1. Home
  2. Cisco Systems
  3. 837 Cisco router & vpn problems

837 Cisco router & vpn problems

Hi gents, hope you can help . I have a cisco 837 that needs to be configured to vpn my network. I achieved to configure it so I can vpn with a PPPoE configuration. My problem is that the PPPoE gives me dynamic ip, and my ISP uses RFC 1483 to static ips. I don't know much about DSL routers, and when I try to configure it by the web interface it doesn't work. Here I give you my working config for PPPoE, I hope some one can tell me how to modify it to work with a static ip and RFC 1483.

Thanks really much in advance, hope you can understand my explanation of this issue.

Here it is my config is half CRWS half console ...

! version 12.4 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname admin ! boot-start-marker boot-end-marker ! no logging buffered enable secret 5 $1$iCQR$dPifrjT7VzsLeFLaUvWOt. ! no aaa new-model ! resource policy ! no ip dhcp use vrf connected ip dhcp excluded-address 10.10.10.1 ip dhcp excluded-address G.J.17.1 ! ip dhcp pool CLIENT import all network G.J.17.0 255.255.255.248 default-router G.J.17.1 lease 0 2 ! ! ip cef no ip domain lookup ! username admin privilege 15 secret 5 password username CRWS_Bijoy privilege 15 password 7 password username CRWS_Gayatri privilege 15 password 7 password ! ! ! crypto isakmp policy 1 authentication pre-share ! crypto isakmp policy 3 encr 3des authentication pre-share group 2 lifetime 3600 crypto isakmp key MYkEy address XX.YY.ZZ.10 no-xauth ! ! crypto ipsec transform-set Mytset esp-3des esp-sha-hmac ! crypto map micripto 10 ipsec-isakmp set peer XX.YY.ZZ.10 set transform-set Mytset match address 111 ! ! ! interface Ethernet0 description CRWS Generated text. Please do not delete this:G.J.

17.1-255.255.255.248 ip address G.J.17.1 255.255.255.0 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 hold-queue 100 out ! interface Ethernet2 no ip address shutdown hold-queue 100 out ! interface ATM0 no ip address atm vc-per-vp 64 no atm ilmi-keepalive dsl operating-mode auto pvc 8/32 pppoe-client dial-pool-number 1 ! ! ! interface FastEthernetX duplex auto speed auto !

-----------------------------------------------------------------------------

----this is what I want to be RFC 1483 static ip-----------

----------------------------------------------------------------------------- interface Dialer1 ip address negotiated ip mtu 1492 ip nat outside ip virtual-reassembly encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 dialer remote-name redback dialer-group 1 ppp authentication pap chap callin ppp chap hostname adslppp@telefonicanetpa ppp chap password 7 045A0F1503315C5E //generic users-passwords ppp pap sent-username adslppp@telefonicanetpa password 7

094D4A1A15150702 ppp ipcp dns request ppp ipcp wins request crypto map micripto !

------------------------------------------------------------------------------------ ip route 0.0.0.0 0.0.0.0 Dialer1 ip http server ip http access-class 23 ip http authentication local no ip http secure-server ip http max-connections 4 ip http timeout-policy idle 600 life 86400 requests 10000 ! ip nat inside source list 105 interface Dialer1 overload ! access-list 23 permit 10.10.10.0 0.0.0.7 access-list 23 permit G.J.17.0 0.0.0.255 access-list 101 permit ip G.J.17.0 0.0.0.255 any access-list 101 permit ip 10.0.0.0 0.255.255.255 any access-list 102 permit ip G.J.17.0 0.0.0.7 any access-list 105 deny ip G.J.17.0 0.0.0.255 10.0.0.0 0.255.255.255 access-list 105 permit ip 172.0.0.0 0.255.255.255 any access-list 110 permit ip G.J.17.0 0.0.0.255 10.0.0.0 0.255.255.255 access-list 110 deny ip 172.0.0.0 0.255.255.255 any access-list 111 permit ip G.J.17.0 0.0.0.255 10.0.0.0 0.255.255.255 dialer-list 1 protocol ip permit route-map notnat permit 10 match ip address 101 ! ! control-plane ! ! line con 0 exec-timeout 120 0 login local no modem enable stopbits 1 line aux 0 line vty 0 4 access-class 23 in exec-timeout 120 0 password 7 045E5A2A0B0D41 login local length 0 ! scheduler max-task-time 5000 end

Thanks a lot to you all in advance.

Reply to
Sako
Loading thread data ...

What's RFC1483 got to do with the IP addresses?

Reply to
chris

My ISP uses PPPoE to dynamic ip addresses and RFC1483 for the static ones. I don't know the diference about both but that's how they work, the only thing I need is to put a static ip so I can vpn without problem.

I've seen both options in te CRWS (only pppoe worked) but I've no idea how to make this in command line.

Regards

Reply to
Sako

Do you mean RFC1918 addresses? RFC1483 is Multiprotocol Encapsulation over ATM Adaptation Layer 5.

Chris.

Reply to
chris

I think that what you want may be RFC1483 bridging and I think that it may look like this.

I quite frankly don't understand it but I think that this may be what you need. This is from a working Verizon fixed IP installation in the US. TAC made it work for me.

Remove the Dialer, your default route and edit the ATM to get:

-------------------------------------------------

---- REMOVE -----------

-------------------------------------------------

interface ATM0 no ip address atm vc-per-vp 64 no atm ilmi-keepalive dsl operating-mode auto pvc 8/32 pppoe-client dial-pool-number 1 !

int dialer 1 ! i.e. no int dial 1

ip route 0.0.0.0 0.0.0.0 your.ISP.next.hop

! ! -------------- END REMOVE -------------- ! !

interface FastEthernetX duplex auto speed auto !

---------------------------------------------------------------------------= =AD--

----this is what I want to be RFC 1483 static ip-----------

---------------------------------------------------------------------------= =AD-- ! ADD

interface ATM0 no ip address load-interval 30 no atm ilmi-keepalive bundle-enable dsl operating-mode auto ! interface ATM0.1 point-to-point ! cisco seem to like it this way bridge-group 1 ! < -- THIS IS THE KEY pvc 8/32 encapsulation aal5snap

interface BVI1 ! < -- AND THIS ip address your.ip.address your.mask ip nat outside ip virtual-reassembly ip tcp adjust-mss 1400 load-interval 30 crypto map micripto !

!! remove !! ip route 0.0.0.0 0.0.0.0 Dialer1

ip route 0.0.0.0 0.0.0.0 your.ISP.next.hop

---------------------------------------------------------------------------= =AD---------

Reply to
Bod43

thnks to you all I'll try this tomorrow , I feel sorry for not explaining me better this is the first time I configure a ATM cisco, I'm used to work with frame relay over serial interfaces.

I have an ADSL at the office but it's pppoe because it is dynamic, at home I have a RFC1483 , but it its configured in a Zyxel 660 hw, an here is where I need to place my cisco 837 ... so once again "home- work"

thanks again, keep learning!

Thanks to you all, I'll try the bridging tomorrow ,

--=AD---------

Reply to
Sako

thnks to you all I'll try this tomorrow , I feel sorry for not explaining me better this is the first time I configure a ATM cisco, I'm used to work with frame relay over serial interfaces.

I have an ADSL at the office but it's pppoe because it is dynamic, at home I have a RFC1483 , but it its configured in a Zyxel 660 hw, an here is where I need to place my cisco 837 ... so once again "home- work"

thanks again, keep learning!

Thanks to you all, I'll try the bridging tomorrow ,

--=AD---------

Reply to
Sako

Noticed that I forgot a bit:

You also need to enable bridging globally and turn on irb.

bridge 1 protocol ieee bridge 1 route ip bridge irb

Reply to
Bod43

Now it works! thanks to you all I was turning my self crazy because a mistake on the subnet mask Thanks this did the job : interface ATM0 no ip address load-interval 30 no atm ilmi-keepalive bundle-enable dsl operating-mode auto ! interface ATM0.1 point-to-point ! cisco seem to like it this way bridge-group 1 ! < -- THIS IS THE KEY pvc 8/32 encapsulation aal5snap

Reply to
Sako

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.