Important Points
1. Even if your ISP has assigned you static ip address. DO NOT configure this IP address on dialer interface. Use ip address negotiate command. Once router authenticated, it will automatically get that static ip address.
2. When you configure leave in a bridge mode, leave DHCP service on the modem ON.
3. Ask your service provider for authentication method and configured same on the router. In this example I have used PAP authentication.
Troubleshooting steps.
1. Use debug PPPOE events command on routers to see the event.
2. If connection is not working, then directly connect the modem to the PC (while leaving modem is a bridge mode and DHCP service on the modem on) and setup PPPOE connection on the PC and test it by using your connection credentials.
Building configuration...
Current configuration : 2926 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
dot11 syslog
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
username myname privilege 15 secret 5 $1$4CDH$.3D11txHCBPBAidX/CnW5.
username yourname privilege 15 secret 5 $1$NcnE$mjiu4M0YaY0uksZ5cLrKJ0
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key XYZ address X.X.X.X
!
!
crypto ipsec transform-set aes-sha esp-3des esp-sha-hmac
!
crypto map VPNtoBlacktown 10 ipsec-isakmp
set peer X.X.X.X
set transform-set aes-sha
match address VPN-Traffic
!
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description connected to WAN
no ip address
ip virtual-reassembly
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Vlan1
description connected to LAN
ip address 192.168.250.30 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Dialer0
ip address negotiate
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp authentication pap callin
ppp pap sent-username XYZ password 0 ABC
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
no ip http secure-server
ip nat inside source list NAT-Traffic interface Dialer0 overload
!
ip access-list extended NAT-Traffic
deny ip 192.168.250.0 0.0.0.255 192.168.1.0 0.0.0.255
deny ip 192.168.26.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.250.0 0.0.0.255 any
permit ip 192.168.26.0 0.0.0.255 any
ip access-list extended VPN-Traffic
permit ip 192.168.26.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.250.0 0.0.0.255 192.168.1.0 0.0.0.255
!
!
!
control-plane
!
banner motd ^C
This is the branch router for XYZ.
Access to this system is restricted solely to employees
of XYZ Personnel and authorised service personnel.
************************************************************************
* WARNING: It is a criminal offence to: *
* i. Obtain access to data without authority *
* (Penalty 2 years imprisonment) *
* ii Damage, delete, alter or insert data without authority *
* (Penalty 10 years imprisonment) *
************************************************************************^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
login local
transport input all
!
scheduler max-task-time 5000
end
Thursday, November 20, 2008
Subscribe to:
Posts (Atom)