cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
670
Views
0
Helpful
2
Replies

BT Internet Connection Issue on Cisco 857

Adrian Jones
Level 1
Level 1

I am trying to configure a BT Business Broadband connection for 6 Cisco 857 ADSL Routers. Unfortunately these are located at various stations and since they are not working I cannot access these but have to get someone to make config changes to try and get an internet connection.

These tested okay on a Non-BT Connection so I know that this is an ADSL configuration issue.

Can someone please give advise? When connected I get the CD Light enabled but no PPP connection. I have configured the connection as DHCP rather than Static IP as BT stated this would then auto configure the IP, Gateway and DNS for me. The config looks good but am I missing some? Is this just an IP Route issue that looks missing from the config?

Config is as follows:

Using 4501 out of 131072 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname birchington

!

boot-start-marker

boot-end-marker

!

logging buffered 52000

enable secret 5 $1$Pg1Y$6YW.xAcaVJeCUlNPcgEue.

!

ip cef

ip domain name qinetiq.com

ip name-server 194.72.9.34

ip name-server 194.74.65.68

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp key ********* address xx.xx.xx.xx

!

crypto isakmp client configuration group Norsonic

key qq-norsonic

max-users 3

!

crypto isakmp client configuration group Campbell_Associates

key qq-campbell

crypto isakmp profile sdm-ike-profile-1

match identity group Norsonic

client authentication list sdm_vpn_xauth_ml_1

isakmp authorization list sdm_vpn_group_ml_1

client configuration address respond

virtual-template 1

crypto isakmp profile sdm-ike-profile-2

match identity group Campbell_Associates

client authentication list sdm_vpn_xauth_ml_2

isakmp authorization list sdm_vpn_group_ml_2

client configuration address respond

virtual-template 3

!

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac

!

crypto ipsec profile SDM_Profile1

set transform-set ESP-3DES-SHA1

set isakmp-profile sdm-ike-profile-1

!

crypto ipsec profile SDM_Profile2

set transform-set ESP-3DES-SHA2

set isakmp-profile sdm-ike-profile-2

!

!

crypto map SDM_CMAP_1 1 ipsec-isakmp

description Tunnel toxx.xx.xx.xx

set peer xx.xx.xx.xx

set transform-set ESP-3DES-SHA

match address 150

!

archive

log config

hidekeys

!

!

!

!

!

interface ATM0

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0.1 point-to-point

pvc 0/38

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface Virtual-Template1 type tunnel

ip unnumbered Dialer0

tunnel mode ipsec ipv4

tunnel protection ipsec profile SDM_Profile1

!

interface Virtual-Template3 type tunnel

ip unnumbered Dialer0

tunnel mode ipsec ipv4

tunnel protection ipsec profile SDM_Profile2

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$

ip address 192.168.100.1 255.255.255.0

ip tcp adjust-mss 1452

!

interface Dialer0

ip address dhcp

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap callin

ppp chap hostname B550577@hg70.btclick.com

ppp chap password 0 *

crypto map SDM_CMAP_1

!

ip forward-protocol nd

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

access-list 150 remark VPN Connectivity to SHB

access-list 150 remark SDM_ACL Category=4

access-list 150 permit ip 192.168.100.0 0.0.0.255 192.168.50.0 0.0.0.255

dialer-list 1 protocol ip permit

no cdp run

!

control-plane

!

line con 0

no modem enable

line aux 0

line vty 0 4

privilege level 15

transport input telnet ssh

!

scheduler max-task-time 5000

end

2 Replies 2

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Adrian,

some notes

when using any PPPoX service the ip address can be assigned by the RAS but not via DHCP but by IPCP that is part of PPP negotiation

So I would change to

int dialer 0

ip address negotiated

2) when performing basic testing it is better to remove the security features that can be added later

so

int dialer 0

no crypto map SDM_CMAP_1

3) to perform troubleshooting do the following

get telnet access to the router in enabled mode add

terminal monitor

debug ppp negotiation

debug ppp authentication

then do the following

int atm0

shut

no shut

so you can collect the output from a negotiation

There are different types on PPPoX so it is important to understand if you are using the correct one and if PPP session fails for what reason.

at the end do

undebug all

You can post the output of the above debug commands in the forum

Hope to help

Giuseppe

Thank you. Configured the router and ADSL connectivity established. I have remote connectivity. It was the negotiation that seemed to be the issue. It's funny as the SDM software sets it to DHCP - just tested on a spare router.

Thanks again.

Adrian

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco