Showing results for 
Search instead for 
Did you mean: 
Adrian Jones

BT Internet Connection Issue on Cisco 857

I am trying to configure a BT Business Broadband connection for 6 Cisco 857 ADSL Routers. Unfortunately these are located at various stations and since they are not working I cannot access these but have to get someone to make config changes to try and get an internet connection.

These tested okay on a Non-BT Connection so I know that this is an ADSL configuration issue.

Can someone please give advise? When connected I get the CD Light enabled but no PPP connection. I have configured the connection as DHCP rather than Static IP as BT stated this would then auto configure the IP, Gateway and DNS for me. The config looks good but am I missing some? Is this just an IP Route issue that looks missing from the config?

Config is as follows:

Using 4501 out of 131072 bytes


version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption


hostname birchington





logging buffered 52000

enable secret 5 $1$Pg1Y$6YW.xAcaVJeCUlNPcgEue.


ip cef

ip domain name

ip name-server

ip name-server


crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp key ********* address xx.xx.xx.xx


crypto isakmp client configuration group Norsonic

key qq-norsonic

max-users 3


crypto isakmp client configuration group Campbell_Associates

key qq-campbell

crypto isakmp profile sdm-ike-profile-1

match identity group Norsonic

client authentication list sdm_vpn_xauth_ml_1

isakmp authorization list sdm_vpn_group_ml_1

client configuration address respond

virtual-template 1

crypto isakmp profile sdm-ike-profile-2

match identity group Campbell_Associates

client authentication list sdm_vpn_xauth_ml_2

isakmp authorization list sdm_vpn_group_ml_2

client configuration address respond

virtual-template 3



crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac


crypto ipsec profile SDM_Profile1

set transform-set ESP-3DES-SHA1

set isakmp-profile sdm-ike-profile-1


crypto ipsec profile SDM_Profile2

set transform-set ESP-3DES-SHA2

set isakmp-profile sdm-ike-profile-2



crypto map SDM_CMAP_1 1 ipsec-isakmp

description Tunnel toxx.xx.xx.xx

set peer xx.xx.xx.xx

set transform-set ESP-3DES-SHA

match address 150



log config







interface ATM0

no ip address

no atm ilmi-keepalive

dsl operating-mode auto


interface ATM0.1 point-to-point

pvc 0/38

encapsulation aal5mux ppp dialer

dialer pool-member 1



interface FastEthernet0


interface FastEthernet1


interface FastEthernet2


interface FastEthernet3


interface Virtual-Template1 type tunnel

ip unnumbered Dialer0

tunnel mode ipsec ipv4

tunnel protection ipsec profile SDM_Profile1


interface Virtual-Template3 type tunnel

ip unnumbered Dialer0

tunnel mode ipsec ipv4

tunnel protection ipsec profile SDM_Profile2


interface Vlan1


ip address

ip tcp adjust-mss 1452


interface Dialer0

ip address dhcp

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap callin

ppp chap hostname

ppp chap password 0 *

crypto map SDM_CMAP_1


ip forward-protocol nd


ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000


access-list 150 remark VPN Connectivity to SHB

access-list 150 remark SDM_ACL Category=4

access-list 150 permit ip

dialer-list 1 protocol ip permit

no cdp run




line con 0

no modem enable

line aux 0

line vty 0 4

privilege level 15

transport input telnet ssh


scheduler max-task-time 5000


Giuseppe Larosa
Hall of Fame Master

Hello Adrian,

some notes

when using any PPPoX service the ip address can be assigned by the RAS but not via DHCP but by IPCP that is part of PPP negotiation

So I would change to

int dialer 0

ip address negotiated

2) when performing basic testing it is better to remove the security features that can be added later


int dialer 0

no crypto map SDM_CMAP_1

3) to perform troubleshooting do the following

get telnet access to the router in enabled mode add

terminal monitor

debug ppp negotiation

debug ppp authentication

then do the following

int atm0


no shut

so you can collect the output from a negotiation

There are different types on PPPoX so it is important to understand if you are using the correct one and if PPP session fails for what reason.

at the end do

undebug all

You can post the output of the above debug commands in the forum

Hope to help


Thank you. Configured the router and ADSL connectivity established. I have remote connectivity. It was the negotiation that seemed to be the issue. It's funny as the SDM software sets it to DHCP - just tested on a spare router.

Thanks again.