cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
245
Views
0
Helpful
3
Replies

Vpdn templates

sudermaniak
Beginner
Beginner

Hello !

I'm using a vpdn connection from outside a company to Cisco 800 series router which act as a end of a vpn tunnel.

generally speaking vpdn configuration looks like that:

- usernames and password are kept on the router

- for connection I use Windows built-in vpn client.

- when client is authenticated router assign it ip address form local pool which is also kept on the router.

I'd like to achieve the following: depending on the ip address from which the remote client connects the router would assign it different local ip address. source addresses are configured in access lists.

Now remote clients always get the same local ip address.

This is the interesting part of the configuration:

----------

vpdn enable

vpdn logging

vpdn logging user

vpdn logging tunnel-drop

!

vpdn-group 1

! Default PPTP VPDN group

accept-dialin

protocol pptp

virtual-template 1

source-ip xxx.xxx.xxx.xxx

!

vpdn-group 2

description VPDN Group for DST Windows VPN clients

accept-dialin

protocol pptp

virtual-template 2

source-ip xxx.xxx.xxx.xxx

!

-------public interface-----------

interface Ethernet1

ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx

ip nat outside

ip virtual-reassembly

service-policy output inbound-http

duplex auto

no cdp enable

!

-------virtual interface-----------

interface Virtual-Template1

ip unnumbered Ethernet1

ip access-group 150 in

ip mroute-cache

peer default ip address pool vpn-local

no keepalive

ppp encrypt mppe auto required

ppp authentication ms-chap ms-chap-v2

!

interface Virtual-Template2

ip unnumbered Ethernet1

ip access-group 151 in

ip mroute-cache

peer default ip address pool vpn-local2

no keepalive

ppp encrypt mppe auto required

ppp authentication ms-chap ms-chap-v2

!

ip local pool vpn-local xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx

ip local pool vpn-local2 yyy.yyy.yyy.yyy yyy.yyy.yyy.yyy

-----------access lists----------

ccess-list 150 permit ip xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx log

access-list 150 permit ip yyy.yyy.yyy.yyy yyy.yyy.yyy.yyy log

access-list 150 deny tcp any eq 1723 any

access-list 150 deny gre any any

access-list 151 permit ip xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx log

access-list 151 permit ip yyy.yyy.yyy.yyy yyy.yyy.yyy.yyy log

Thanks for any help.

3 Replies 3

attrgautam
Contributor
Contributor

AFAIK, the source-ip in the vpdn list is the IP with which the local router will respond back for the vpdn negotiations and has nothing to do with the end-user IP. What I will suggest is to have to have different hostname for each groups of users.

Nn fact in my configuration source-ip is the ip of the public interface of the router used by remote clients to connect to the router.

By having different hostname for each group did You mean

terminate form hostname statement ?

or

to have different public ip ?

I meant the terminate-from hostname

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers