1b2d848, dev=1, state=9

PPP ipcp down: fsm=0x1b2d848, dev=1, state=9

PPP ipcp close: fsm=0x1b2d848, dev=1, state=1

PPP ccp lowerdn: fsm=0x1b2d728, dev=1, state=3

PPP ccp close: fsm=0x1b2d728, dev=1, state=1 PPPoE: PPPoE:(Rcv) Dest:1001.1111.1112 Src:0090.1a41.45bc Type:0x8863=PPPoE-Discovery PPPoE: Ver:1 Type:1 Code:A7=PADT Sess:4868 Len:0 PPPoE: PADT

PPPoE: Shutting down client session

PPPoE: send_padi:(Snd) Dest:ffff.ffff.ffff Src:1001.1111.1112 Type:0x8863=PPPoE-Discovery PPPoE: Ver:1 Type:1 Code:09=PADI Sess:0 Len:12 PPPoE: Type:0101:SVCNAME-Service Name Len:0 PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4 PPPoE: 00000001 PPPoE: send_padi:(Snd) Dest:ffff.ffff.ffff Src:1001.1111.1112 Type:0x8863=PPPoE-Discovery PPPoE: Ver:1 Type:1 Code:09=PADI Sess:0 Len:12 PPPoE: Type:0101:SVCNAME-Service Name Len:0 PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4 PPPoE: 00000001 PPPoE: padi timer expired

==============DEBUG of Failing PPP connection END===============

===DEBUG of endless Messages, never reconnecting again, until rebooting the DSL-Modem in front of the ASA==BEG====

===DEBUG of endless Messages, never reconnecting again, until rebooting the DSL-Modem in front of the ASA==END====

======= ASA Config snips BEG==================

interface Ethernet0/0 description OUTSIDE PPPoE switchport access vlan 2

interface Vlan2 mac-address 1001.1111.1112 nameif outside security-level 0 pppoe client vpdn group XXXX.ch ip address 212.101.XX.YY 255.255.255.255 pppoe setroute

vpdn group XXXX.ch request dialout pppoe vpdn group XXXX.ch localname snipped-for-privacy@XXXX.ch vpdn group XXXX.ch ppp authentication chap vpdn username XXXX password ********* vpdn username snipped-for-privacy@XXXXX.ch password *********

mtu outside 1492

======= ASA Config snips END==================

ASA 5505 config ppp / lcp timeout / nailed up connection - preventing disconnect