Hey guys, Im working on getting a L2TPv3 tunnel up between my 887 at home and my dedicated server.
Im looking for Layer 2 connectivity over the network, I have this currently via a Softether Server on my network with a connection to the one on the dedicated server, but I want to move it to the 887 on my side.
The dedicated server has Softether running as a L2TPv3 host/server, all it needs to "authenticate" the L2TPv3 client is the Phase 1 ID of the L2TPv3 client. (currently it is set to allow any during testing)
Now I tried using these two sites to but the cisco site is for connecting to another cisco device and the softether's config is a little confusing.
»
www.cisco.com/c/en/us/su ··· -00.html»
www.google.com/url?sa=t& ··· &cad=rjaMy setup is like so:
FastEthernet0 is a VLAN Trunk for all (except 22) VLANs to the switch.
VLAN2 is my "LAN", NAT Inside
VLAN3 is my "WAN" DHCP from ISP NAT Outside (DSL interface is not used)
VLAN22 is gonna be the LAN bridge interface for my side, it will connect back to the switch via an access port that is untagged VLAN2.
interface FastEthernet3 will have "switchport access vlan 22"
So I tried this (from the cisco site) (Note encryption is not a priority , just trying to get them it to work at first.
(Note: 1.2.3.4, is replaced with the real IP in the config)
car1(config)#pseudowire-class atlvmhostbridge
car1(config-pw-class)#encapsulation l2tpv3
car1(config-pw-class)#protocol none
car1(config-pw-class)#ip local interface vlan3
car1(config-pw-class)#exit
car1(config)#interface vlan22
car1(config-if)#$xconnect 1.2.3.4 1 encapsulation l2tpv3 manual pw-class atlvmhostbridge
car1(config-if-xconn)#l2tp id 1 2
car1(config-if-xconn)#exit
car1(config-if)#exit
car1(config)#show l2tun tunnel all
%No active L2TP tunnels
car1#show l2tun
L2TP Tunnel and Session Information Total tunnels 0 sessions 1
LocID RemID TunID Username, Intf/ State Last Chg Uniq ID
Vcid, Circuit
1 2 n/a 1, Vl22:22 est 00:00:27 9
I also tried this.
(Note: 1.2.3.4, is replaced with the real IP in the config)
pseudowire-class atlvmhostbridge
encapsulation l2tpv3
ip local interface vlan3
exit
crypto isakmp policy 1
encryption aes 256
authentication pre-share
group 2
exit
crypto isakmp key vpn address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 10 2 periodic
crypto ipsec fragmentation after-encryption
crypto ipsec transform-set IPSEC esp-aes 256 esp-sha-hmac
mode transport
exit
crypto map MAP 1 ipsec-isakmp
set peer 1.2.3.4
set transform-set IPSEC
match address IPSEC_MATCH_RULE
exit
ip access-list extended IPSEC_MATCH_RULE
permit 115 any any
exit
interface vlan3
crypto map MAP
exit
interface vlan22
no cdp enable
xconnect 1.2.3.4 1 pw-class atlvmhostbridge
bridge-group 1
exit
Does anyone see anything wrong with either config that keep them from working, at least on this end?
I have never tried to setup a VPN on a Cisco before and i am as lost as a fart in a whirlwind.
Config before running anything above.
car1#show running
Building configuration...
Current configuration : 10444 bytes
!
! Last configuration change at 04:55:18 UTC Fri Nov 14 2014 by napsterbater
! NVRAM config last updated at 00:00:23 UTC Fri Nov 14 2014 by napsterbater
! NVRAM config last updated at 00:00:23 UTC Fri Nov 14 2014 by napsterbater
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname car1
!
boot-start-marker
boot system flash c880data-universalk9-mz.151-4.M8.bin
boot-end-marker
!
!
no logging buffered
!
no aaa new-model
!
memory-size iomem 10
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-54818165
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-54818165
revocation-check none
rsakeypair TP-self-signed-54818165
!
!
crypto pki certificate chain TP-self-signed-54818165
certificate self-signed 01
****************************************************
quit
no ip source-route
!
!
!
ip dhcp database flash:/dhcp-db
no ip dhcp conflict logging
ip dhcp excluded-address 10.0.1.1 10.0.1.19
ip dhcp excluded-address 10.0.1.231 10.0.1.254
ip dhcp excluded-address 10.0.2.1 10.0.2.19
ip dhcp excluded-address 10.0.2.231 10.0.2.254
ip dhcp ping timeout 250
!
ip dhcp pool MainLAN
network 10.0.1.0 255.255.255.0
domain-name napshome.local
default-router 10.0.1.3
dns-server 10.0.1.2 10.0.1.5
lease 31
!
ip dhcp pool GuestWLAN
network 10.0.2.0 255.255.255.0
domain-name guestWLAN.napshome.local
dns-server 10.0.2.1
default-router 10.0.2.1
lease 31
!
ip dhcp pool Xbox360
host 10.0.1.235 255.255.255.0
client-identifier **************************
lease 31
!
ip dhcp pool Bos
host 10.0.1.130 255.255.255.0
client-identifier **************************
lease 31
!
ip dhcp pool HP6500
host 10.0.1.230 255.255.255.0
client-identifier **************************
lease 31
!
!
ip cef
ip flow-cache timeout inactive 10
ip flow-cache timeout active 1
ip domain round-robin
ip domain retry 3
ip domain timeout 2
ip domain name napshome.local
ip name-server 10.0.1.2
ip name-server **************************
ipv6 unicast-routing
ipv6 cef
ipv6 dhcp database flash:/dhcpv6-db
ipv6 dhcp ping packets 2
ipv6 dhcp pool GuestWLANIPv6
address prefix **************************/64 lifetime 86400 3600
dns-server **************************
dns-server FEC0:0:0:FFFF::1
dns-server FEC0:0:0:FFFF::2
domain-name guestwifi.napshome.local
!
ipv6 dhcp pool MainLANIPv6
address prefix **************************/64 lifetime 86400 3600
dns-server **************************
dns-server **************************
domain-name napshome.local
!
!
!
multilink bundle-name authenticated
license udi pid CISCO887-SEC-K9 sn **************************
license boot module c880-data level advipservices
!
!
username ************************** privilege 15 password 0 **************************
!
!
!
!
no ip ftp passive
ip ssh version 2
!
!
!
!
!
!
!
!
!
interface Tunnel0
description HE IPv6 Tunnel
bandwidth 40000
no ip address
ipv6 address **************************/64
ipv6 enable
ipv6 traffic-filter ipv6tunnel-in in
ipv6 traffic-filter ipv6tunnel-out out
tunnel source Vlan3
tunnel mode ipv6ip
tunnel destination 216.66.22.2
tunnel bandwidth transmit 40000
tunnel bandwidth receive 40000
!
interface Tunnel1
description My Server IPv6 Tun
bandwidth 40000
no ip address
shutdown
ipv6 address **************************/64
ipv6 enable
ipv6 traffic-filter ipv6tunnel-in in
ipv6 traffic-filter ipv6tunnel-out out
tunnel source Vlan3
tunnel mode ipv6ip
tunnel destination **************************
tunnel bandwidth transmit 40000
tunnel bandwidth receive 40000
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
pvc 0/35
vbr-nrt 700 700
tx-ring-limit 2
service-policy out WANQOS
pppoe-client dial-pool-number 1
pppoe-client ppp-max-payload 1492
!
!
interface FastEthernet0
switchport trunk allowed vlan 1-21,23-4094
switchport mode trunk
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
switchport access vlan 22
no ip address
!
interface Vlan1
ip address 10.0.0.1 255.255.255.0
!
interface Vlan2
ip address 10.0.1.3 255.255.255.0
ip nat inside
ip virtual-reassembly in
ipv6 address **************************/64
ipv6 enable
ipv6 nd reachable-time 60000
ipv6 nd prefix **************************/64 86400 3600
ipv6 nd managed-config-flag
ipv6 nd advertisement-interval
ipv6 dhcp server MainLANIPv6 rapid-commit
!
interface Vlan3
ip address dhcp hostname hello.there.how.are.you
ip nat outside
no ip virtual-reassembly in
ipv6 address dhcp rapid-commit
ipv6 enable
ipv6 nd ra suppress all
!
interface Vlan4
ip address 10.0.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ipv6 enable
ipv6 nd prefix **************************/64
ipv6 nd managed-config-flag
ipv6 nd advertisement-interval
ipv6 nd ra interval 4
ipv6 dhcp server GuestWLANIPv6 rapid-commit
!
interface Vlan22
no ip address
bridge-group 1
!
interface Dialer0
mtu 1492
ip address negotiated
ip nbar protocol-discovery
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ipv6 address autoconfig
ipv6 enable
ppp authentication chap pap callin
ppp chap hostname **************************
ppp chap password 0 **************************
ppp pap sent-username ************************** password 0 **************************
!
interface Dialer1
no ip address
!
no ip forward-protocol nd
no ip http server
ip http authentication local
ip http secure-server
!
!
ip dns view default
domain timeout 2
domain retry 3
ip nat inside source list 1 interface Vlan3 overload
ip nat inside source static udp 10.0.1.235 88 interface Vlan3 88
ip nat inside source static tcp 10.0.1.235 3074 interface Vlan3 3074
ip nat inside source static udp 10.0.1.235 3074 interface Vlan3 3074
ip nat inside source static tcp 10.0.1.2 11009 interface Vlan3 11009
ip nat inside source static tcp 10.0.1.2 11008 interface Vlan3 11008
ip nat inside source static tcp 10.0.1.2 11000 interface Vlan3 11000
ip nat inside source static udp 10.0.1.2 11000 interface Vlan3 11000
ip nat inside source static tcp 10.0.1.2 11080 interface Vlan3 11080
!
no logging trap
access-list 1 remark INSIDE_IF=Vlan2
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.0.1.0 0.0.0.255
access-list 1 permit 10.0.2.0 0.0.0.255
dialer-list 1 protocol ip permit
ipv6 route FEC0:0:0:FFFF::1/128 Vlan2
ipv6 route FEC0:0:0:FFFF::2/128 Vlan2
ipv6 route FEC0:0:0:FFFF::3/128 Vlan2
ipv6 route ::/0 Tunnel0
!
!
!
!
snmp-server community ************************** RO
snmp-server community ************************** RW
snmp-server ifindex persist
snmp-server location **************************
snmp-server contact **************************
!
ipv6 access-list ipv6tunnel-in
permit icmp any any
evaluate reflectout
permit ipv6 **************************/48 any
permit ipv6 **************************/48 any
permit ipv6 **************************/48 any
permit ipv6 **************************/64 any
permit ipv6 **************************/64 any
permit ipv6 **************************/64 any
permit tcp any range 10000 11999 any
permit udp any range 11000 11999 any
permit tcp any range 11000 11999 any
deny ipv6 any any
!
ipv6 access-list ipv6tunnel-out
sequence 100 permit icmp any any
sequence 200 permit ipv6 any any reflect reflectout
sequence 2147483647 deny ipv6 any any
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
password **************************
login local
transport input all
!
scheduler max-task-time 5000
ntp update-calendar
ntp server 1.north-america.pool.ntp.org
ntp server 2.north-america.pool.ntp.org
ntp server 0.north-america.pool.ntp.org
ntp server 2.us.pool.ntp.org
ntp server 0.us.pool.ntp.org
ntp server 1.us.pool.ntp.org
ntp server 3.north-america.pool.ntp.org
event manager directory user policy "flash:/eem"
event manager applet NTP
event timer countdown time 90
action 01.0 cli command "enable"
action 02.0 cli command "configure terminal"
action 03.0 cli command "ntp server 0.us.pool.ntp.org burst iburst"
action 04.0 cli command "ntp server 1.us.pool.ntp.org burst iburst"
action 05.0 cli command "ntp server 2.us.pool.ntp.org burst iburst"
action 06.0 cli command "ntp server 3.us.pool.ntp.org burst iburst"
action 07.0 cli command "ntp server 0.north-america.pool.ntp.org burst iburst"
action 08.0 cli command "ntp server 1.north-america.pool.ntp.org burst iburst"
action 09.0 cli command "ntp server 2.north-america.pool.ntp.org burst iburst"
action 10.0 cli command "ntp server 3.north-america.pool.ntp.org burst iburst"
action 11.0 cli command "exit"
action 12.0 cli command "exit"
!
end