[cisco-bba] Cisco 877 with L2TP to ISP Help
Timmy
metalice at gmail.com
Mon Sep 30 07:13:33 EDT 2013
Hi Guys
I need some help with my config, it was working without the L2TP
setting, if I change my default route to the virtual-ppp1 I can still
ping to the outside but cannot browse at all, everything times out.
my config:
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname adsl-r1
!
boot-start-marker
boot-end-marker
!
logging buffered 4096
enable secret 5 $1$EJyC$nAeDSSphBi96PbN4eXhkA1
!
aaa new-model
!
!
aaa authentication ppp default local
!
!
aaa session-id common
!
!
dot11 syslog
ip cef
!
!
ip name-server 208.67.222.222
ip name-server 208.67.220.220
!
l2tp-class 1234
hidden
authentication
hello 10
password 7 XXX
!
!
vpdn enable
!
vpdn-group CLIENT-VPN
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
!
!
username user privilege 15 password 7 XXX
!
!
crypto isakmp policy 1
authentication pre-share
group 2
crypto isakmp key 6 XXX address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set TRANSFORM esp-3des esp-sha-hmac
!
crypto map VPN 1 ipsec-isakmp
set peer XXX dynamic
set transform-set TRANSFORM
match address 101
reverse-route
crypto map VPN 2 ipsec-isakmp
set peer XXX dynamic
set transform-set TRANSFORM
match address 103
reverse-route
!
archive
log config
hidekeys
!
!
ip ssh port 3536 rotary 1
ip ssh version 2
pseudowire-class ISP
encapsulation l2tpv2
protocol l2tpv2 1234
ip local interface Dialer1
ip pmtu
!
!
!
!
interface Loopback1
ip address 10.5.5.6 255.255.255.255
!
interface Loopback2
ip address 10.5.5.7 255.255.255.255
!
interface Tunnel1
ip address 192.168.0.6 255.255.255.252
keepalive 10 3
tunnel source Loopback1
tunnel destination 10.5.5.5
tunnel path-mtu-discovery
crypto map VPN
!
interface Tunnel2
ip address 192.168.1.6 255.255.255.252
keepalive 10 3
tunnel source Loopback2
tunnel destination 10.5.5.4
tunnel path-mtu-discovery
!
interface ATM0
description DSL interface
no ip address
ip mask-reply
ip directed-broadcast
ip route-cache flow
no atm ilmi-keepalive
pvc 8/35
pppoe-client dial-pool-number 2
pppoe-client dial-pool-number 1
!
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Virtual-Template1
ip unnumbered Vlan1
ip nat inside
ip virtual-reassembly
peer default ip address pool defaultpool
keepalive 32767
ppp encrypt mppe auto required
ppp authentication ms-chap ms-chap-v2
!
interface Virtual-PPP1
description L2TP dialer to ISP
ip address negotiated
ip mtu 1452
ip tcp adjust-mss 1412
ip nat outside
ip virtual-reassembly
load-interval 30
no cdp enable
ppp pap sent-username XXX password 7 XXX
ppp ipcp dns request accept
pseudowire 196.30.121.50 1 pw-class ISP
!
interface Vlan1
description internal interface
ip address 172.21.138.65 255.255.0.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Dialer1
bandwidth 4096
ip ddns update hostname sct-george.getmyip.com
ip ddns update DynDNS host members.dyndns.org
ip address negotiated
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip mtu 1492
ip route-cache flow
dialer pool 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username XXX password 7 XXX
crypto map VPN
!
ip local pool defaultpool 172.21.138.50 172.21.138.60
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Virtual-PPP1
ip route 172.21.146.0 255.255.255.0 Tunnel1
ip route 172.21.147.0 255.255.255.0 Tunnel2
ip route 196.30.121.50 255.255.255.255 Dialer1
!
no ip http server
no ip http secure-server
ip nat inside source static tcp 172.21.128.10 21 interface Dialer1 21
ip nat inside source static tcp 172.21.128.10 25 interface Dialer1 25
ip nat inside source static tcp 172.21.128.10 110 interface Dialer1 110
ip nat inside source static tcp 172.21.128.10 119 interface Dialer1 119
ip nat inside source static tcp 172.21.128.10 389 interface Dialer1 389
ip nat inside source static tcp 172.21.128.10 443 interface Dialer1 443
ip nat inside source static tcp 172.21.128.30 5500 interface Dialer1 5500
ip nat inside source static tcp 172.21.128.30 5901 interface Dialer1 5901
ip nat inside source static tcp 172.21.138.1 1119 interface Dialer1 1119
ip nat inside source static tcp 172.21.138.1 1120 interface Dialer1 1120
ip nat inside source static tcp 172.21.138.1 3724 interface Dialer1 3724
ip nat inside source static tcp 172.21.138.1 4000 interface Dialer1 4000
ip nat inside source static tcp 172.21.138.1 6112 interface Dialer1 6112
ip nat inside source static tcp 172.21.138.1 6113 interface Dialer1 6113
ip nat inside source static tcp 172.21.138.1 6114 interface Dialer1 6114
ip nat inside source static tcp 172.21.138.1 6881 interface Dialer1 6881
ip nat inside source static tcp 172.21.138.1 6999 interface Dialer1 6999
ip nat inside source static tcp 172.21.128.30 5912 interface Dialer1 5912
ip nat inside source static tcp 172.21.128.50 80 interface Dialer1 80
ip nat inside source route-map SDM_RMAP_1 interface Dialer1 overload
!
ip access-list extended VPN_ACL
permit ip 172.21.138.0 0.0.0.255 172.21.146.0 0.0.0.255 log
!
access-list 1 permit 172.21.138.1
access-list 10 permit 172.21.138.16
access-list 101 permit gre host 10.5.5.6 host 10.5.5.5
access-list 103 permit gre host 10.5.5.7 host 10.5.5.4
access-list 123 deny ip 172.21.128.0 0.0.0.255 172.21.146.0 0.0.0.255
access-list 123 deny ip 172.21.138.0 0.0.0.255 172.21.146.0 0.0.0.255
access-list 123 deny ip 172.21.128.0 0.0.0.255 172.21.147.0 0.0.0.255
access-list 123 deny ip 172.21.138.0 0.0.0.255 172.21.147.0 0.0.0.255
access-list 123 permit ip 172.21.128.0 0.0.0.255 any
access-list 123 permit ip 172.21.138.0 0.0.0.255 any
snmp-server community public RO 10
!
!
route-map SDM_RMAP_1 permit 1
match ip address 123
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
password 7 1415131804477B7977
transport input ssh
!
scheduler max-task-time 5000
end
Can anyone please help me with this
More information about the cisco-bba
mailing list