Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
412
Views
5
Helpful
1
Replies

PPPOE config

ohgroup01
Level 1
Level 1

‎09-24-2015 08:25 AM - edited ‎03-11-2019 11:38 PM

Hi Guys,

 

Can you tell me if this config looks ok as i want to try PPPOE.

 

ASA Version 9.0(1)

!

hostname TEST

domain-name test.uk

enable password zrHHdIT4mKPmTna3 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

ip local pool vpnras 172.31.1.1-172.31.1.20 mask 255.255.255.240

!

interface Ethernet0/0

 switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

interface Vlan1

 nameif inside

 security-level 100

 ip address 192.168.2.1 255.255.255.0

!

interface Vlan2

 nameif outside

 security-level 0

 pppoe client vpdn group test

 ip address xx.xx.xx.xx 255.255.255.252 pppoe

!

ftp mode passive

dns server-group DefaultDNS

 domain-name test.co.uk

object network obj_any

 subnet 0.0.0.0 0.0.0.0

object network obj-192.168.2.2

 host 192.168.2.2

object network obj-192.168.2.2-01

 host 192.168.2.2

object network VPNCLIENTS

 subnet 172.31.1.0 255.255.255.0

object network INTERNAL

 subnet 192.168.2.0 255.255.255.0

object network obj-192.168.2.2-02

 host 192.168.2.2

access-list SERVICES extended permit tcp any object obj-192.168.2.2 eq https

access-list SERVICES extended permit tcp any object obj-192.168.2.2-01 eq 987

access-list SERVICES extended permit tcp any object obj-192.168.2.2-02 eq pptp

access-list SPTNL extended permit ip 192.168.2.0 255.255.255.0 172.31.1.0 255.25

5.255.240

pager lines 24

logging enable

logging asdm informational

mtu inside 1500

mtu outside 1492

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

no arp permit-nonconnected

nat (inside,outside) source static INTERNAL INTERNAL destination static VPNCLIEN

TS VPNCLIENTS

!

object network obj_any

 nat (inside,outside) dynamic interface

object network obj-192.168.2.2

 nat (inside,outside) static interface service tcp https https

object network obj-192.168.2.2-01

 nat (inside,outside) static interface service tcp 987 987

object network obj-192.168.2.2-02

 nat (inside,outside) static interface service tcp pptp pptp

access-group SERVICES in interface outside

timeout xlate 3:00:00

timeout pat-xlate 0:00:30

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

user-identity default-domain LOCAL

aaa authentication ssh console LOCAL

http server enable

http 192.168.1.0 255.255.255.0 inside

http 192.168.2.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart

 

crypto ipsec ikev1 transform-set testSET esp-3des esp-md5-hmac

crypto ipsec security-association pmtu-aging infinite

crypto dynamic-map dynmap 100 set ikev1 transform-set testSET

crypto map testMAP 100 ipsec-isakmp dynamic dynmap

crypto map testMAP interface outside

crypto ca trustpool policy

crypto ikev1 enable outside

crypto ikev1 policy 1

 authentication pre-share

 encryption 3des

 hash md5

 group 2

 lifetime 86400

telnet 192.168.2.0 255.255.255.0 inside

telnet timeout 30

ssh

ssh timeout 5

console timeout 0

vpdn group test request dialout pppoe

vpdn group test localname xxxxx@xxxxx.net

vpdn group test ppp authentication chap

vpdn username xxxxx@xxxxx.net password *****

 

dhcpd auto_config outside

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

group-policy test-RAS internal

group-policy test-RAS attributes

 wins-server value 192.168.2.2

 dns-server value 192.168.2.2

 split-tunnel-policy tunnelspecified

 split-tunnel-network-list value SPTNL

 default-domain value test.uk

username ohits password PxHxmoMv.YYv10qM encrypted privilege 15

tunnel-group test-RAS type remote-access

tunnel-group test-RAS general-attributes

 address-pool vpnras

 default-group-policy test-RAS

tunnel-group test-RAS ipsec-attributes

 ikev1 pre-shared-key *****

 ikev1 user-authentication none

!

class-map inspection_default

 match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

 parameters

  message-length maximum client auto

  message-length maximum 512

  message-length maximum 512

 class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp

  inspect ip-options

  inspect pptp

!

service-policy global_policy global

prompt hostname context

no call-home reporting anonymous

Cryptochecksum:ba2fbc204a3687952358f12fd322c077

: end

 

Labels:
0 Helpful
1 Reply 1

Rishabh Seth
Level 7
Level 7

‎09-24-2015 09:53 AM

I think the subnet mask should be 255.255.255.255 for the IP configured on PPPOE interface.

Thanks,

R.Seth

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card