Dear all,

So,  I am a beginner to Cisco. Our Co. Infrastructure is Cisco based, but this is a private project so no help from the networking guys.

I have a fiber link to my home office, and as a backup I have a FTTC/VDSL link from UK vodafone. I have used various routers and as I had a Cisco 897A sitting in the cabinet, I have configured with NAT and ssh. Comparing with Vodafone / BT routers (the latest version), I get about 5-10% better throughput. Go Cisco!

I have set up l2tp/ipsec on the router, using various sources from the internet, including this forum. I am using a Mac l2tp/ipsec client, wich succesfully connects to a number of VPN service provider, including the corporate VPN.

I am including the "show config" here for you experts to take a look at. I have monitored the debug output, but absolutely nothing is happening. The client just responds with a message "the Server did not respond".

Please help. I know the box is old, but it looks good on my desk.

I have included the "show ip interface brief" at the end.

Using 4909 out of 262136 bytes
!
! Last configuration change at 16:27:39 UTC Wed Jul 21 2021 by admin
! NVRAM config last updated at 16:27:43 UTC Wed Jul 21 2021 by admin
!
version 15.7
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname vodafone
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 secret
enable password password
!
no aaa new-model
!
!
!
!
!
!
!
no ip source-route
no ip icmp rate-limit unreachable
!
!
!
!
!
!
!
!
!
!


!
!
!
!
ip domain name jesus.net
ip ddns update method no-ip
 HTTP
  add http://dynupdate.no-ip.com/nic/update?hostname=<h>&myip=<a>
 interval maximum 0 0 15 0
!         
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
vpdn enable
!
vpdn-group VPN_L2TP-IPsec
 ! Default L2TP VPDN group
 accept-dialin
  protocol l2tp
  virtual-template 1
 no l2tp tunnel authentication
!
!
!
!
!
!
!
!
license udi pid C897VA-K9 sn FCZ1850C018
!
!
username admin privilege 15 secret 5 reallybigsecret
username user1 password 0 password1
!
redundancy
!
!
!
!
!
controller VDSL 0
!
!
!
crypto isakmp policy 100
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key preshared_key address 0.0.0.0        
crypto isakmp keepalive 3600
!
!
crypto ipsec transform-set TRANS-SET esp-3des esp-sha-hmac
 mode transport
!
!
!
crypto dynamic-map DYNAMIC_MAP 10
 set nat demux
 set transform-set TRANS-SET
!
!
crypto map CRYPTO_MAP 100 ipsec-isakmp dynamic DYNAMIC_MAP
!
!
!
!
!
!
interface Loopback100
 ip address 172.16.1.1 255.255.255.255
!
interface ATM0
 no ip address
 shutdown
 no atm ilmi-keepalive
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
 isdn termination multidrop
!
interface Ethernet0
 no ip address
!
interface Ethernet0.101
 encapsulation dot1Q 101
 pppoe enable group global
 pppoe-client dial-pool-number 1
!
interface GigabitEthernet0
 switchport access vlan 2
 switchport mode trunk
 no ip address
!
interface GigabitEthernet1
 switchport access vlan 2
 switchport mode trunk
 no ip address
!
interface GigabitEthernet2
 no ip address
 shutdown
!
interface GigabitEthernet3
 no ip address
 shutdown
!
interface GigabitEthernet4
 no ip address
 shutdown
!
interface GigabitEthernet5
 no ip address
 shutdown
!
interface GigabitEthernet6
 no ip address
!
interface GigabitEthernet7
 no ip address
!
interface GigabitEthernet8
 no ip address
 duplex auto
 speed auto
!
interface Virtual-Template1
 ip unnumbered Dialer0
 ip mtu 1280
 ip nat inside
 ip virtual-reassembly in
 peer default ip address pool VPN_POOL_ADDR
 ppp encrypt mppe auto
 ppp authentication ms-chap-v2
!
interface Vlan1
 ip address 192.168.3.2 255.255.255.0
 ip nat inside
 no ip virtual-reassembly in
!
interface Vlan2
 no ip address
!
interface Dialer0
 mtu 1492
 ip ddns update hostname acme.com
 ip ddns update no-ip
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer idle-timeout 0
 dialer persistent
 dialer-group 1
 no cdp enable
 ppp authentication chap ms-chap ms-chap-v2 eap callin
 ppp chap hostname @owry@broadband.vodafone.co.uk
 ppp chap password 0 Jesus
 ppp ipcp dns request
 ppp ipcp wins request
 ppp ipcp route default
 ppp ipcp address accept
!
interface Dialer1
 no ip address
!
ip local pool test 10.1.1.2 10.1.1.100
ip local pool VPN_POOL_ADDR 10.10.10.1 10.10.10.10
ip forward-protocol nd
ip http server
ip http authentication local
no ip http secure-server
!
!
ip dns server
ip nat pool LAN 192.168.3.0 192.168.3.254 netmask 255.255.255.0
ip nat inside source list LAN interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
ip ssh time-out 12
ip ssh port 2002 rotary 1
ip ssh rsa keypair-name ssh
ip ssh logging events
ip ssh version 2
ip ssh pubkey-chain
  username admin
   key-hash ssh-rsa blabla
ip ssh server algorithm authentication publickey
!
ip access-list standard LAN
 permit 192.168.3.0 0.0.0.255
ip access-list standard SSH
 permit any
!
ip access-list extended L2TP
 permit udp any host 0.0.0.0 eq isakmp
 permit udp any host 0.0.0.0 eq non500-isakmp
 permit esp any host 0.0.0.0
 permit ip any host 0.0.0.0
ip access-list extended NO22
 permit tcp any any eq 2002
!
ipv6 ioam timestamp
!
access-list 1 permit 10.10.10.0 0.0.0.255
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
 vstack
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 access-class NO22 in
 password qNKSbePL8pFxL
 login local
 rotary 1
 transport input ssh
!
scheduler allocate 20000 1000
ntp update-calendar
ntp server uk.pool.ntp.org
!
!
!
!
!
!
!
end

Interface                  IP-Address      OK? Method Status                Protocol
ATM0                       unassigned      YES NVRAM  administratively down down    
BRI0                       unassigned      YES NVRAM  administratively down down    
BRI0:1                     unassigned      YES unset  administratively down down    
BRI0:2                     unassigned      YES unset  administratively down down    
Dialer0                    90.246.7.117    YES IPCP   up                    up      
Dialer1                    unassigned      YES unset  up                    up      
Ethernet0                  unassigned      YES NVRAM  up                    up      
Ethernet0.101              unassigned      YES unset  up                    up      
GigabitEthernet0           unassigned      YES unset  down                  down    
GigabitEthernet1           unassigned      YES unset  down                  down    
GigabitEthernet2           unassigned      YES unset  administratively down down    
GigabitEthernet3           unassigned      YES unset  administratively down down    
GigabitEthernet4           unassigned      YES unset  administratively down down    
GigabitEthernet5           unassigned      YES unset  administratively down down    
GigabitEthernet6           unassigned      YES unset  down                  down    
GigabitEthernet7           unassigned      YES unset  up                    up      
GigabitEthernet8           unassigned      YES NVRAM  down                  down    
Loopback100                172.16.1.1      YES NVRAM  up                    up      
NVI0                       172.16.1.1      YES unset  up                    up      
Virtual-Access1            unassigned      YES unset  down                  down    
Virtual-Access2            unassigned      YES unset  up                    up      
Virtual-Access3            unassigned      YES unset  up                    up      
Virtual-Template1          90.246.7.117    YES unset  down                  down    
Vlan1                      192.168.3.2     YES NVRAM  up                    up      
Vlan2                      unassigned      YES unset  down                  down