Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1191
Views
0
Helpful
0
Replies

Cisco 877 with L2TP to ISP connection - Need some help pls

metalice7
Level 1
Level 1

‎09-30-2013 03:06 AM - edited ‎03-04-2019 09:10 PM

Hi Guys

I need some help with my config, it was working without the L2TP setting, if I change my default route to the virtual-ppp1 I can still ping to the outside but cannot browse at all, everything times out.

my config:

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname adsl-r1

!

boot-start-marker

boot-end-marker

!

logging buffered 4096

enable secret 5 $1$EJyC$nAeDSSphBi96PbN4eXhkA1

!

aaa new-model

!

!

aaa authentication ppp default local

!

!

aaa session-id common

!

!

dot11 syslog

ip cef

!

!

ip name-server 208.67.222.222

ip name-server 208.67.220.220

!

l2tp-class 1234

hidden

authentication

hello 10

password 7 XXX

!

!

vpdn enable

!

vpdn-group CLIENT-VPN

! Default PPTP VPDN group

accept-dialin

  protocol pptp

  virtual-template 1

!

!

!

username user privilege 15 password 7 XXX

!

!

crypto isakmp policy 1

authentication pre-share

group 2

crypto isakmp key 6 XXX address 0.0.0.0 0.0.0.0

!

!

crypto ipsec transform-set TRANSFORM esp-3des esp-sha-hmac

!

crypto map VPN 1 ipsec-isakmp

set peer XXX dynamic

set transform-set TRANSFORM

match address 101

reverse-route

crypto map VPN 2 ipsec-isakmp

set peer XXX dynamic

set transform-set TRANSFORM

match address 103

reverse-route

!

archive

log config

  hidekeys

!

!

ip ssh port 3536 rotary 1

ip ssh version 2

pseudowire-class ISP

encapsulation l2tpv2

protocol l2tpv2 1234

ip local interface Dialer1

ip pmtu

!

!

!

!

interface Loopback1

ip address 10.5.5.6 255.255.255.255

!

interface Loopback2

ip address 10.5.5.7 255.255.255.255

!

interface Tunnel1

ip address 192.168.0.6 255.255.255.252

keepalive 10 3

tunnel source Loopback1

tunnel destination 10.5.5.5

tunnel path-mtu-discovery

crypto map VPN

!

interface Tunnel2

ip address 192.168.1.6 255.255.255.252

keepalive 10 3

tunnel source Loopback2

tunnel destination 10.5.5.4

tunnel path-mtu-discovery

!

interface ATM0

description DSL interface

no ip address

ip mask-reply

ip directed-broadcast

ip route-cache flow

no atm ilmi-keepalive

pvc 8/35

  pppoe-client dial-pool-number 2

  pppoe-client dial-pool-number 1

!

dsl operating-mode auto

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface Virtual-Template1

ip unnumbered Vlan1

ip nat inside

ip virtual-reassembly

peer default ip address pool defaultpool

keepalive 32767

ppp encrypt mppe auto required

ppp authentication ms-chap ms-chap-v2

!

interface Virtual-PPP1

description L2TP dialer to ISP

ip address negotiated

ip mtu 1452

ip tcp adjust-mss 1412

ip nat outside

ip virtual-reassembly

load-interval 30

no cdp enable

ppp pap sent-username XXX password 7 XXX

ppp ipcp dns request accept

pseudowire 196.30.121.50 1 pw-class ISP

!

interface Vlan1

description internal interface

ip address 172.21.138.65 255.255.0.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

interface Dialer1

bandwidth 4096

ip ddns update hostname sct-george.getmyip.com

ip ddns update DynDNS host members.dyndns.org

ip address negotiated

no ip proxy-arp

ip nat outside

ip virtual-reassembly

encapsulation ppp

ip mtu 1492

ip route-cache flow

dialer pool 1

no cdp enable

ppp authentication pap callin

ppp pap sent-username XXX password 7 XXX

crypto map VPN

!

ip local pool defaultpool 172.21.138.50 172.21.138.60

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Virtual-PPP1

ip route 172.21.146.0 255.255.255.0 Tunnel1

ip route 172.21.147.0 255.255.255.0 Tunnel2

ip route 196.30.121.50 255.255.255.255 Dialer1

!

no ip http server

no ip http secure-server

ip nat inside source static tcp 172.21.128.10 21 interface Dialer1 21

ip nat inside source static tcp 172.21.128.10 25 interface Dialer1 25

ip nat inside source static tcp 172.21.128.10 110 interface Dialer1 110

ip nat inside source static tcp 172.21.128.10 119 interface Dialer1 119

ip nat inside source static tcp 172.21.128.10 389 interface Dialer1 389

ip nat inside source static tcp 172.21.128.10 443 interface Dialer1 443

ip nat inside source static tcp 172.21.128.30 5500 interface Dialer1 5500

ip nat inside source static tcp 172.21.128.30 5901 interface Dialer1 5901

ip nat inside source static tcp 172.21.138.1 1119 interface Dialer1 1119

ip nat inside source static tcp 172.21.138.1 1120 interface Dialer1 1120

ip nat inside source static tcp 172.21.138.1 3724 interface Dialer1 3724

ip nat inside source static tcp 172.21.138.1 4000 interface Dialer1 4000

ip nat inside source static tcp 172.21.138.1 6112 interface Dialer1 6112

ip nat inside source static tcp 172.21.138.1 6113 interface Dialer1 6113

ip nat inside source static tcp 172.21.138.1 6114 interface Dialer1 6114

ip nat inside source static tcp 172.21.138.1 6881 interface Dialer1 6881

ip nat inside source static tcp 172.21.138.1 6999 interface Dialer1 6999

ip nat inside source static tcp 172.21.128.30 5912 interface Dialer1 5912

ip nat inside source static tcp 172.21.128.50 80 interface Dialer1 80

ip nat inside source route-map SDM_RMAP_1 interface Dialer1 overload

!

ip access-list extended VPN_ACL

permit ip 172.21.138.0 0.0.0.255 172.21.146.0 0.0.0.255 log

!

access-list 1 permit 172.21.138.1

access-list 10 permit 172.21.138.16

access-list 101 permit gre host 10.5.5.6 host 10.5.5.5

access-list 103 permit gre host 10.5.5.7 host 10.5.5.4

access-list 123 deny   ip 172.21.128.0 0.0.0.255 172.21.146.0 0.0.0.255

access-list 123 deny   ip 172.21.138.0 0.0.0.255 172.21.146.0 0.0.0.255

access-list 123 deny   ip 172.21.128.0 0.0.0.255 172.21.147.0 0.0.0.255

access-list 123 deny   ip 172.21.138.0 0.0.0.255 172.21.147.0 0.0.0.255

access-list 123 permit ip 172.21.128.0 0.0.0.255 any

access-list 123 permit ip 172.21.138.0 0.0.0.255 any

snmp-server community public RO 10

!

!

route-map SDM_RMAP_1 permit 1

match ip address 123

!

!

control-plane

!

!

line con 0

no modem enable

line aux 0

line vty 0 4

privilege level 15

password 7 1415131804477B7977

transport input ssh

!

scheduler max-task-time 5000

end

Can anyone please help me with this

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card