Problem solve Get help with specific problems with your technologies, process and projects.

Could I see a config example of two broadband routers in a PPPOE IPsec LAN to LAN and tunneling over

Could I see a config example of two broadband routers in a PPPOE IPsec LAN to LAN and tunneling over xdsl?
See if this helps. Comments are in blue.
Your Router:
vpdn enable 
no vpdn logging

vpdn-group pppoe 
!--- we are the PPPoE client requesting to establish a session  
 !--- with the aggregation unit

  protocol pppoe 

!--- internal Ethernet network 

interface Ethernet0 
 ip address 
 ip nat inside 

!--- DSL interface 

interface ATM0 
 no ip address 
 no atm ilmi-keepalive
 dsl operating-mode auto
 hold-queue 224 in
 !--- all defaults
!--- PPPoE runs on top of AAL5SNAP, but the 
!--- encap aal5snap command is not used.  

interface ATM0.1 point-to-point 
 pvc 1/1 
  pppoe-client dial-pool-number 1 
!--- pvc 1/1 is an example value that must be changed 
  !--- to match the value used by the Internet Service Provider (ISP) 


!--- The PPPoE client code ties into a dialer interface upon  
!--- which a virtual-access interface is cloned.  

interface Dialer1 
 ip address negotiated 
 ip mtu 1492
!--- Ethernet MTU is 1500 by default -- 1492 + PPPoE headers = 1500

 ip nat outside 
 encapsulation ppp 
 dialer pool 1

!--- ties to atm interface  

 ppp authentication chap callin 
 ppp chap hostname 
 ppp chap password 

!--- The ISP will instruct you regarding the type of authentication to use. 
!--- To change from PPP CHAP to PPP PAP, replace the following three lines:
!--- ppp authentication chap callin 
!--- ppp chap hostname <hostname>
!--- ppp chap password <password>
!--- with the following two lines:
!--- ppp authentication pap callin
!--- ppp pap sent-username <username> password <password>
!--- For NAT we are going to overload on the Dialer1 interface 
!--- and add a default route out since dialer ip address can change  

ip nat inside source list 1 interface Dialer1 overload 
ip classless 
ip route dialer1 
no ip http server 
access-list 1 permit

    !--- for NAT

The other end router (ISP's in most cases)
*** local ppp user 

!--- or you could use aaa


!--- begin with the VPDN commands 
!--- notice that we are binding the PPPoE here to 
!--- a virtual-template instead of on the ATM interface 
!--- You cannot (at this time) use more than one 
!--- virtual-template (or vpdn group) for PPPoE beginning with the VPDN commands 

vpdn enable 
no vpdn logging 
vpdn-group pppoe 

!--- PPPoE server mode 

  protocol pppoe 
  virtual-template 1 
interface ATM0/0/0 
 no ip address 
 no atm ilmi-keepalive 
 hold-queue 500 in 

!--- The binding to the virtual-template 
!--- interface is configured in the vpdn group  

interface ATM0/0/0.182 point-to-point 
 pvc 1/82 
  encapsulation aal5snap

!--- need the command on the server side 

  protocol pppoe 

!--- virtual-template used instead of dialer interface 

interface Virtual-Template1 
 ip unnumbered Loopback10 
 ip mtu 1492 
 peer default ip address pool ippool 
 ppp authentication chap 
interface Loopback10 
 ip address 
ip local pool ippool 

This was last published in October 2003

Dig Deeper on LANs (Local Area Networks)

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.