cc/td/doc/product/access/ap/ap_ts3
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

Configuring VPDN for the AccessPath-TS3 System

Configuring VPDN for the AccessPath-TS3 System

Virtual private dial-up networking (VPDN) enables users to configure secure networks that take advantage of Internet service providers (ISPs) that tunnel a company's remote access traffic through the ISP cloud, creating a secure virtual dial-up connection. Figure 7-1 shows a sample network topology for VPDN.


Figure 7-1: Network Topology for a Virtual Private Dial-Up Network

Remote offices or mobile users can connect to their home network using local third-party dial-up services. The dial-up service provider agrees to forward the company's traffic from the ISP point of presence (POP) to a company-run home gateway. Network configuration and security remains in the control of the client. The dial-up service provider provides a virtual connection between the company's sites.


Note The Multichassis Multilink PPP (
MMP) feature uses VPDN to connect multiple Point-to-Point Protocol (PPP) sessions for which individual dial-in calls have arrived on different stack group members. VPDN provides speed and reliability for the setup and teardown of Multilink PPP.

This chapter includes:

Configuring VPDN on the AccessPath-TS3 System

To configure VPDN on the Cisco AccessPath-TS3 Integrated Access System, perform the following procedure on each of the Access Server Shelves in the AccessPath-TS3 system:


Table 7-1: Configuring VPDN on the AccessPath-TS3 System
Step Command Purpose
1 AS01> enable

Password: <password>

AS01# 

Enter enable mode.

Enter the password.

You have entered enable mode when the prompt changes to AS01#.

2 AS01# config term

Enter configuration commands, one per line. End

with CNTL/Z.

AS01(config)#

Enter global configuration mode. You have entered global configuration mode when the prompt changes to AS01(config)#.
3 AS01(config)# vpdn enable Enable virtual private dial-up networking.
4 AS01(config)# vpdn outgoing home.com ISP-POP1 ip 137.108.37.4 Specify the name and IP address of the remote host and the name to use when authenticating a tunnel for forwarding traffic to the remote host on a virtual private dial-up network.
5 AS01(config)# vpdn source-ip 192.168.1.54 Specify the IP address of the source host (the Access Server Shelf).
6 AS01(config-line)# Ctrl-Z

AS01#

%SYS-5-CONFIG_I: Configured from console by console

Return to enable mode.

This message is normal and does not indicate an error.

Verifying VPDN Configuration

To verify your VPDN configuration:

AS01# show vpdn Active L2F tunnels = 2 NAS Name Gateway Name NAS CLID Gateway CLID State test-mmp test-gateway 272 272 open 192.168.1.99 192.168.1.119 L2F MIDs = 10 Name NAS Name Interface MID State rw56 test-mmp Vi238 1 open rw55 test-mmp Vi240 3 open rw54 test-mmp Vi242 4 open rw57 test-mmp Vi246 7 open rw57 test-mmp Vi248 8 open rw54 test-mmp Vi245 13 open rw55 test-mmp Vi244 14 open rw16 test-mmp Vi249 97 open rw16 test-mmp Vi251 98 open rw56 test-mmp Vi250 100 open


Tips 

If you are having trouble:

AS01# debug vpdn ? error VPDN Protocol errors event VPDN event l2f-errors L2F protocol errors l2f-events L2F protocol events l2f-packets L2F protocol packets packet VPDN packet AS01# debug vpdn event VPN events debugging is on *May 15 17:55:49.367: %LINK-3-UPDOWN: Interface Virtual-Access239, changed state to down *May 15 17:55:49.547: Virtual-Access249 VPN reset *May 15 17:55:49.547: %LINK-3-UPDOWN: Interface Virtual-Access249, changed state to down
This is sample output for the debug vpdn l2f-events command:
AS01# debug vpdn l2f-events L2F protocol events debugging is on *May 15 17:56:46.259: L2F_OPEN received *May 15 17:56:46.263: L2F Got a MID management packet *May 15 17:56:46.339: %LINK-3-UPDOWN: Interface Virtual-Access239, changed state to up
This is sample output for the debug vpdn l2f-errors command:
AS01# debug vpdn l2f-errors L2F protocol errors debugging is on *May 15 17:57:57.827: %LINK-3-UPDOWN: Interface Virtual-Access251, changed state to down

Creating Authentication Accounts

You can create authentication accounts for other routers between the Access Server Shelf and the home gateway for VPDN.

On the Access Server Shelf, an example is:

username NAS password cisco username HGW password cisco vpdn enable vpdn outgoing cisco.com NAS ip X.X.X.X

On the home gateway, an example is:

username NAS password cisco username HGW password cisco vpdn enable vpdn incoming NAS HGW virtual-template 1

Sample Configuration for the Home Gateway Router

The following configuration is an example for configuring VPDN on the home gateway router:

username NAS password cisco username HGW password cisco vpdn enable vpdn incoming NAS HGW virtual-template 1 interface virtual-template 1  ip unnumbered Loopback0  peer default ip address pool default  ppp authentication chap ip local pool default X.X.X.X X.X.X.X

hometocprevnextglossaryfeedbacksearchhelp
Copyright 1989-1998 © Cisco Systems Inc.