12-16-2008 08:38 AM - edited 03-04-2019 12:43 AM
I am trying to configure a BT Business Broadband connection for 6 Cisco 857 ADSL Routers. Unfortunately these are located at various stations and since they are not working I cannot access these but have to get someone to make config changes to try and get an internet connection.
These tested okay on a Non-BT Connection so I know that this is an ADSL configuration issue.
Can someone please give advise? When connected I get the CD Light enabled but no PPP connection. I have configured the connection as DHCP rather than Static IP as BT stated this would then auto configure the IP, Gateway and DNS for me. The config looks good but am I missing some? Is this just an IP Route issue that looks missing from the config?
Config is as follows:
Using 4501 out of 131072 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname birchington
!
boot-start-marker
boot-end-marker
!
logging buffered 52000
enable secret 5 $1$Pg1Y$6YW.xAcaVJeCUlNPcgEue.
!
ip cef
ip domain name qinetiq.com
ip name-server 194.72.9.34
ip name-server 194.74.65.68
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key ********* address xx.xx.xx.xx
!
crypto isakmp client configuration group Norsonic
key qq-norsonic
max-users 3
!
crypto isakmp client configuration group Campbell_Associates
key qq-campbell
crypto isakmp profile sdm-ike-profile-1
match identity group Norsonic
client authentication list sdm_vpn_xauth_ml_1
isakmp authorization list sdm_vpn_group_ml_1
client configuration address respond
virtual-template 1
crypto isakmp profile sdm-ike-profile-2
match identity group Campbell_Associates
client authentication list sdm_vpn_xauth_ml_2
isakmp authorization list sdm_vpn_group_ml_2
client configuration address respond
virtual-template 3
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
!
crypto ipsec profile SDM_Profile1
set transform-set ESP-3DES-SHA1
set isakmp-profile sdm-ike-profile-1
!
crypto ipsec profile SDM_Profile2
set transform-set ESP-3DES-SHA2
set isakmp-profile sdm-ike-profile-2
!
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel toxx.xx.xx.xx
set peer xx.xx.xx.xx
set transform-set ESP-3DES-SHA
match address 150
!
archive
log config
hidekeys
!
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Virtual-Template1 type tunnel
ip unnumbered Dialer0
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile1
!
interface Virtual-Template3 type tunnel
ip unnumbered Dialer0
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile2
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.100.1 255.255.255.0
ip tcp adjust-mss 1452
!
interface Dialer0
ip address dhcp
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname B550577@hg70.btclick.com
ppp chap password 0 *
crypto map SDM_CMAP_1
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
access-list 150 remark VPN Connectivity to SHB
access-list 150 remark SDM_ACL Category=4
access-list 150 permit ip 192.168.100.0 0.0.0.255 192.168.50.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
transport input telnet ssh
!
scheduler max-task-time 5000
end
12-16-2008 10:04 AM
Hello Adrian,
some notes
when using any PPPoX service the ip address can be assigned by the RAS but not via DHCP but by IPCP that is part of PPP negotiation
So I would change to
int dialer 0
ip address negotiated
2) when performing basic testing it is better to remove the security features that can be added later
so
int dialer 0
no crypto map SDM_CMAP_1
3) to perform troubleshooting do the following
get telnet access to the router in enabled mode add
terminal monitor
debug ppp negotiation
debug ppp authentication
then do the following
int atm0
shut
no shut
so you can collect the output from a negotiation
There are different types on PPPoX so it is important to understand if you are using the correct one and if PPP session fails for what reason.
at the end do
undebug all
You can post the output of the above debug commands in the forum
Hope to help
Giuseppe
12-18-2008 03:14 AM
Thank you. Configured the router and ADSL connectivity established. I have remote connectivity. It was the negotiation that seemed to be the issue. It's funny as the SDM software sets it to DHCP - just tested on a spare router.
Thanks again.
Adrian
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: