Ask the Expert

Could I see a config example of two broadband routers in a PPPOE IPsec LAN to LAN and tunneling over

Could I see a config example of two broadband routers in a PPPOE IPsec LAN to LAN and tunneling over xdsl?

    Requires Free Membership to View

See if this helps. Comments are in blue.
 
Your Router:
! 
vpdn enable 
no vpdn logging

! 
vpdn-group pppoe 
 request-dialin     
 
!--- we are the PPPoE client requesting to establish a session  
 !--- with the aggregation unit

  protocol pppoe 
! 

 
!--- internal Ethernet network 

! 
interface Ethernet0 
 ip address 10.92.1.182 255.255.255.0 
 ip nat inside 
 

!--- DSL interface 

! 
interface ATM0 
 no ip address 
 no atm ilmi-keepalive
 bundle-enable
 dsl operating-mode auto
 hold-queue 224 in
 
 !--- all defaults
!--- PPPoE runs on top of AAL5SNAP, but the 
!--- encap aal5snap command is not used.  

! 
interface ATM0.1 point-to-point 
 pvc 1/1 
  pppoe-client dial-pool-number 1 
 
!--- pvc 1/1 is an example value that must be changed 
  !--- to match the value used by the Internet Service Provider (ISP) 

 ! 


 
!--- The PPPoE client code ties into a dialer interface upon  
!--- which a virtual-access interface is cloned.  

! 
interface Dialer1 
 ip address negotiated 
 ip mtu 1492
 
!--- Ethernet MTU is 1500 by default -- 1492 + PPPoE headers = 1500

 ip nat outside 
 encapsulation ppp 
 dialer pool 1

 
!--- ties to atm interface  


 ppp authentication chap callin 
 ppp chap hostname 
 ppp chap password 
! 
 
!--- The ISP will instruct you regarding the type of authentication to use. 
!--- To change from PPP CHAP to PPP PAP, replace the following three lines:
!--- ppp authentication chap callin 
!--- ppp chap hostname <hostname>
!--- ppp chap password <password>
!--- with the following two lines:
!--- ppp authentication pap callin
!--- ppp pap sent-username <username> password <password>
!--- For NAT we are going to overload on the Dialer1 interface 
!--- and add a default route out since dialer ip address can change  

 
ip nat inside source list 1 interface Dialer1 overload 
ip classless 
ip route 0.0.0.0 0.0.0.0 dialer1 
no ip http server 
! 
access-list 1 permit 10.92.1.0 0.0.0.255
!--- for NAT
!
 
The other end router (ISP's in most cases)
*** local ppp user 

 
!--- or you could use aaa


username  password 


 
!--- begin with the VPDN commands 
!--- notice that we are binding the PPPoE here to 
!--- a virtual-template instead of on the ATM interface 
!--- You cannot (at this time) use more than one 
!--- virtual-template (or vpdn group) for PPPoE beginning with the VPDN commands 

vpdn enable 
no vpdn logging 
! 
vpdn-group pppoe 
 accept-dialin

 
!--- PPPoE server mode 

  protocol pppoe 
  virtual-template 1 
! 
! 
interface ATM0/0/0 
 no ip address 
 no atm ilmi-keepalive 
 hold-queue 500 in 


 
!--- The binding to the virtual-template 
!--- interface is configured in the vpdn group  


! 
interface ATM0/0/0.182 point-to-point 
 pvc 1/82 
  encapsulation aal5snap

 
!--- need the command on the server side 

  protocol pppoe 
 ! 
! 


 
!--- virtual-template used instead of dialer interface 


! 
interface Virtual-Template1 
 ip unnumbered Loopback10 
 ip mtu 1492 
 peer default ip address pool ippool 
 ppp authentication chap 
! 
! 
interface Loopback10 
 ip address 8.8.8.1 255.255.255.0 
! 
ip local pool ippool 9.9.9.1 9.9.9.5 

This was first published in October 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: