Q

Could I see a config example of two broadband routers in a PPPOE IPsec LAN to LAN and tunneling over

Could I see a config example of two broadband routers in a PPPOE IPsec LAN to LAN and tunneling over xdsl?
See if this helps. Comments are in blue.
 
Your Router:
! 
vpdn enable 
no vpdn logging

! 
vpdn-group pppoe 
 request-dialin     
 
!--- we are the PPPoE client requesting to establish a session  
 !--- with the aggregation unit

  protocol pppoe 
! 

 
!--- internal Ethernet network 

! 
interface Ethernet0 
 ip address 10.92.1.182 255.255.255.0 
 ip nat inside 
 

!--- DSL interface 

! 
interface ATM0 
 no ip address 
 no atm ilmi-keepalive
 bundle-enable
 dsl operating-mode auto
 hold-queue 224 in
 
 !--- all defaults
!--- PPPoE runs on top of AAL5SNAP, but the 
!--- encap aal5snap command is not used.  

! 
interface ATM0.1 point-to-point 
 pvc 1/1 
  pppoe-client dial-pool-number 1 
 
!--- pvc 1/1 is an example value that must be changed 
  !--- to match the value used by the Internet Service Provider (ISP) 

 ! 


 
!--- The PPPoE client code ties into a dialer interface upon  
!--- which a virtual-access interface is cloned.  

! 
interface Dialer1 
 ip address negotiated 
 ip mtu 1492
 
!--- Ethernet MTU is 1500 by default -- 1492 + PPPoE headers = 1500

 ip nat outside 
 encapsulation ppp 
 dialer pool 1

 
!--- ties to atm interface  


 ppp authentication chap callin 
 ppp chap hostname 
  
   
 ppp chap password 
   
    
! 

     
!--- The ISP will instruct you regarding the type of authentication to use. 
!--- To change from PPP CHAP to PPP PAP, replace the following three lines:
!--- ppp authentication chap callin 
!--- ppp chap hostname <hostname>
!--- ppp chap password <password>
!--- with the following two lines:
!--- ppp authentication pap callin
!--- ppp pap sent-username <username> password <password>
!--- For NAT we are going to overload on the Dialer1 interface 
!--- and add a default route out since dialer ip address can change  

 
ip nat inside source list 1 interface Dialer1 overload 
ip classless 
ip route 0.0.0.0 0.0.0.0 dialer1 
no ip http server 
! 
access-list 1 permit 10.92.1.0 0.0.0.255

    !--- for NAT
!

     
The other end router (ISP's in most cases)
*** local ppp user 


     
!--- or you could use aaa


username 
    
      password 
     



       
!--- begin with the VPDN commands 
!--- notice that we are binding the PPPoE here to 
!--- a virtual-template instead of on the ATM interface 
!--- You cannot (at this time) use more than one 
!--- virtual-template (or vpdn group) for PPPoE beginning with the VPDN commands 

vpdn enable 
no vpdn logging 
! 
vpdn-group pppoe 
 accept-dialin


       
!--- PPPoE server mode 

  protocol pppoe 
  virtual-template 1 
! 
! 
interface ATM0/0/0 
 no ip address 
 no atm ilmi-keepalive 
 hold-queue 500 in 



       
!--- The binding to the virtual-template 
!--- interface is configured in the vpdn group  


! 
interface ATM0/0/0.182 point-to-point 
 pvc 1/82 
  encapsulation aal5snap


       
!--- need the command on the server side 

  protocol pppoe 
 ! 
! 



       
!--- virtual-template used instead of dialer interface 


! 
interface Virtual-Template1 
 ip unnumbered Loopback10 
 ip mtu 1492 
 peer default ip address pool ippool 
 ppp authentication chap 
! 
! 
interface Loopback10 
 ip address 8.8.8.1 255.255.255.0 
! 
ip local pool ippool 9.9.9.1 9.9.9.5 

     
    
   
  
This was first published in October 2003

Dig deeper on LANs (Local Area Networks)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close