[Config] How to setup Cisco router as an L2TP/PPTP "client"?

Author	All Replies
sagsag @bezeqint.net	[Config] How to setup Cisco router as an L2TP/PPTP "client"? Hi, I'm trying to set up a Cisco 1812 to connect to an Internet over cables service. The way we have it here is we need to create a PPTP or L2TP connection to the ISP's LNS. I've made several tries to get that to work, but to no avail, perhaps I'm missing something? If anyone is willing to share a similar working configuration I'd be very grateful. I will post here my current configuration. My configuration is a little more complex than my question above, because I'm actually trying to setup dual-WAN links. The first link, the one I'm having problems with, should use credentials from Dialer0 and connect with L2TP or PPTP through FastEthernet0. The second link is actually working well. It is a simple PPPoE connection, using credentials from Dialer1, connecting through FastEthernet1. Many thanks in advance!
	to forum · permalink · 2006-12-26 23:20:12 ·
sagsag @bezeqint.net	My current configuration: ! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname moooo ! boot-start-marker boot-end-marker ! security authentication failure rate 3 log security passwords min-length 6 logging buffered 51200 debugging logging console critical ! no aaa new-model ! resource policy ! clock timezone PCTime 0 no ip source-route ! ! ip cef ! ! ip tcp synwait-time 10 no ip bootp server ip domain name moo. ip name-server 192.168.0.241 ip name-server 192.168.0.240 ip ssh time-out 60 ip ssh authentication-retries 2 vpdn enable ! vpdn-group 1 request-dialin protocol l2tp initiate-to ip 172.26.255.245 ! ! ! ! ! ! bridge irb ! ! ! interface FastEthernet0 description $FW_OUTSIDE$$ETH-WAN$ ip address 172.26.255.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow duplex auto speed auto ! interface FastEthernet1 description $ETH-WAN$ ip address 10.0.0.140 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip virtual-reassembly ip route-cache flow duplex auto speed auto pppoe enable pppoe-client dial-pool-number 2 ! interface BRI0 no ip address no ip redirects no ip unreachables no ip proxy-arp encapsulation hdlc ip route-cache flow shutdown ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 ! interface FastEthernet5 ! interface FastEthernet6 ! interface FastEthernet7 ! interface FastEthernet8 switchport access vlan 10 ! interface FastEthernet9 switchport access vlan 10 ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$FW_INSIDE$ no ip address bridge-group 1 ! interface Vlan10 no ip address bridge-group 10 ! interface Dialer0 ip address negotiated ip mtu 1452 encapsulation ppp dialer pool 1 dialer idle-timeout 0 dialer persistent dialer vpdn dialer-group 1 no cdp enable ppp authentication chap pap callin ppp chap hostname lalalala ppp chap password 7 lililili ppp pap sent-username lalalala password 7 lililili ! interface Dialer1 ip address negotiated ip mtu 1452 encapsulation ppp dialer pool 2 dialer idle-timeout 0 dialer persistent dialer-group 2 no cdp enable ppp authentication chap pap callin ppp chap hostname lolololo ppp chap password 7 lililili ppp pap sent-username lolololo password 7 lililili ! interface BVI1 description Internal$ES_LAN$$FW_INSIDE$ ip address 192.168.0.230 255.255.255.0 ip access-group 102 in ip virtual-reassembly ip tcp adjust-mss 1412 ! interface BVI10 description DMZ+Wireless$FW_DMZ$ ip address 192.168.10.254 255.255.255.0 ip access-group 103 in ip helper-address 192.168.0.241 ip virtual-reassembly ip tcp adjust-mss 1412 ! ip forward-protocol udp bootpc ip route 0.0.0.0 0.0.0.0 Dialer1 10 ip route 172.26.255.245 255.255.255.255 FastEthernet0 permanent ! ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source list 3 interface Dialer1 overload ip nat inside source static tcp 192.168.0.10 231 interface Dialer1 231 ip nat inside source static udp 192.168.0.10 231 interface Dialer1 231 ! logging trap debugging access-list 1 remark INSIDE_IF=BVI1,BVI10 access-list 1 remark SDM_ACL Category=2 access-list 1 permit 192.168.0.0 0.0.0.255 access-list 1 permit 192.168.10.0 0.0.0.255 access-list 2 remark SDM_ACL Category=2 access-list 2 permit 192.168.0.0 0.0.0.255 access-list 3 remark SDM_ACL Category=2 access-list 3 permit 192.168.0.0 0.0.0.255 access-list 3 permit 192.168.10.0 0.0.0.255 access-list 102 remark Filter for packets incoming from VLAN 1 access-list 102 remark SDM_ACL Category=1 access-list 102 permit ip host 192.168.0.241 any access-list 102 deny ip host 255.255.255.255 any access-list 102 deny ip 127.0.0.0 0.255.255.255 any access-list 102 permit ip any any access-list 103 remark Filter for packets incoming from VLAN 10 access-list 103 remark SDM_ACL Category=1 access-list 103 remark PPTP TCP port access-list 103 permit tcp any host 192.168.0.241 eq 1723 access-list 103 remark PPTP GRE access-list 103 permit gre any host 192.168.0.241 access-list 103 permit icmp any any echo-reply access-list 103 permit icmp any any time-exceeded access-list 103 permit icmp any any unreachable access-list 103 permit udp any any eq bootps access-list 103 permit udp any any eq bootpc access-list 103 deny ip 10.0.0.0 0.255.255.255 any access-list 103 deny ip 172.16.0.0 0.15.255.255 any access-list 103 deny ip 192.168.0.0 0.0.255.255 any access-list 103 deny ip 127.0.0.0 0.255.255.255 any access-list 103 deny ip host 255.255.255.255 any access-list 103 deny ip host 0.0.0.0 any access-list 103 permit ip any any access-list 104 remark auto generated by SDM firewall configuration access-list 104 remark SDM_ACL Category=1 access-list 104 remark PPTP TCP port access-list 104 permit tcp any host 192.168.0.241 eq 1723 access-list 104 remark PPTP GRE access-list 104 permit gre any host 192.168.0.241 access-list 104 permit icmp any any echo-reply access-list 104 permit icmp any any time-exceeded access-list 104 permit icmp any any unreachable access-list 104 deny ip 10.0.0.0 0.255.255.255 any access-list 104 deny ip 172.16.0.0 0.15.255.255 any access-list 104 deny ip 192.168.0.0 0.0.255.255 any access-list 104 deny ip 127.0.0.0 0.255.255.255 any access-list 104 deny ip host 255.255.255.255 any access-list 104 deny ip host 0.0.0.0 any access-list 104 deny ip any any log dialer-list 1 protocol ip permit dialer-list 2 protocol ip permit no cdp run ! ! ! ! ! ! control-plane ! bridge 1 protocol ieee bridge 1 route ip bridge 10 protocol ieee bridge 10 route ip banner login CAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user! ! line con 0 login local transport output telnet line aux 0 login local transport output telnet line vty 0 4 privilege level 15 login local transport input telnet ssh line vty 5 15 privilege level 15 login local transport input telnet ssh ! scheduler allocate 4000 1000 scheduler interval 500 ! webvpn context Default_context ssl authenticate verify all ! no inservice ! end
	to forum · permalink · 2006-12-26 23:22:52 ·

TomS_ Git-r-done Premium,MVM join:2002-07-19 London, UK kudos:4 2 edits	reply to sagsag Re: [Config] How to setup Cisco router as an L2TP/PPTP "client"? This can be done with L2TP Client-Initiated Tunneling (not PPTP as far as I am aware), but requires pseudowires in order to accomplish it. See »www.cisco.com/en/US/products/sw/···592.html for information related to this configuration. Since you have an 1812 running IOS 12.4 I'd say you have a good chance at accomplishing this, but you'll need either Advanced IP or Advanced Enterprise Services.
	to forum · permalink · 2006-12-29 08:56:47 ·
sagsag @bezeqint.net	Hi Tom, Thanks for your reply. I've actually ran into this solution about a day after I've posted here, and I understood this is what I had to implement in the first place. I've had so far only a little time to test this configuration, which is still not working for me, but at least now I can see dialup attempts in the debug logging, whereas before there was nothing. So perhaps I missed something, I still have to look into it. Thanks again.
	to forum · permalink · 2007-01-01 03:48:12 ·
sagsag @bezeqint.net	Well, I've checked it again last night, and I really did miss something small in the configuration. I've used "ppp authentication ... optional callin", whereas I should have used "ppp authentication ... callin". The configuration guide I've followed to setup my router supersets the 12.3 IOS "L2TP Client-Initiated Tunneling" guide, which you've graciously provided. The guide is a generic Client-Initiated Dial-In VPDN Tunneling for the 12.4T IOS, and is available here: »www.cisco.com/en/US/products/ps6···b6d.html I have another question. Dialer interfaces can be configured to be persistent, but the persistent setting cannot be applied to a virtual-ppp interface. Does anybody know how can I make a Virtual-PPP interface persistent? Thanks.
	to forum · permalink · 2007-01-02 06:54:31 ·

Equipment Support > Hardware By Brand > Cisco > [Config] How to setup Cisco router as an L2TP/PPTP "client"?

My current configuration:

Re: [Config] How to setup Cisco router as an L2TP/PPTP "client"?