Cisco PPPoE Over FA with L2TP Client – Configuration Without IPSec

ciscol2tppppoe

This started as a question, with my connection failing to come up, but after a bit of trial and error, the configuration is working, so I've edited it into a solution. Access lists and address translation is not 100% in the config below yet, but it covers the connection setup.

The setup: I have a Cisco router with 2 ethernet ports and another ADSL router with the ATM interface. My service provider offers a static IP for ADSL via an L2TP tunnel (l2tp service ip, shared secret provided, adsl username / password for auth). I want to configure the connection and the tunnel on the Cisco – 1 ethernet port internal (fa0/1), with the L2TP tunnel interface being the external / public IP on the other ethernet port (fa0/0) – but also still maintain a private network between the Cisco and other DSL router.

Internal network: 192.168.0.0/24
Private network between Cisco and other router: 10.0.0.0/24 (or could be /30).
Other router is configured in PPPoE bridge mode / pass through.
L2TP service: 1.2.3.4
Shared secret: 54321
ADSL username / pass: myuser@myisp / mypass

aaa new-model
aaa authentication ppp default local

l2tp-class l2tp_secret
  hidden
  authentication
  hello 10
  password 54321

pseudowire-class l2tp_config
  encapsulation l2tpv2
  protocol l2tpv2 l2tp_secret
  ip local interface Dialer1

interface FastEthernet0/0
 description WAN / PPPoE Interface
 ip address 10.0.0.10 255.255.255.0
 ip virtual-reassembly
 pppoe enable group global
 pppoe-client dial-pool-number 10

interface FastEthernet0/1
 description LAN
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1412
 no ip mroute-cache

interface Virtual-PPP1
 description L2TP Tunnel for static IP
 ip address negotiated
 ip mtu 1452
 ip nat outside
 ip virtual-reassembly
 ip tcp adjust-mss 1412
 shutdown
 no cdp enable
 ppp authentication pap callin
 ppp pap sent-username myuser@myisp password 0 mypass
 pseudowire 1.2.3.4 1 pw-class l2tp_config

interface Dialer1
 ip address negotiated
 encapsulation ppp
 shutdown
 dialer pool 10
 ppp authentication pap callin
 ppp pap sent-username myuser@myisp password 0 mypass
 ppp ipcp route default

ip route 0.0.0.0 0.0.0.0 Virtual-PPP1
ip route 1.2.3.4 255.255.255.255 Dialer1

Best Answer

I'm not very familiar with Cisco, but is it possible that you need to use "secret" instead of password @l2tp-class?

Related Topic