Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
508
Views
0
Helpful
0
Replies

Creating L2TP Outgoing Interface - dial-out

Paul Smith
Level 1
Level 1

‎06-09-2017 02:01 AM

Hi,

I need to connect a Cisco 2901 with a 4G interface to and Azure gateway using a VPN. First choice is S2S but I need a static IP for that. My next idea is to connect with a P2S connection by connecting to a Windows RRAS inside Azure. How would you do this? I have already configured the following VPDN settings but I am unsure where to go from here. What makes it harder is that I am already using a dialer interface that is attached to the cell interface. Check it out;

KDRHO-WAN-RTR-4G#sh run
Building configuration...


Current configuration : 7545 bytes
!
! Last configuration change at 15:24:06 Bris Fri Jun 9 2017 by nwtech
! NVRAM config last updated at 15:18:58 Bris Thu Jun 8 2017 by nwtech
!
version 15.6
service timestamps debug datetime localtime
service timestamps log datetime localtime
no service password-encryption
!
hostname KDRHO-WAN-RTR-4G
!
boot-start-marker
boot-end-marker
!
!
logging count
logging userinfo
logging buffered 131000
!
aaa new-model
!
!
aaa authentication login local_access local
!
!
!
!
!
aaa session-id common
ethernet lmi ce
clock timezone Bris 10 0
!
!
!
!
!
!
!
!
!
!
!
!
no ip domain lookup
ip domain name yourdomain.com
ip name-server 8.8.8.8
no ip cef
no ipv6 cef
!
!
flow record nbar-appmon
match ipv4 source address
match ipv4 destination address
match application name
collect interface output
collect counter bytes
collect counter packets
collect timestamp absolute first
collect timestamp absolute last
!
!
flow monitor application-mon
cache timeout active 60
record nbar-appmon
!
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group test
request-dialout
protocol l2tp
pool-member 44
initiate-to ip 52.237.xxx.xxx
l2tp tunnel password 0 T3stxxxxxxxxxx
!
!
chat-script lte "" "AT!CALL" TIMEOUT 60 "OK"
chat-script lte"" "AT!CALL" TIMEOUT 60 "OK
!
crypto pki trustpoint TP-self-signed-406006263
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-406006263
revocation-check none
rsakeypair TP-self-signed-406006263
!
!
crypto pki certificate chain TP-self-signed-406006263
certificate self-signed 01
30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34303630 30363236 33301E17 0D313730 32313232 33353735
305A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3430 36303036
32363330 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
A208BB08 4F98FDA5 9BC26604 78ECA6E9 7789C38C 95106885 F23664A9 B1B8660F
E23B1D9C AD43262F 676F13CD 4F527B72 88090C52 9B06A8D7 1753E54C 80EECE13
C0093CC9 2D783C20 DEDAD227 C5436DB0 31AE3FA2 9A8A61AC 9548DED6 9389D3A0
B35F7AC7 868CBD9C 4654F1EA E7EF020F E17F6F8B 50924DFC B25DB566 4EDF4961
02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
23041830 1680143E 593AE66A 5AC9E388 91C80621 ED4C3CAB F8858B30 1D060355
1D0E0416 04143E59 3AE66A5A C9E38891 C80621ED 4C3CABF8 858B300D 06092A86
4886F70D 01010505 00038181 00987383 ED636DBF 2135B417 7A0E61EC 1078B257
285B7A21 0FB87EDD A9874B5C A8B2E09E 58088FB4 4087CF3C 3F1C54FA 918B9CC1
2CE7C968 3A483EDD A9CCA697 7F19A70E 66241489 3C62952F E1E1DE31 2D9841C7
7EB5FD7C 5386D480 139C074F EDBB7D37 7B5D1340 11C7E650 6C397A59 147C776B
4B9C15F3 EEE7CE68 CF6FC860 73
quit
license udi pid CISCO2901/K9 sn FGL20521169
license accept end user agreement
license boot module c2900 technology-package securityk9
!
!
username xxxxxx privilege 15 secret 5 xxxxxxxxxxxxxxxxx
username xxxxxxx secret 5 xxxxxxxxxxxxxxxxxxxxxxx
username xxxxxx privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxx
!
redundancy
!
!
!
!
!
controller Cellular 0/0
lte gps mode standalone
lte gps nmea
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
!
track 1 ip sla 1 reachability
!
!

!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/0.99
description MANAGEMENT VLAN
encapsulation dot1Q 99
ip address 192.168.213.4 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1
no ip address
ip virtual-reassembly in
duplex auto
speed auto
!
interface Cellular0/0/0
ip address negotiated
encapsulation slip
dialer in-band
dialer pool-member 1
!
interface Cellular0/0/1
no ip address
encapsulation slip
!
interface Dialer0
ip address negotiated
ip access-group dialer-out out
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1350
dialer pool 1
dialer idle-timeout 0
dialer string gsm
dialer persistent
ppp ipcp dns request
ppp ipcp route default
no cdp enable
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 2 interface Dialer0 overload
ip nat inside source static tcp 192.168.213.15 22 interface Cellular0/0/0 8420
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.212.0 255.255.252.0 GigabitEthernet0/0.99
!
ip access-list standard dialer-out
permit any
!
ip sla 1
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0.99
threshold 2
frequency 5
ip sla schedule 1 life forever start-time now
logging trap debugging
logging host xxxxxxxx
logging host 192.168.213.15
dialer-list 1 protocol ip list 1
!
!
snmp-server community xxxxxx
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 1 permit 192.168.212.0 0.0.3.255
access-list 2 permit 192.168.213.0 0.0.0.255
access-list 23 permit 10.10.10.0 0.0.0.127
access-list 23 permit 192.168.212.0 0.0.0.255
access-list 23 permit 192.168.213.0 0.0.0.255
access-list 23 permit 192.168.214.0 0.0.0.255
access-list 23 permit 172.22.20.0 0.0.1.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 10.201.212.0 0.0.0.255
!
!
!
control-plane
!
!
banner exec ^C

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
||-|C|I|S|C|O|-|2|9|0|1|-|4G|-|R|O|U|T|E|R|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-

^C
banner login ^C

UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED

You must have explicit, authorized permission to access or configure this device.

Unauthorized attempts and actions to access or use this system may result in civil and/or
criminal penalties.

All activities performed on this device are logged and monitored.

^C
!
line con 0
login authentication local_access
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 0/0/0
script dialer lte
no exec
rxspeed 100000000
txspeed 50000000
line 0/0/1
no exec
rxspeed 100000000
txspeed 50000000
line 0/0/5
modem InOut
no exec
transport input all
transport output all
line vty 0 4
access-class 23 in
privilege level 15
login authentication local_access
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp authenticate
ntp server 130.102.2.123
!
end

KDRHO-WAN-RTR-4G#

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents