Solved: CISCO 875 ADSL with L2TP

MariusDauth7167 · ‎08-22-2019

Hello everyone

I would really try my best not to be the one asking the stupid questions. Out of dire need I have salvaged a old 875 ADSL Cisco. I have used years before put it in storage and I know its working. I have done a factory reset and have been struggling with something that I am pretty sure is easy. I have an business ADSL account with my service provider. They also provided me with a L2TP service for a public static IP address. I have the ADSL connecting to the internet I also get the L2TP up and can ping the static IP I have. I can even go to the internet.

Here are my details and last problems:

1. ADSL Account & Password

2. L2TP server 105.225.0.101

3. I get internet can surf anywhere

4.Ping the static IP supplied by my service provider "from inside and outside" and access it remotely using putty

5.If I disconnect my laptop from the router the adsl connection dies and also my static IP.

6. Even with the static IP working and internet access, if i go to google search and type "whats my ip" it shows my dynamic public IP and not my static public ip.

Can someone please look at my config and help me accordingly.

#sh ip int brief
Interface IP-Address OK? Method Status Protocol
ATM0 unassigned YES NVRAM up up
ATM0.1 unassigned YES unset up up
Dialer0 105.186.235.177 YES IPCP up up
FastEthernet0 unassigned YES unset up up
FastEthernet1 unassigned YES unset up down
FastEthernet2 unassigned YES unset up down
FastEthernet3 unassigned YES unset up down
NVI0 unassigned YES unset administratively down down
Virtual-Access1 unassigned YES unset up up
Virtual-PPP2 41.149.156.161 YES IPCP up up
Vlan1 10.10.10.1 YES NVRAM up up

sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

10.0.0.0/24 is subnetted, 1 subnets
C 10.10.10.0 is directly connected, Vlan1
41.0.0.0/32 is subnetted, 1 subnets
C 41.149.156.161 is directly connected, Virtual-PPP2
105.0.0.0/32 is subnetted, 4 subnets
C 105.186.235.177 is directly connected, Dialer0
C 105.225.0.111 is directly connected, Virtual-PPP2
S 105.225.0.101 is directly connected, Dialer0
C 105.184.43.1 is directly connected, Dialer0
S* 0.0.0.0/0 is directly connected, Dialer0
is directly connected, Virtual-PPP2

My Config

!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname PMDCISCO
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 $1$8LVp$xlpKFDVfm2S9rqkcnIg2c0
!
no aaa new-model
clock timezone PCTime 2
!
crypto pki trustpoint TP-self-signed-1423707950
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1423707950
revocation-check none
rsakeypair TP-self-signed-1423707950
!
!
crypto pki certificate chain TP-self-signed-1423707950
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31343233 37303739 3530301E 170D3139 30383231 31313030
30315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 34323337
30373935 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C308 00CC1BE7 EBE4BBEE 08B0E15A CCFFFCAD 8ECA3DC4 8EB7D4E7 E4CB5D0B
FA89A4A1 1E4B23D4 5DB43AB0 A09FD443 23703B68 DE37F4DC 20887518 B0974B35
DA71E900 964E4CEA 52925D1B E651A37E B34DB5C3 7B1EBF6D 7029D314 97F0E1D0
DCFBCE5F A767D13F 78D9E3B0 BC855662 1A0508D9 D3C04F6C 9CA871E3 E5885982
71770203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 17504D44 43495343 4F2E796F 7572646F 6D61696E 2E636F6D
301F0603 551D2304 18301680 143C92EE 674E3E47 5D9D38B7 78BC85D7 264E6C33
BC301D06 03551D0E 04160414 3C92EE67 4E3E475D 9D38B778 BC85D726 4E6C33BC
300D0609 2A864886 F70D0101 04050003 8181004D C323A276 30C17E99 2EA73342
1372C764 856A9A6E 6F8AB9F6 BEC39CED F20EFC97 5470650C 786BCDF9 005825B4
7C48A894 033B8857 B28DF123 B3787530 1A342AE7 524736BB 749BCAD9 BE969E9F
8D47B460 3AD25FBA B4BC242B 800350C6 315923AD 69FBA5C3 34B20BA3 ED630AEB
E38F4803 507BB1B3 9D31B6F7 0CE2C2C3 67424C
quit
dot11 syslog
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool ccp-pool1
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
!
!
no ip bootp server
ip domain name yourdomain.com
ip name-server 1.1.1.1
ip name-server 8.8.8.8
!
!
!
username myciscouser privilege 15 secret 5 $1$5bn.$4hr/y80FEZJFkqLX4h3PP0
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
pseudowire-class L2TP
encapsulation l2tpv2
ip local interface Dialer0
!
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Virtual-PPP2
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1412
no cdp enable
ppp pap sent-username myadsl@user password 7 033E580A1219336C1A
pseudowire 105.225.0.101 1 pw-class L2TP
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
!
interface Dialer0
mtu 1492
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username myadsl@user password 7 063C0C2058581B3951
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 0.0.0.0 0.0.0.0 Virtual-PPP2
ip route 105.225.0.101 255.255.255.255 Dialer0
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
!
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you
want to use.

-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

MariusDauth7167 · ‎08-23-2019

Mr Guiseppe Larosa

You are an absolute ROCK-STAR.

Thank you for the advise - I had one or two small problems that I managed to Google and get sorted with the Dynamic NAT. I just removed all the NAT commands from the interfaces reloaded the routerand then did my changes and then reinstated the same NAT instructions on the interfaces and all is working the way I wanted it to. I just have to configure my port forwarding for PPTP and firewalling then I am done. I will still have to go and do some more googling but at least my router is up and working.

Thank you very much

Marius D

View solution in original post

Georg Pauwen · ‎08-22-2019

Hello,

I might be missing something, but where do you have a static IP assigned to an interface ?

MariusDauth7167 · ‎08-22-2019

Hello Georg

Thank you for replying. The static gets assigned to Virtual-PPP2 when the l2tp authenticates. You should be able to see my static IP on my route that i have posted. 41.149.159.161

Giuseppe Larosa · ‎08-22-2019

Hello Marius,

if I have correctly understood your requirement you would like to use the Virtual-PPP2 interface instead of the Dialer interface when accessing Internet.

With your current configuration this is not possible for the following reasons:

a) routing aspects

You have two default static routes with same AD one out interface Dialer and one out of interface Virtual-PPP2

ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 0.0.0.0 0.0.0.0 Virtual-PPP2
ip route 105.225.0.101 255.255.255.255 Dialer0

you would need to prefer the static route via Virtual-PPP2 so you would need

conf t

no ip route 0.0.0.0 0.0.0.0 Dialer0

ip route 0.0.0.0 0.0.0.0 Dialer0 220

this makes the static default route via Virtual-PPP2 the primary route for its lower AD (1) compared to 220.

b) NAT commands

You have currently the following configuration statement

access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255

ip nat inside source list 1 interface Dialer0 overload

This must become:

ip nat inside source list 1 interface Virtual-PPP2 overload.

Without this change the internal users will appear as using the Dialer0 dynamic IP address.

>> 5.If I disconnect my laptop from the router the adsl connection dies and also my static IP.

I am afraid this can be fixed only having another device connected to another LAN interface in the same Vlan 1.

as an alternative you can try the following:

int vlan 1

no autostate

This should make SVI Vlan1 to stay up even if no switchport is up in L2 broadcast domain Vlan 1.

>> 6. Even with the static IP working and internet access, if i go to google search and type "whats my ip" it shows my dynamic public IP and not my static public ip.

The proposed changes are reported above about routing and NAT

Hope to help

Giuseppe

MariusDauth7167 · ‎08-23-2019

Mr Guiseppe Larosa

You are an absolute ROCK-STAR.

Thank you for the advise - I had one or two small problems that I managed to Google and get sorted with the Dynamic NAT. I just removed all the NAT commands from the interfaces reloaded the routerand then did my changes and then reinstated the same NAT instructions on the interfaces and all is working the way I wanted it to. I just have to configure my port forwarding for PPTP and firewalling then I am done. I will still have to go and do some more googling but at least my router is up and working.

Thank you very much

Marius D

Giuseppe Larosa · ‎08-23-2019

Hello Marius,

I am happy that you have solved most of your issues.

I have just been enough careful and lucky in reading your first post to understand what you were looking for.

Best Regards

Giuseppe