We're trying to establish a VPN tunnel from our remote office in France to a VPN Concentrator (managed by a 3rd party) located here in the States.
In France we have:
- ADSL Internet connection from France Telecom (FT); a Bintec x2300 router was provided to establish the ADSL connection
- Under our mgmt, a Cisco 1700 running IOS C1700-K9O3SY7-M with an ATM-WIC (Alcatel ADSL) module
Initially we tried to establish the VPN connection from the Cisco 1700 router sitting behind the Bintec router but it didn't work. The VPN concentrator would see the connection attempts coming from the Bintec's WAN interface but the responses/replies would never get back to the 1700 router. What I'm trying to accomplish now is to swap out the Bintec 2300 with the Cisco 1700. Besides the language barrier, this is also my first attempt at setting this up. France Telecom provided me the following connection information:
Login Radius: <Our login ID>
Password: <Our Password>
WAN address: <XXX.XXX.XXX.XXX>
WAN subnet mask: 255.255.255.255
LAN address: 192.168.1.1
LAN subnet mask:LAN 255.255.255.0
Vp client 8
Vc client 35
Vp Network 1
Vc Network 97
Based on that information I've configured the ATM and Dialer interfaces. Here's what I have so far:
no ip address
no ip mroute-cache
no atm ilmi-keepalive
dsl operating-mode auto
encapsulation aal5mux ppp dialer
dialer pool-member 1
ip address <XXX.XXX.XXX.XXX> <255.255.255.???>
dialer pool 1
ppp authentication chap pap callin
ppp chap hostname <Our login ID>
ppp chap password 7 <Our Password>
Here are my questions...
1) Is my PVC correct based on the info they provided (Vp client 8, Vc client 35, Vp Network 1, Vc Network 97)?
2) They did not provide an ecapsulation type so I'm assuming "aal5mux" is correct since it's the only option with the "dialer" command?
3) Under interface Dialer1... I'm assuming I need to set that to the WAN address they provided, however, it does not like the 32bit mask. Am I off base here?
'sh int atm0/0' shows ATM0/0 up and line protocol up
'sh dsl int atm0/0' shows a modem status of DTMDSL_SHOWTIME
What I can't verify is whether the 1700 has authenticated to FT.
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...