Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1228
Views
0
Helpful
0
Replies

L2PTP VPN and GRE Tunnel on same 3945 router

Michael Durham
Level 4
Level 4

‎06-19-2019 11:36 AM

My 3945 router has a GRE tunnel configured on it to communicate to other routers over the internet.  It is a DMVPN and works correctly.  Now I need to add the ability for me to connect to my router from a Windows machine using DUNS.  I have found a configuration to PPP but before I apply it, I need to be sure that it will work and not break my current tunnel.

We want to use local authentication for the DUNS/PPP connection and the only thing we will be running is remote desktop.  No file/drive sharing.  Our internet source is via the cellular0/3/0 interface ONLY.

Please take a look at our current config and the config that I want to add and let me know if I need to change anything, add anything, move any code to a different place, or do it a completely different way to meet my goals etc.

NEW CODE

vpdn-group 1
Default PPTP VPDN group

accept-dialin
protocol pptp
virtual-template 1

pptp tunnel echo 10
l2tp tunnel timeout no-session 15
ip pmtu
ip mtu adjust

interface cellular0/3/0
pppoe enable group global
pppoe-client dial-pool-number 1
no cdp enable

interface Virtual-Template1
ip unnumbered Loopback0
ip mtu 1492
ip virtual-reassembly
autodetect encapsulation ppp
peer default ip address pool PPP
ppp encrypt mppe auto required
ppp authentication ms-chap-v2

nterface Dialer1
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap callin

ppp pap sent-username DSLUSERNAME password DSLPASSWORD

ip local pool PPP 192.168.207.200 192.168.207.250

CURRENT CONFIG:

Current configuration : 38460 bytes
!
! Last configuration change at 22:31:43 DST Tue Jun 18 2019 by mdurham4
version 15.2
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime year
service password-encryption
service internal
service sequence-numbers
!
hostname TDC_CME_Router
!
boot-start-marker
boot-end-marker
!
enable secret Cisco
!
no aaa new-model
clock timezone EST -5 0
clock summer-time DST recurring
!
!
crypto pki trustpoint TP-self-signed-33159
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-33159
revocation-check none
rsakeypair TP-self-signed-33159
!
!
crypto pki certificate chain TP-self-signed-33159
certificate self-signed 01
3082024C 308201B5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
ADF1073D 3222259C 290A63BF 6B93FC99 E9AB32D1 C4980427 9CDB03BA 8C964379
B557EAC1 EB6DD51A 8B7F4967 908C54B6 ADC72EB8 D5678318 76FA7141 693AF1C1
7819D0E7 7C444619 4A1A5AB9 D28315F6
quit
!
ip dhcp smart-relay
ip dhcp relay information option
ip dhcp excluded-address 10.110.0.1 10.110.0.20
ip dhcp excluded-address 192.168.0.1 192.168.0.155
ip dhcp excluded-address 192.168.0.200 192.168.0.254
ip dhcp excluded-address 192.168.50.1 192.168.50.200
ip dhcp excluded-address 192.168.69.1 192.168.69.240
ip dhcp excluded-address 192.168.70.1 192.168.70.20
ip dhcp excluded-address 192.168.200.1 192.168.200.240
!
ip dhcp pool Voice
network 10.110.0.0 255.255.255.0
default-router 10.110.0.1
option 150 ip 10.110.0.1
dns-server 1.1.1.1
lease 0 12
!
ip dhcp pool Users
network 192.168.69.0 255.255.255.0
default-router 192.168.69.1
dns-server 1.1.1.1
option 150 ip 10.110.0.1
lease 0 12
!
ip dhcp pool TempVMware
network 192.168.70.0 255.255.255.0
default-router 192.168.70.1
dns-server 192.168.50.100
lease 0 12
!
ip dhcp pool Wiireless
network 192.168.200.0 255.255.255.0
default-router 192.168.200.1
dns-server 1.1.1.1
option 150 ip 10.110.0.1
lease 0 12
!
ip dhcp pool VMware
network 192.168.50.0 255.255.255.0
default-router 192.168.50.1
dns-server 192.168.50.5
lease 0 12
!
ip name-server 1.1.1.1
ip name-server 8.8.8.8
ip name-server 4.2.2.2
ip inspect WAAS flush-timeout 10
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
chat-script ltescript "" "AT!CALL1" TIMEOUT 20 "OK"
password encryption aes
voice-card 0
dsp services dspfarm
!
voice service voip
ip address trusted list
ipv4 72.999.999.999
allow-connections sip to sip
no supplementary-service sip moved-temporarily
no supplementary-service sip refer
redirect ip2ip
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
sip
registrar server
!
voice class codec 1
codec preference 1 g711ulaw
!
voice class custom-cptone joining-tone
dualtone conference
frequency 1000 1000
cadence 150 50 150 50
!
voice class custom-cptone leaving-tone
dualtone conference
frequency 900 900
cadence 150 50 150 50
!
!
voice register global
max-dn 100
max-pool 100
!
voice register pool 50
no digit collect kpml
!
voice translation-rule 2
rule 1 /\([2-9].........\)/ /1\1/
!
voice translation-rule 3
rule 1 /411/ /18003733411/
!
voice translation-rule 4
rule 1 reject /0/
!
!
voice translation-profile BLOCK-INBOUND
translate calling 4
!
voice translation-profile Eleven_Digit_Dialing
translate calling 10
!
voice translation-profile Free_411
translate called 3
!
voice translation-profile Incoming_calls
translate called 1
!
voice translation-profile Ten_Digit_Dialing
translate calling 10
translate called 2
!
license udi pid C3900-SPE100/K9 sn FOCC
license accept end user agreement
license boot module c3900 technology-package securityk9
license boot module c3900 technology-package uck9
hw-module pvdm 0/0
!
hw-module sm 1
!
hw-module sm 2
!
dial-control-mib retain-timer 10080
dial-control-mib max-size 500
username mdurham privilege 15 password cisco1
username ssommer privilege 15 password cisco2
username ldisbrow privilege 15 password cisco3
!
redundancy
notification-timer 60000
!
controller Cellular 0/3
!
track 10 ip sla 1 reachability
delay down 1 up 1
!
track 20 ip sla 2 reachability
delay down 1 up 1
!
crypto isakmp policy 100
encr aes 256
hash sha512
authentication pre-share
group 16
lifetime 3600
crypto isakmp key 6 CarKey address 0.0.0.0
crypto isakmp keepalive 10 periodic
!
!
crypto ipsec transform-set support ah-sha512-hmac esp-3des
!
crypto ipsec profile support
set security-association lifetime seconds 86400
set transform-set support
!
interface Tunnel1
description mGRE - DMVPN Tunnel for customer remote support
ip address 172.16.0.1 255.255.0.0
no ip redirects
ip nhrp authentication CarKey
ip nhrp map multicast dynamic
ip nhrp network-id 455
tunnel source 166.999.999.999
tunnel mode gre multipoint
tunnel protection ipsec profile support
!
interface Embedded-Service-Engine0/0
no ip address
!
interface GigabitEthernet0/0
no ip address
no ip route-cache cef
duplex auto
speed auto
!
interface GigabitEthernet0/0.2
description Sommer's Network
encapsulation dot1Q 2
ip address 192.168.0.253 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1300
ip policy route-map clear-df
!
interface GigabitEthernet0/0.50
description "VMWare Server HP DL160 Server 3"
encapsulation dot1Q 50
ip address 192.168.50.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1300
ip policy route-map clear-df
!
interface GigabitEthernet0/0.69
description "Data Network"
encapsulation dot1Q 69 native
ip address 192.168.69.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1300
ip policy route-map clear-df
!
interface GigabitEthernet0/0.110
description "Voice Network"
encapsulation dot1Q 110
ip address 10.110.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1300
ip policy route-map clear-df
!
interface GigabitEthernet0/0.200
description "Wireless - Guest User Network"
encapsulation dot1Q 200
ip address 192.168.200.1 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1300
ip policy route-map clear-df
!
interface GigabitEthernet0/1
description "VMWare Server Dell R620 Server 1"
ip address 192.168.51.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no ip route-cache
ip tcp adjust-mss 1300
ip policy route-map clear-df
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
no ip route-cache
shutdown
duplex auto
speed auto
!
interface FastEthernet0/0/0
ip address dhcp
ip nat outside
ip nat enable
ip virtual-reassembly in
shutdown
duplex auto
speed auto
!
interface Integrated-Service-Engine1/0
no ip address
shutdown
no keepalive
!
interface SM2/0
description Unity-Express-Service
ip unnumbered GigabitEthernet0/0.110
ip nat inside
ip virtual-reassembly in
service-module fail-open
service-module ip address 10.110.0.2 255.255.255.0
service-module ip default-gateway 10.110.0.1
!
interface SM2/1
description Internal switch interface connected to Service Module
no ip address
!
interface Cellular0/3/0
ip address negotiated
ip access-group Protect in
no ip unreachables
ip nat outside
ip virtual-reassembly in
encapsulation slip
load-interval 30
dialer in-band
dialer idle-timeout 0
dialer string ltescript
dialer watch-group 1
async mode interactive
pulse-time 0
!
interface Vlan1
no ip address
!
interface Dialer0
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer string 123456
dialer persistent
dialer-group 1
no cdp enable
!
!
router eigrp 1577
network 10.110.0.0 0.0.0.255
network 192.168.0.0
network 192.168.50.0
network 192.168.69.0
network 192.168.200.0
!
no ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip http path flash:CME_GUI
!
no ip nat service sip udp port 5060
ip nat inside source list 151 interface Cellular0/3/0 overload
ip route 0.0.0.0 0.0.0.0 Cellular0/3/0 track 10
ip route 0.0.0.0 0.0.0.0 192.168.0.254 10 track 20
ip route 4.2.2.2 255.255.255.255 Cellular0/3/0
ip route 10.110.0.2 255.255.255.255 SM2/0
!
ip access-list extended Protect
remark Protect connections from the Internet
deny tcp any any eq telnet
deny tcp any any eq www
permit ip any any
!
ip sla auto discovery
ip sla 1
icmp-echo 4.2.2.2 source-interface Cellular0/3/0
threshold 750
timeout 900
frequency 1
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 192.168.0.254 source-ip 192.168.0.253
threshold 750
timeout 900
frequency 1
ip sla schedule 2 life forever start-time now
logging history size 500
access-list 20 remark Networks Allowed onto the Internet
access-list 20 permit 10.110.0.0 0.0.0.255
access-list 20 permit 192.168.0.0 0.0.0.255
access-list 20 permit 192.168.50.0 0.0.0.255
access-list 20 permit 192.168.51.0 0.0.0.255
access-list 20 permit 192.168.69.0 0.0.0.255
access-list 20 permit 192.168.200.0 0.0.0.255
access-list 20 permit 172.16.0.0 0.0.255.255
access-list 100 remark "Block Guest network to everything except the printers, ntp & the Internet
access-list 100 permit udp host 162.210.111.4 eq ntp host 192.168.200.1 eq ntp
access-list 100 permit ip any host 192.168.69.90
access-list 100 permit ip any host 192.168.69.91
access-list 100 permit ip any host 192.168.69.92
access-list 100 permit ip any 192.168.200.0 0.0.0.15
access-list 100 deny ip any 192.168.0.0 0.0.255.255
access-list 100 permit ip any any
access-list 151 permit ip 10.0.0.0 0.255.255.255 any
access-list 151 permit ip 172.16.0.0 0.15.255.255 any
access-list 151 permit ip 192.168.0.0 0.0.255.255 any
dialer watch-list 1 ip 5.6.7.8 0.0.0.0
dialer watch-list 1 delay route-check initial 60
dialer watch-list 1 delay connect 1
dialer-list 1 protocol ip permit
!
nls resp-timeout 1
cpd cr-id 1
route-map clear-df permit 10
set ip df 0
!

0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card