ADSL and VPDN

We take our ADSL services from a third party who are a BT Fat pipe client. We use our own Radius servers to validate and hand out IP ranges in our own subnet.

We connect to the third party using a VPDN as below across the internet.

The problem we get is that although a user can reach say Yahoo they cannot log in to their secure e-mail or ebay - Again they can reach e-bay but cannot sign in.

If they enter an invalid username and password they get the normal failure screen but with the correct details it just dies and displays page not found after some time.

Any clues greatly appreciated Gary

username NETLINK-TEST-L2TP password 7 ccc username NETLINK-TEST2-L2TP password 7 df

aaa authentication login default group tacacs+ enable aaa authentication ppp default local group radius aaa authorization network default local group radius aaa accounting delay-start aaa accounting suppress null-username aaa accounting update periodic 120 aaa accounting exec default start-stop group radius aaa accounting commands 15 default start-stop group tacacs+ aaa accounting network default start-stop group radius aaa accounting connection default start-stop group radius aaa accounting system default start-stop group radius aaa session-id common

vpdn enable vpdn multihop vpdn search-order domain vpdn domain-delimiter @ suffix ! vpdn-group NETLINK-TEST-L2TP accept-dialin protocol l2tp virtual-template 1 terminate-from hostname NETLINK-TEST-L2TP source-ip 1.2.3.4 local name NETLINK-TEST-L2TP lcp renegotiation on-mismatch l2tp tunnel password 7 sfvsdfsd ! vpdn-group NETLINK-TEST2-L2TP accept-dialin protocol l2tp virtual-template 2 terminate-from hostname NETLINK-TEST2-L2TP source-ip 5.6.7.8 local name NETLINK-TEST2-L2TP lcp renegotiation on-mismatch l2tp tunnel password 7 dfgf

interface Virtual-Template1 ip unnumbered Loopback0 no ip redirects no ip proxy-arp no logging event link-status no peer default ip address keepalive 60 ppp authentication chap ppp multilink ppp multilink fragment disable ! interface Virtual-Template2 ip unnumbered Loopback0 no ip redirects no ip proxy-arp no logging event link-status no peer default ip address keepalive 60 ppp authentication chap ppp multilink ppp multilink fragment disable

Reply to
Gary
Loading thread data ...

Would look to be an MTU issue to me.

Here is our Virtual-Templates that we are using.

interface Virtual-Template2 description DSL Termination ip unnumbered Loopback0 ip tcp adjust-mss 1380 load-interval 30 peer default ip address pool DIALPOOL keepalive 60 ppp mtu adaptive ppp authentication chap pap ppp multilink

Main thing you want is ppp mtu adapative. You may also want lcp renegotiate on-mismatch in your vpdn-group.

Cheers, KA

Reply to
Kris Amy

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.