basic DSL configuration questions

Answered Question
Aug 20th, 2009
User Badges:

When configuring a DSL connection


you need:

username, password, pvc


When I check on the internet I see for example encapsulation aal5mux ppp dialer.


Do you need to receive this information also? Or is this trial and error?


What's the difference with encapsulation ppp under the logical interface dialer.


I can't find good docs about the different encapsulation types.


If you setup for example a GRE tunnel then you don't have to add ip nat outside?



Correct Answer by Giuseppe Larosa about 7 years 7 months ago

Hello Rik,

you should ask also the encapsulation type to the provider.


possible options are:

aal5snap for classic ip over ATM (rare in consumer services)

aal5mux with PPP over ATM

aal5snap with PPP over Ethernet over ATM


Configuring forms of VPNs over the internet can be done in different ways and yes usually you don't nat over the L3 interface to the vpn.


To be noted that GRE alone does not provide encryption.


Hope to help

Giuseppe


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Giuseppe Larosa Thu, 08/20/2009 - 08:29
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Rik,

you should ask also the encapsulation type to the provider.


possible options are:

aal5snap for classic ip over ATM (rare in consumer services)

aal5mux with PPP over ATM

aal5snap with PPP over Ethernet over ATM


Configuring forms of VPNs over the internet can be done in different ways and yes usually you don't nat over the L3 interface to the vpn.


To be noted that GRE alone does not provide encryption.


Hope to help

Giuseppe


Giuseppe Larosa Thu, 08/20/2009 - 23:12
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Rick,

your understanding is correct and thanks for your kind remarks.

MTU varies depending on the encapsulation even before thinking of VPN:


PPPoE: requires 1492 bytes to accomodate the 8 bytes PPPoE header

other types start from 1500 bytes.


When dealing with IPSEC and GRE depending on the two ways (tunnel mode or transport mode) to do this, additional overheads are present.


You can use the following document as a reference in calculating these overheads


http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/IPSecQoS.html#wp56035


To be noted that the effect of not reducing the MTU can be that of excessive fragmentation with a slow performance for end users.


A possible approach in small branch offices is to set the mtu on PCs also to 1300 bytes in order to take in account all overheads.


We used this fix on some branch offices that connect with IPsec + GRE tunnel mode.


see also for MTU issues with IPSec


http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml



Hope to help

Giuseppe



Actions

This Discussion