07-22-2021 03:02 AM
Dear all,
So, I am a beginner to Cisco. Our Co. Infrastructure is Cisco based, but this is a private project so no help from the networking guys.
I have a fiber link to my home office, and as a backup I have a FTTC/VDSL link from UK vodafone. I have used various routers and as I had a Cisco 897A sitting in the cabinet, I have configured with NAT and ssh. Comparing with Vodafone / BT routers (the latest version), I get about 5-10% better throughput. Go Cisco!
I have set up l2tp/ipsec on the router, using various sources from the internet, including this forum. I am using a Mac l2tp/ipsec client, wich succesfully connects to a number of VPN service provider, including the corporate VPN.
I am including the "show config" here for you experts to take a look at. I have monitored the debug output, but absolutely nothing is happening. The client just responds with a message "the Server did not respond".
Please help. I know the box is old, but it looks good on my desk.
I have included the "show ip interface brief" at the end.
Using 4909 out of 262136 bytes
!
! Last configuration change at 16:27:39 UTC Wed Jul 21 2021 by admin
! NVRAM config last updated at 16:27:43 UTC Wed Jul 21 2021 by admin
!
version 15.7
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname vodafone
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 secret
enable password password
!
no aaa new-model
!
!
!
!
!
!
!
no ip source-route
no ip icmp rate-limit unreachable
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip domain name jesus.net
ip ddns update method no-ip
HTTP
add http://dynupdate.no-ip.com/nic/update?hostname=<h>&myip=<a>
interval maximum 0 0 15 0
!
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
vpdn enable
!
vpdn-group VPN_L2TP-IPsec
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 1
no l2tp tunnel authentication
!
!
!
!
!
!
!
!
license udi pid C897VA-K9 sn FCZ1850C018
!
!
username admin privilege 15 secret 5 reallybigsecret
username user1 password 0 password1
!
redundancy
!
!
!
!
!
controller VDSL 0
!
!
!
crypto isakmp policy 100
encr 3des
authentication pre-share
group 2
crypto isakmp key preshared_key address 0.0.0.0
crypto isakmp keepalive 3600
!
!
crypto ipsec transform-set TRANS-SET esp-3des esp-sha-hmac
mode transport
!
!
!
crypto dynamic-map DYNAMIC_MAP 10
set nat demux
set transform-set TRANS-SET
!
!
crypto map CRYPTO_MAP 100 ipsec-isakmp dynamic DYNAMIC_MAP
!
!
!
!
!
!
interface Loopback100
ip address 172.16.1.1 255.255.255.255
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
!
interface Ethernet0
no ip address
!
interface Ethernet0.101
encapsulation dot1Q 101
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0
switchport access vlan 2
switchport mode trunk
no ip address
!
interface GigabitEthernet1
switchport access vlan 2
switchport mode trunk
no ip address
!
interface GigabitEthernet2
no ip address
shutdown
!
interface GigabitEthernet3
no ip address
shutdown
!
interface GigabitEthernet4
no ip address
shutdown
!
interface GigabitEthernet5
no ip address
shutdown
!
interface GigabitEthernet6
no ip address
!
interface GigabitEthernet7
no ip address
!
interface GigabitEthernet8
no ip address
duplex auto
speed auto
!
interface Virtual-Template1
ip unnumbered Dialer0
ip mtu 1280
ip nat inside
ip virtual-reassembly in
peer default ip address pool VPN_POOL_ADDR
ppp encrypt mppe auto
ppp authentication ms-chap-v2
!
interface Vlan1
ip address 192.168.3.2 255.255.255.0
ip nat inside
no ip virtual-reassembly in
!
interface Vlan2
no ip address
!
interface Dialer0
mtu 1492
ip ddns update hostname acme.com
ip ddns update no-ip
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
no cdp enable
ppp authentication chap ms-chap ms-chap-v2 eap callin
ppp chap hostname @owry@broadband.vodafone.co.uk
ppp chap password 0 Jesus
ppp ipcp dns request
ppp ipcp wins request
ppp ipcp route default
ppp ipcp address accept
!
interface Dialer1
no ip address
!
ip local pool test 10.1.1.2 10.1.1.100
ip local pool VPN_POOL_ADDR 10.10.10.1 10.10.10.10
ip forward-protocol nd
ip http server
ip http authentication local
no ip http secure-server
!
!
ip dns server
ip nat pool LAN 192.168.3.0 192.168.3.254 netmask 255.255.255.0
ip nat inside source list LAN interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
ip ssh time-out 12
ip ssh port 2002 rotary 1
ip ssh rsa keypair-name ssh
ip ssh logging events
ip ssh version 2
ip ssh pubkey-chain
username admin
key-hash ssh-rsa blabla
ip ssh server algorithm authentication publickey
!
ip access-list standard LAN
permit 192.168.3.0 0.0.0.255
ip access-list standard SSH
permit any
!
ip access-list extended L2TP
permit udp any host 0.0.0.0 eq isakmp
permit udp any host 0.0.0.0 eq non500-isakmp
permit esp any host 0.0.0.0
permit ip any host 0.0.0.0
ip access-list extended NO22
permit tcp any any eq 2002
!
ipv6 ioam timestamp
!
access-list 1 permit 10.10.10.0 0.0.0.255
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
vstack
!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class NO22 in
password qNKSbePL8pFxL
login local
rotary 1
transport input ssh
!
scheduler allocate 20000 1000
ntp update-calendar
ntp server uk.pool.ntp.org
!
!
!
!
!
!
!
end
Interface IP-Address OK? Method Status Protocol
ATM0 unassigned YES NVRAM administratively down down
BRI0 unassigned YES NVRAM administratively down down
BRI0:1 unassigned YES unset administratively down down
BRI0:2 unassigned YES unset administratively down down
Dialer0 90.246.7.117 YES IPCP up up
Dialer1 unassigned YES unset up up
Ethernet0 unassigned YES NVRAM up up
Ethernet0.101 unassigned YES unset up up
GigabitEthernet0 unassigned YES unset down down
GigabitEthernet1 unassigned YES unset down down
GigabitEthernet2 unassigned YES unset administratively down down
GigabitEthernet3 unassigned YES unset administratively down down
GigabitEthernet4 unassigned YES unset administratively down down
GigabitEthernet5 unassigned YES unset administratively down down
GigabitEthernet6 unassigned YES unset down down
GigabitEthernet7 unassigned YES unset up up
GigabitEthernet8 unassigned YES NVRAM down down
Loopback100 172.16.1.1 YES NVRAM up up
NVI0 172.16.1.1 YES unset up up
Virtual-Access1 unassigned YES unset down down
Virtual-Access2 unassigned YES unset up up
Virtual-Access3 unassigned YES unset up up
Virtual-Template1 90.246.7.117 YES unset down down
Vlan1 192.168.3.2 YES NVRAM up up
Vlan2 unassigned YES unset down down
07-22-2021 05:05 AM
before i look the config in detailed ? First is the provider allowing incoming connections ?
run some debug "debug ppp negotiation" and post the outcome here ?
07-22-2021 06:27 AM
07-22-2021 09:21 AM
run debug and check and post the debug logs here
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide