Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3172
Views
0
Helpful
3
Replies

VPN over PPPoE ADSL

bruce.l.williams
Level 1
Level 1

‎01-02-2002 02:31 PM - edited ‎02-21-2020 11:33 AM

I have a customer that has an ADSL line which uses PPPoE. They can establish a VPN Tunnel, but the throughput drops to below 28KBS and the only packets that seem to be able to traverse the tunnel are ICMP Pings. I was told that there is a problem with establishing VPNs over a PPPoE ADSL connection. What is the issue and the solution if there is one?

Bruce Williams

mailto:bruce.lawrence.williams@verizon.com

Labels:
0 Helpful
3 Replies 3

nkorosi
Level 1
Level 1

‎01-07-2002 08:13 AM

I've successfully done this using a Cisco 1605 Router (IOS 12.2(2)T) terminating to a Cisco PIX 515. We have a static IP address assigned to the router upon authentication. This config requires you to configure a Dialer interface on the router where the IP address is negociated. From documentation I've found, one of the most important parameters for this type of connection (ADSL over PPPoE) is setting the MTU to 1492.

Here are some of the key router config entries that worked for us. I hope this helps...

----------------------------------

vpdn enable

vpdn-group 1

request-dialin

protocol pppoe

crypto isakmp policy 20

hash md5

authentication pre-share

crypto isakmp key [your-key] address [PIX-IP-ADDRESS]

crypto ipsec transform-set strong esp-des esp-sha-hmac

crypto map cypto-map-name 20 ipsec-isakmp

set peer [PIX-IP-ADDRESS]

set transform-set strong

match address 160

interface Ethernet1

no ip address

no ip route-cache

no ip mroute-cache

pppoe enable

pppoe-client dial-pool-number 1

interface Dialer1

ip address negotiated

ip mtu 1492

encapsulation ppp

no ip mroute-cache

dialer pool 1

dialer-group 1

ppp chap hostname [your-isp-user-name]

ppp chap password [your-isp-password]

crypto map cypto-map-name

ip route 0.0.0.0 0.0.0.0 Dialer1

access-list 160 permit ip [inside-ip-subnet] [vpn-ip-subnet]

dialer-list 1 protocol ip permit

0 Helpful

jjhpark
Level 1
Level 1

‎01-07-2002 05:24 PM

Hi,

I'm sure it's an MTU issue.

Try to minimize the MTU size of PPPoE protocol stack.

What kind of PPPoE software your customer using ?

Jiho Park

0 Helpful

bruce.l.williams
Level 1
Level 1
In response to jjhpark

‎01-07-2002 05:36 PM

Yes, that is what it was. Now I have another problem, I cannot get the Checkpoint VPN to work with PAT.

Thanks,

Bruce

0 Helpful
Customers Also Viewed These Support Documents