[cisco-bba] Getting clients' l2tp tunnel in vrf to create a pptp tunnel not working

justice obrey justopee at yahoo.com
Wed Dec 19 13:32:33 EST 2007


I have a setup where client devices terminate on a C7301 using the IOS version c7301-jk9s-mz.124-16.bin. A Radius server is used to put the customers in different VRFs using the various Cisco-AVPair attributes.
  Initially, clients' devices (Wireless Mobile IP clients) establish  l2tp tunnels to the LNS (which we control but not the LAC) and these l2tp tunnels are put in a vrf. Because  the Mobile IP foreign agent FA (out of our control)  acts as the default route for this client devices, routing seems not to be working. We therefore decided to use the initially created l2tp tunnel put in a vrf, to create a PPTP tunnel to the same C7301 LNS server so we could easily do routing but this seems not to be working if we put the PPTP server IP address in the l2tp vrf though the client devices can ping the PPTP server IP address (172.20.10.1 ).
   
  1 Does anyone knows a better approach to solve the routing problem with the L2TP tunnels through the Mobile IP foreign agent (FA) acting as default route of the Client Deices instead of our LNS acting as the default route since we are using radius attributes to Frame IP addresses for these clients' devices.
   
  2. Can someone help me know why the pptp tunneling is not working? It works if the Interface with the pptp server IP Address is taken out of the L2TP VRF and the L2TP tunnel is also popped out of the VRF. I prefer the L2TP tuunel to remain in the VRF and still be able to create a PPTP tunnel.
   
  Thanks o everybody in this forum who will share ideas with me on these issues.
   
  The VRF and VPDN sections of the C7301 confiuration is shown below:
   
   
  MYLNS#sh runn               
  Building configuration...
   
  Current configuration : 10828 bytes
  !
  version 12.4
  service tcp-keepalives-in
  service tcp-keepalives-out
  service timestamps debug datetime msec localtime show-timezone
  service timestamps log datetime msec localtime show-timezone
  service password-encryption
  service sequence-numbers
  !
  hostname MYLNS
  !
  boot-start-marker
  boot system disk0:c7301-jk9s-mz.124-16.bin
  boot-end-marker
  !
  !
  !
  !
  aaa new-model
  !
  !
  aaa group server radius RADIUS
   server 192.168.64.36 auth-port 1812 acct-port 1813
   server 192.168.64.37 auth-port 1812 acct-port 1813
   server 192.168.64.68 auth-port 1812 acct-port 1813
   server 192.168.64.69 auth-port 1812 acct-port 1813
  !
  aaa authentication login default group RADIUS local
  aaa authentication ppp default group RADIUS
  aaa authorization console
  aaa authorization config-commands
  aaa authorization network default group RADIUS 
  aaa accounting update periodic 30
  aaa accounting network default start-stop broadcast group RADIUS
  !
  aaa session-id common
  no ip source-route
  !
  !
  ip cef
  no ip domain lookup
  ip domain name synetosiz.net
  !
  !
  ip vrf l2tp_vrf
   description VRF for L2TP
   rd 65033:4001
  !
  ip vrf pptp_vrf
   description pptpvrf
   rd 65033:4002
  !
  ip vrf vrf_inet_public_pool
   description VRF vrf_inet_public_pool
   rd 65033:3000
  !         
  ip vrf vrf_qa
   description VRF for QA
   rd 65033:2000
  !
  no ip bootp server
  vpdn enable
  vpdn source-ip 10.197.47.201
  vpdn aaa attribute nas-ip-address vpdn-nas
  vpdn tunnel authorization network default
  vpdn logging
  vpdn logging tunnel-drop
  vpdn history failure table-size 50
  vpdn search-order domain  
  !
  vpdn-group DEFAULT
   accept-dialin
    protocol l2tp
    virtual-template 1
   source-ip 10.197.47.201
   l2tp tunnel password 7 13305311082F40091F307B7721
  !
  vpdn-group USCC-PPTP
   accept-dialin
    protocol pptp
    virtual-template 2
   source-ip 172.20.10.1         
  !
  !
  interface Loopback0
   description Default Loopback for Mgmt
   ip address 10.167.203.1 255.255.255.255
  !         
  interface Loopback1
   description L2TP Termination Loopback IP
   ip address 10.197.47.201 255.255.255.255
  !
  interface Loopback4000
   description PPTP Server for USCC Cards using Initial L2TP
   ip vrf forwarding l2tp_vrf
   ip address 172.20.10.1 255.255.255.255
  !
  interface Loopback4001
   description L2TP loopback for private  
   ip vrf forwarding l2tp_vrf_qa_network
   ip address 172.20.1.1 255.255.255.240
   
  !
  interface GigabitEthernet0/0
   no ip address
   duplex auto
   speed auto
   media-type rj45
   no negotiation auto
  !
  interface GigabitEthernet0/1
   no ip address
   duplex auto
   speed auto
   media-type rj45
   no negotiation auto
  !
  interface Virtual-Template1
   ip unnumbered Loopback1
   ip mask-reply
   no ip unreachables
   ip route-cache policy
   no keepalive
   ppp authentication chap pap
  !
  interface Virtual-Template2
   ip unnumbered Loopback4000
   ip mask-reply
   no ip unreachables
   ip route-cache policy
   no keepalive
   ppp authentication chap pap
  !
  ! 
    !
  !
  !


       
---------------------------------
Looking for last minute shopping deals?  Find them fast with Yahoo! Search.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://puck.nether.net/pipermail/cisco-bba/attachments/20071219/774ae15f/attachment-0001.html 


More information about the cisco-bba mailing list