08-20-2009 08:09 AM - edited 03-04-2019 05:47 AM
When configuring a DSL connection
you need:
username, password, pvc
When I check on the internet I see for example encapsulation aal5mux ppp dialer.
Do you need to receive this information also? Or is this trial and error?
What's the difference with encapsulation ppp under the logical interface dialer.
I can't find good docs about the different encapsulation types.
If you setup for example a GRE tunnel then you don't have to add ip nat outside?
Solved! Go to Solution.
08-20-2009 08:29 AM
Hello Rik,
you should ask also the encapsulation type to the provider.
possible options are:
aal5snap for classic ip over ATM (rare in consumer services)
aal5mux with PPP over ATM
aal5snap with PPP over Ethernet over ATM
Configuring forms of VPNs over the internet can be done in different ways and yes usually you don't nat over the L3 interface to the vpn.
To be noted that GRE alone does not provide encryption.
Hope to help
Giuseppe
08-20-2009 08:29 AM
Hello Rik,
you should ask also the encapsulation type to the provider.
possible options are:
aal5snap for classic ip over ATM (rare in consumer services)
aal5mux with PPP over ATM
aal5snap with PPP over Ethernet over ATM
Configuring forms of VPNs over the internet can be done in different ways and yes usually you don't nat over the L3 interface to the vpn.
To be noted that GRE alone does not provide encryption.
Hope to help
Giuseppe
08-20-2009 11:55 AM
What about the MTU?
1492? or less if you use IPSEC/GRE
08-20-2009 11:12 PM
Hello Rick,
your understanding is correct and thanks for your kind remarks.
MTU varies depending on the encapsulation even before thinking of VPN:
PPPoE: requires 1492 bytes to accomodate the 8 bytes PPPoE header
other types start from 1500 bytes.
When dealing with IPSEC and GRE depending on the two ways (tunnel mode or transport mode) to do this, additional overheads are present.
You can use the following document as a reference in calculating these overheads
http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/IPSecQoS.html#wp56035
To be noted that the effect of not reducing the MTU can be that of excessive fragmentation with a slow performance for end users.
A possible approach in small branch offices is to set the mtu on PCs also to 1300 bytes in order to take in account all overheads.
We used this fix on some branch offices that connect with IPsec + GRE tunnel mode.
see also for MTU issues with IPSec
http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml
Hope to help
Giuseppe
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: