Tag: Cisco

25
Jan/10

Cisco Dialer and ATM interface setup

by -B1nh34D- under Cisco

I have put together some examples of an ATM, and Dialer interface with virtual dialer interface (as preffered by Cisco)

My device is a 2621xm + ADSL WIC. I shall post a full excerpt from the config:

alex@STUDIO17:~$ telnet 192.168.1.254

Trying 192.168.1.254…

Connected to 192.168.1.254.
Escape character is ‘^]’.
User Access Verification
Username: alex
Password:
C2621XM>en
Password:
C2621XM#sh run
interface Loopback
no ip address
!
interface ATM0/0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0/0
ip address 192.168.0.254 255.255.255.0
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface Virtual-Template1
ip unnumbered Loopback0
ip virtual-reassembly
peer default ip address pool VPN
ppp encrypt mppe 128
ppp authentication ms-chap-v2
interface Dialer1
ip address negotiated
ip mtu 1432
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname YOUR ISP HOST HERE
ppp chap password YOUR HASHED PASSWORD HERE
crypto map SITEMAP
ip local pool VPN 192.168.2.1 192.168.2.254
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
Detailed explanation and configuration of each:

First we will take the physical interface at ATM0/0:
you will of cource need to configure this with the ‘conf t’ command (to configure terminal) and then enter the interface with the ‘int atm0/0′ command.  then you will be able to type out the lines nescesary:
C2621XM#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
C2621XM(config)#int atm0/0
C2621XM(config-if)#
C2621XM(config-if)#no ip address
C2621XM(config-if)#no atm ilmi-keepalive
C2621XM(config-if)#dsl operating-mode auto
We will now need to enter PVC and enter your VPI and VCI (I have used 0/38)
Next I will put in my encapsulation method under this and then follow that up by giving and entering my dialer pool, before exiting the conf
C2621XM(config-if)#pvc 0 0/38
C2621XM(config-if-atm-vc)encapsulation aal5mux ppp dialer
C2621XM(config-if-atm-vc)#dialer pool-member 1
C2621XM(config-if-atm-vc)#exit
C2621XM(config-if)#exit
C2621XM(config)#
Now that we have finished with ATM0/0, we will have a look at dialer1

C2621XM(config)#int dialer1
C2621XM(config-if)#ip address negotiated
C2621XM(config-if)#ip mtu 1432
C2621XM(config-if)#ip nat outside
C2621XM(config-if)#ip virtual-reassembly
C2621XM(config-if)#encapsulation ppp (ppp over atm)
C2621XM(config-if)#dialer pool 1
C2621XM(config-if)#dialer-group 1
C2621XM(config-if)#ppp authentication chap callin
C2621XM(config-if)#ppp chap hostname (your username here)
C2621XM(config-if)#ppp chap password (your password here)
C2621XM(config-if)#crypto map SITEMAP
C2621XM(config-if)#exit
C2621XM(config)#
I do not use my FastEthernet0/0 port, hence I have configured all traffic from my Router to a switch connected to the FastEthernet0/1 port.
C2621XM(config)#interface FastEthernet0/1
C2621XM(config-if)#ip address 192.168.1.254 255.255.255.0
C2621XM(config-if)#ip nat inside
C2621XM(config-if)#ip virtual-reassembly
C2621XM(config-if)#duplex auto
C2621XM(config-if)#speed auto
C2621XM(config-if)#exit
C2621XM(config)
I have an outside rule as follows for outgoing traffic, and a NAT binding from the dialer for the incoming traffic
C2621XM(config)#ip route 0.0.0.0 0.0.0.0 Dialer1
C2621XM(config)#ip nat inside source route-map NAT interface Dialer1 overload
Finally you can save the runtime and test your connection:
C2621XM(config)#exit
C2621XM#copy run start
Destination filename [startup-config]?
Building configuration…
[OK]
C2621XM#

Please excuse any errors or non-factual comments, I am still learning Cisco.  However I was able to use the steps above to get my internet connection going!
Please comment if you have any suggestions, or questions
EDIT! I have spent the last 3 days trying to figure out why my internet connection speed was OK on my standard Thomson ADSL Router and appeared to be capped at 2.3Mbps on my Cisco ADSL WIC. I tried all sorts, changing the method that the router negotiates with the DSLAMs at the ISP end.
Xilo broadband have been very attentive and patient with me while I logged fault calls before any of the testing

Through some extensive research and reading, it turns out that there are some additional commands that I needed to give for my ATM0/0 interface as follows:

The following is an aditional configuration of SCC clock rates on the ATM interface. Clock rates are set with the clock rate aal5 command and the clock rate aal2command.

interface ATM0/0

clock rate aal5 5300000
clock rate aal2 4000000

dsl operating-mode auto

This has helped massively and has made the connection even better than I could have expected.

Hope this helps anyone having specific problems with similar equipment
on a side note Xilo / UNO broadband for the win! its a refreshing change to have a constant and reliable internet connection and top notch support 24/7
Alex
, , , , Leave a Comment more...

2
Jan/10

Vodafone Access Gateway Sure Signal

by -B1nh34D- under New Hardware, New Software

Gateway

If you are unfortunate enough (like me) to live in an area where you get absolutely no phone signal on any network, enter the Vodafone Gateway.  This uses your existing broadband connection as a VOIP gateway.  however this is not without its problems.  Usually if you live in a ‘no signal’ area then you live in an area with low internet bandwidth speeds and no cable (yes I live in the dark ages).  I believe that Vodafone run their own QOS protocol from the box, however internet downloading can reduce the quality of the incoming voice signal.  and if you are uploading, you will be able to hear people fine, but they will complain that your voice is very jerky.

As I am also running a hardware firewall I struggled to see that the device should just ‘plug and work’ as stated in the gateway documentation.  Through research and a lots of calls to the helpdesk I managed to weedle from them a list of ports that the gateway needed DMZ or port forward access to.. After I had added these to my firewall runtime, up it comes all bells and whistles.  HOWEVER they still have not ironed out the HSDPA access over the gateway, as this crashes my gateway every time, requiring a hard reset of the device.

Here is a list of port forwards to IP addresses that you need to allow access to

NTP on UDP-123 to 212.183.133.181

NTP on UDP-123 to 212.183.133.182

Ping on ICMP-8 to 212.183.133.181

Ping on ICMP-8 to 212.183.133.182

ESP on IP-50 to 212.183.133.177

IPSEC NAT Traversal on UDP-4500 to 212.183.133.177

ISAKMP on UDP-500 to 212.183.133.177

Comments welcome

, , , , , , , Leave a Comment more...

1
Jan/10

Cisco 12.4 IOS With teleworker VPN using L2TP, NAT and Microsoft RADIUS Authentication

by -B1nh34D- under Cisco, Windows server

For the Cisco 2600 series, this requires 128Mb DRAM and I would reccomend the 12.4 IOS also

To begin with, you will need to set up Active Directory to accept password reversed encryption for the password policy.

You must also have IAS configured correctly and registered with AD.

!
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname yourroutername
!
enable secret 5 [encryption hashed password shown here]
!
aaa new-model
!
aaa authentication login default local enable
aaa authentication ppp default group radius local
aaa authorization network default group radius if-authenticated
!
aaa session-id common
!
resource policy
!
memory-size iomem 15
ip cef
!
ip domain name blah.com
ip ssh authentication-retries 2
ip ssh version 2
vpdn enable
!
vpdn-group VPN
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 1
no l2tp tunnel authentication
l2tp tunnel receive-window 256

!
username testuser password 0 testpassword
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key PutYourPreSharedKeyHere address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set transport esp-3des esp-md5-hmac
mode transport
!
crypto dynamic-map cc 10
set nat demux
set transform-set transport
!
crypto map cisco 10 ipsec-isakmp dynamic cc
!
interface FastEthernet0/0 or ATM0/0 dependant on whether you use a WIC
description External Network
ip address 11.22.33.44 255.255.255.0
ip access-group 100 in
ip nat outside
ip virtual-reassembly
no ip mroute-cache
duplex auto
speed auto
no cdp enable
crypto map cisco
!
interface FastEthernet0/1
description Internal Network
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip mroute-cache
speed auto
full-duplex
no cdp enable
no mop enabled
!
interface Virtual-Template1
ip unnumbered Loopback0
ip virtual-reassembly
peer default ip address pool VPN
ppp encrypt mppe 128
ppp authentication ms-chap-v2

!
ip local pool vpn_pool 192.168.1.200 192.168.100.250
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
!
no ip http server
no ip http secure-server
ip nat translation timeout 30
ip nat inside source list 1 interface FastEthernet0/0 overload
!
access-list 1 remark Permit NAT traffic from 192.168.1.0/24
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 remark Permit SSH traffic for 192.168.1.0/24 and deny everything else
access-list 2 permit 192.168.1.0 0.0.0.255
access-list 2 deny any
access-list 100 remark Disallow telnet and ssh access from outside
access-list 100 deny tcp any any eq telnet
access-list 100 deny tcp any any eq 22
access-list 100 permit ip any any
!
radius-server host [ip of radius server here] auth-port 1645 acct-port 1646 key HashedKey

!
control-plane
!
line con 0
line aux 0
line vty 0 4
access-class 2 in
password generlc
transport input ssh
transport output ssh
!
end

Here is a video that I found to give an example of setting up the client teleworker side without having to use the CISCO VPN Client software

, , Leave a Comment more...

Copyright © 1996-2010 OPLE IT Blog. All rights reserved.
iDream theme by Templates Next | Powered by WordPress