Cisco Support Community
Community Member

VPN with PPPoE

Hi everyone,

I have two networks, and the side A, I have a router connected in a Ethernet1/0 in a ADSL provider equipment, and my configuration is working ok, without problems.

But I would like to know, how I can configure a VPN peer to peer, with another site, thata has a Static Public IP congigured on the Interface, because, my side A, change the Public IP address, everytime, that need to reconect, and need configure a router such as a easy vpn.

Anybody have a script, or a url, that may help me in this case?

I would appreciate configuration for both sites, A PPPoe and a Static IP.

Thanks in advance

Community Member

Re: VPN with PPPoE

Simpe way - configure the EazyVPN Server on static address router, and EazyVPN Remote on dynamic address router. No dinamic routing.

Hard way - configure DMVPN/mGRE/NHRP with dinamic routing.

Sample configurations are awail on IPSEC support page:

There is no IOS routers complete EazyVPN server/remote samle. So you can take EazyVPN remote config from one sampe, EazyVPN server from enother sample and combine.

Community Member

Re: VPN with PPPoE

Ok Sergei, I've saw the documents, but I have one doubt yet.

On router that have a Static IP address, I already have a Tunnel VPN with another site, and I have the crypto ipsec, crypto isakmp and a crypto mao created.

I need create other interface tunnel to serve as interface that will be connected with the other peer (ezvpn) ???

I need to create other crypto map and applies on diferent interface, E.g Tunnel 2.

Is this correct???

Community Member

Re: VPN with PPPoE

If you prefer the EzVPN, then:

You simple need to modify you existing crypto-map

Modified sample:

!--- To enable X-Auth for user authentication,

!--- enable the aaa authentication commands.

! --- #You realy do not need X-Auth for router. It is second step authentication

! ---aaa authentication login userauthen local

!--- To enable group authorization, enable

!--- the aaa authorization commands.

!---#This command enable authentication with “crypto isakmp client configuration group router-client” Group login is router-client, group password is cisco123

aaa authorization network groupauthor local

aaa session-id common

crypto isakmp client configuration group router-client

key cisco123

!---# dns, wins domain and pool is manly for softeware clients, you can skip them if you want to connect to routers




pool ippool

!---# Here you are creating ginamic map for you router. Only option is transform

crypto dynamic-map dynmap 10

set transform-set myset

!---#No need for router X-auth, skip next line

!---crypto map clientmap client authentication list userauthen

!---#Next line enable authorization of EzVPN remotes with “crypto isakmp client configuration group”s

crypto map clientmap isakmp authorization list groupauthor

!---#Next line is not needed for router configuration.

!---#crypto map clientmap client configuration address respond

!---#Here is you existing crypto map:

crypto map clientmap 1 ipsec-isakmp

set peer

set transform-set myset

match address 100

!---#here is new dynamic map added for EzVPN remotes. This router is EzVPN server now.

crypto map clientmap 10 ipsec-isakmp dynamic dynmap

Here is the original sample (with pure IPSEC, no GRE. If you are using GRE tunnels you need to modify access list “permit from gre to gre”) Imagine that Cisco VPN Client 3.x is you router with dynamic address)

EzVPN is technology witch unify all VPN clients: router/pix/softwate/concentrator3002 - so this sample fit for all EzVPN remote types.

Community Member

Re: VPN with PPPoE

Dear colleague Sergei.

I made the configurations, according your suggestion, and the documents, but I am experienced some problems, below, a text with the router messages:

Client side:

*Mar 5 22:50:42.134: %CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from failed its sanity check or is malformed

Server Side:

*Mar 2 02:45:10.611: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at

If you want more configurations or debugs, let me know.

Best regards.

CreatePlease to create content