[c-nsp] Routing within a L2TP session using VPDNs
Kristofer Sigurdsson
kristosig at gmail.com
Fri Feb 10 13:03:19 EST 2006
Hi Alex,
I'm not sure I'm following - a LAC doesn't assign IP addresses to it's clients,
nor is it a "router" per se, it just forwards sessions to the LNS, which is the
next IP hop to the client (the LAC should not be a L3 hop away from the LNS).
2006/2/10, Alex Foster <afoster at gammatelecom.com>:
> Hi Kristo
>
> Thanks for this - Im not planning on using radius to authenticate the
> tunnel setup. In our situation the client network will already have an
> address (the LAC is a Telindus 1221 ADSL box that is shipped out to the
> customer - pre-configured). The client network sits on the back of the
> same box. The ADSL part of the connection is authenticated through
> Radius but not the L2 tunnel. Once the l2 tunnel is established - I
> need to be able to route the client network from the LNS - at the moment
> the only way I've been able to do this is by configuring static routes
> that point to the tunnel IP address on the LAC.
>
> When using a VPN Concentrator you can specify the remote networks in a
> network-list that acts as a route statement (for LAN-to-LAN sessions),
> Im wondering if there is a similar command in IOS - or rather hoping
> there is.
>
> Regards
>
> Alex
>
>
> =-----Original Message-----
> From: Kristofer Sigurdsson [mailto:kristosig at gmail.com]
> Sent: 10 February 2006 12:27
> To: Alex Foster
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Routing within a L2TP session using VPDNs
>
> We are doing a very similar thing, but we don't have to route to a LAC
> address on the LNS,
> our routes are to the client address (assigned by the LNS, from a
> RADIUS server).
>
> We do the routes dynamically via the use of the Framed-Route RADIUS
> attribute.
>
> -Kristo
>
> 2006/2/10, Alex Foster <afoster at gammatelecom.com>:
> > I am trying to set up a number of L2TP sessions to a 3620 using VPDNs.
> The
> > LAC is non cisco product - but works well and I have the tunnels
> established
> > and working. What Im not sure about is how to route to the client
> network
> > on the back of the LAC. Diagram:
> >
> > Client Network------LAC--------LNS-------ISP
> >
> > Its a basic config on the 3620 using the default VPDN group and a
> > virtual-template.
> >
> > At the moment the only way I can route to the client network (from the
> ISP
> > network) is to configure a static route on the LNS (to the client
> network)
> > via the tunnel address on the LAC (this address is assigned by the
> LAC). I
> > need to scale this network beyond a few thousand users (3620 is only a
> test
> > box at the moment) so adding static routes to each client network isnt
> > ideal - Im also not keen on using routing protocols. Any help would
> be
> > appreciated.
> >
> > ...
> >
> > vpdn-enable
> > !
> > vpdn-group Access
> > ! Default L2TP VPDN group
> > accept-dialin
> > protocol l2tp
> > virtual-template 1
> > no l2tp tunnel authentication
> > source-ip 192.168.10.1
> > !
> > !
> > interface loopback 0
> > ip address 192.168.254.254 255.255.255.255
> > !
> > interface FastEthernet1/0
> > ip address 192.168.10.1 255.255.255.252
> > !
> > interface FastEthernet1/1
> > ip address 10.50.32.180 255.255.255.0
> > !
> > interface Virtual-Template1
> > ip unnumbered Loopback0
> > !
> > ip route 0.0.0.0 0.0.0.0 192.168.10.2
> >
> >
> >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
>
>
> This message has been scanned for viruses by MailController -
> www.MailController.altohiway.com
>
>
> The information in this e-mail and any attachments is confidential and may be subject to legal professional privilege. It is intended solely for the attention and use of the named addressee(s). If you are not the intended recipient, or person responsible for delivering this information to the intended recipient, please notify the sender immediately. Unless you are the intended recipient or his/her representative you are prohibited from, and therefore must not, read, copy, distribute, use or retain this message or any part of it. The views expressed in this e-mail may not represent those of Gamma Telecom.
>
> This message has been scanned for viruses by MailController
>
More information about the cisco-nsp
mailing list