[cisco-bba] L2TP on dynamic IP
asturluismi at gmail.com
Wed Jan 26 05:26:37 EST 2011
I have running L2TP between Android mobiles and Cisco routers for remote
access in the team.
L2TP configuration is based on Virtual-template, so a connected route is
configured for every L2TP session.
In other to provide a fixed IP address to each account the config is...
! definition of the user & passwd
username YYYY privilege 0 password 7 XXXXXXX
! Previous user must use an attribute list
username YYYY aaa attribute list YYYY
! attribute list with the fixed IP assigned over L2TP
aaa attribute list YYYY
attribute type addr 10.54.1.1
ip local pool pool-l2tp 10.54.1.1 10.54.1.254
The rest of the config is a normal L2TP config so far.
Hope this helps :D
El 20/01/11 16:42, John Fitzgerald escribió:
> Hi Arie,
> I definitely would like to define a fixed IP to the customer, but on
> the WAN side the CPE is configured by a third party provider (an
> access provider).
> So in fact, I can’t get my hands on the CPE. So the idea was to place
> an L2TP Client behind the CPE (on LAN side) which makes the connection
> outbound to my Router. My router terminates the L2TP Tunnel.
> When my router recognizes the L2TP Connect, my router provides an IP
> address statically of my pool to the client’s interface.
> Furthermore, my router will insert a somewhat static route to the
> client in his routing table, so the customer will be reachable through
> this IP. In detail, the customer L2TP Server has 2 NICs, one points to
> the CPE and has masked IP Adresses (e.g. 192.168.X.X) and the other
> one should route the ofically routed net, my router is sending (like
> With this tunnel, I would be able to tunnel other data packets to the
> client as well as speak bgp to the client though still use my IP space.
> At last, the customers computers would be reachable through the L2TP
> tunnel and the IP addresses would be from my nets.
> The only trick is: The client as a access network from another
> provider and I can’t get hands on the configuration of his CPE.
> Furthermore, the external IP address of the customer might change from
> day to day.
> For reliability, I would prefer fiber, of course. But the next fiber
> is approx. 2 miles away and digging is approx. 40k EUROS (!).
> So, I am looking for a solution to provide BGP redundancy to smaller
> customers (e.g. 50 Users) even at locations, where I can not do what I
> want. This would make it possible for customers with provider
> independent address space to have bgp with 2 neigbors (e.g. one is
> thier standard ISP with a fast line (100Mbps), one is the backup ISP
> (e.g. 20 Mbps via G.SHDSL …).
> *From:*arievayner at gmail.com [mailto:arievayner at gmail.com] *On Behalf
> Of *Arie Vayner
> *Sent:* Wednesday, January 19, 2011 8:58 PM
> *To:* John Fitzgerald
> *Cc:* cisco-bba at puck.nether.net
> *Subject:* Re: [cisco-bba] L2TP on dynamic IP
> What would most likely be a better solution for both solutions is to
> assign the customer a fixed IP allocated from RADIUS when they connect
> over L2TP (I assume PPP...)
> This will allow you to have a static BGP session with the statically
> allocated IP address.
> Another option is to look at the BGP dynamic neighbors feature:
> For IPSec there are quite a few solutions for IPSec sessions with
> dynamic peers.
> I think this could be a good starting point:
> On Wed, Jan 19, 2011 at 8:23 PM, John Fitzgerald
> <john.fitzgerald at internet.de <mailto:john.fitzgerald at internet.de>> wrote:
> I've got two design questions:
> 1. Is it possible to map a net via L2TP (IPv4 PI Space) to a client, which
> comes from a dynamic IP Address? E.g he has RIPE PI Space AAA.BBB.CCC.DDD
> and as he connects, routers will allow traffic to his network
> AAA.BBB.CCC.DDD and BGPv4 will recognize an will aloe route servers to be
> 2. Is it possible to have the IPSec with (1.)?
> cisco-bba mailing list
> cisco-bba at puck.nether.net <mailto:cisco-bba at puck.nether.net>
> cisco-bba mailing list
> cisco-bba at puck.nether.net
More information about the cisco-bba