Solved: ADSL Telecom Italia

Murray Bown · ‎05-06-2011

Equipment Cisco1921, HWIC-1ADSL, 2 x GB Ethernet interfaces (Only one used for local LAN)

Software IOS Version 15.1(1)T2

I have been asked to configure this router to provide an IPSEC tunnel back to our central office.

We have been provided with an ADSL business class 7MB service from Telecom Italia, they have presented the circuit to our office with no terminating equipment (wires only). Telecom Italia have provided us with some IP addressing information as follows (I will not disclose the entire IP address)

IP PTP 85.39.196.X Subnet PTP 255.255.255.252

IP LAN 212.131.215.X Subnet LAN 255.255.255.248 Default Gateway LAN 212.131.215.X

VPI/VCI 8/35

We have not been given a username and password and they say we do not need it for this service.

I have configured the ATH interfaces as follows

interface ATM0/0/0

no ip address

no atm ilmi-keepalive

bridge-group 1

pvc 8/35

encapsulation aal5snap

interface BVI1

ip address 85.39.196.X 255.255.255.252

I can see that the packet count is increasing both inbound and outbound on the ATM interface.

Can anyone provide some assistance with this type of configuration? I have read many documents and tried many different way to try and get this resolved, I even logged a call with Cisco but they have not been able to help, not that they didn’t try.

Many thanks

Murray

Giuseppe Larosa · ‎05-09-2011

Hello Murray,

under

pvc x/y

protocol ip broadcast

if I'm not connected somebody else will help you so don't worry about further questions.

Edit:

PVC 8/35 was historically used on Alcaltel DLSAM for RFC 1483 bridged but I'm not sure if this is enough to point to bridged version.

use an ATM point-to-point subinterface when possible instead of main interface

Hope to help

Giuseppe

View solution in original post

Giuseppe Larosa · ‎05-13-2011

Hello Murray,

thanks for your kind remarks as I guessed it it is an RFC 1483 routed service.

you are going to perform point to point GRE over IPSec I guess, with GRE traffic that should be encrypted by crypto map teel-vpn

I would remove loop1 and I would apply the IP address directly on ATM p2p subinterface

so the application of crypto map on a L3 indipendent interface is more common.

GRE traffic has to match the ACL used in crypto map

so you need to check that IPSec is up and running before attempting to use the GRE tunnel travelling inside it

show crypto isakmp sa

show crypto ipsec sa

if IPSec is fine you should be able to use the default route pointing to the GRE tunnel

Hope to help

Giuseppe

View solution in original post

Giuseppe Larosa · ‎05-06-2011

Hello Murray,

>> We have not been given a username and password and they say we do not need it for this service.

try to use a configuration for classical IP over ATM

you are actually using RFC 1483 bridged mode you should try to use RFC 1483 routed mode

int atm0/0

no ip address

int atm0/0.35 point-to-point

pvc 8/35

ip address 85.39.196.X 255.255.255.252

!

Telecom Italia still provide this kind of service for business (it ensures ip address never changes)

Hope to help

Giuseppe

Murray Bown · ‎05-09-2011

Thank you Giuseppe, I will try your recomendation.

Do you mind if I come back with some more questions if I need to?

Murray

Giuseppe Larosa · ‎05-09-2011

Hello Murray,

under

pvc x/y

protocol ip broadcast

if I'm not connected somebody else will help you so don't worry about further questions.

Edit:

PVC 8/35 was historically used on Alcaltel DLSAM for RFC 1483 bridged but I'm not sure if this is enough to point to bridged version.

use an ATM point-to-point subinterface when possible instead of main interface

Hope to help

Giuseppe

Murray Bown · ‎05-13-2011

Hi Giuseppe

This is the config that has worked for me,

interface ATM0/0/0
no ip address
no atm ilmi-keepalive
!
interface ATM0/0/0.1 point-to-point
ip unnumbered Loopback1 <<<------------ I have used one of the public IP's assigned. 212.131.215.X
crypto map teel-vpn
pvc 8/35
encapsulation aal5snap

I do have one more problem that is vexing me somewhat.

I have configured a tunnel as below which is working fine and is UP UP.

interface Tunnel1
description tunnel from X to X
bandwidth 64
ip unnumbered Loopback0
ip helper-address 172.19.128.10
no ip redirects
no ip unreachables
no ip proxy-arp
tunnel source Loopback1
tunnel destination X.X.X.X

I want to route all traffic through this tunnel but when I issue the command "ip route 0.0.0.0 0.0.0.0 tunnel1" I loose connection to the internet and the tunnel drops. Here is the ip route statement that is used at the moment.

ip route 0.0.0.0 0.0.0.0 212.131.215.X
ip route 212.131.215.X 255.255.255.255 ATM0/0/0.1

Any help would be greatly appreciated.

Murray

Giuseppe Larosa · ‎05-13-2011

Hello Murray,

thanks for your kind remarks as I guessed it it is an RFC 1483 routed service.

you are going to perform point to point GRE over IPSec I guess, with GRE traffic that should be encrypted by crypto map teel-vpn

I would remove loop1 and I would apply the IP address directly on ATM p2p subinterface

so the application of crypto map on a L3 indipendent interface is more common.

GRE traffic has to match the ACL used in crypto map

so you need to check that IPSec is up and running before attempting to use the GRE tunnel travelling inside it

show crypto isakmp sa

show crypto ipsec sa

if IPSec is fine you should be able to use the default route pointing to the GRE tunnel

Hope to help

Giuseppe