|
|
Virtual private dial-up networking (VPDN) enables users to configure secure networks that take advantage of Internet service providers (ISPs) that tunnel a company's remote access traffic through the ISP cloud, creating a secure virtual dial-up connection. Figure 7-1 shows a sample network topology for VPDN.
Remote offices or mobile users can connect to their home network using local third-party dial-up services. The dial-up service provider agrees to forward the company's traffic from the ISP point of presence (POP) to a company-run home gateway. Network configuration and security remains in the control of the client. The dial-up service provider provides a virtual connection between the company's sites.
This chapter includes:
To configure VPDN on the Cisco AccessPath-TS3 Integrated Access System, perform the following procedure on each of the Access Server Shelves in the AccessPath-TS3 system:
| Step | Command | Purpose |
|---|---|---|
| 1 | AS01> enable
| Enter enable mode.
Enter the password. You have entered enable mode when the prompt changes to AS01#. |
| 2 | AS01# config term
| Enter global configuration mode. You have entered global configuration mode when the prompt changes to AS01(config)#. |
| 3 | AS01(config)# vpdn enable
| Enable virtual private dial-up networking. |
| 4 | AS01(config)# vpdn outgoing home.com ISP-POP1 ip 137.108.37.4
| Specify the name and IP address of the remote host and the name to use when authenticating a tunnel for forwarding traffic to the remote host on a virtual private dial-up network. |
| 5 | AS01(config)# vpdn source-ip 192.168.1.54
| Specify the IP address of the source host (the Access Server Shelf). |
| 6 | AS01(config-line)# Ctrl-Z
| Return to enable mode. This message is normal and does not indicate an error. |
To verify your VPDN configuration:
AS01# show vpdn
Active L2F tunnels = 2
NAS Name Gateway Name NAS CLID Gateway CLID State
test-mmp test-gateway 272 272 open
192.168.1.99 192.168.1.119
L2F MIDs = 10
Name NAS Name Interface MID State
rw56 test-mmp Vi238 1 open
rw55 test-mmp Vi240 3 open
rw54 test-mmp Vi242 4 open
rw57 test-mmp Vi246 7 open
rw57 test-mmp Vi248 8 open
rw54 test-mmp Vi245 13 open
rw55 test-mmp Vi244 14 open
rw16 test-mmp Vi249 97 open
rw16 test-mmp Vi251 98 open
rw56 test-mmp Vi250 100 open
 | Tips |
If you are having trouble:
AS01# debug vpdn ?
error VPDN Protocol errors
event VPDN event
l2f-errors L2F protocol errors
l2f-events L2F protocol events
l2f-packets L2F protocol packets
packet VPDN packet
AS01# debug vpdn event
VPN events debugging is on
*May 15 17:55:49.367: %LINK-3-UPDOWN: Interface Virtual-Access239,
changed state to down
*May 15 17:55:49.547: Virtual-Access249 VPN reset
*May 15 17:55:49.547: %LINK-3-UPDOWN: Interface Virtual-Access249,
changed state to down
AS01# debug vpdn l2f-events
L2F protocol events debugging is on
*May 15 17:56:46.259: L2F_OPEN received
*May 15 17:56:46.263: L2F Got a MID management packet
*May 15 17:56:46.339: %LINK-3-UPDOWN: Interface Virtual-Access239,
changed state to up
AS01# debug vpdn l2f-errors
L2F protocol errors debugging is on
*May 15 17:57:57.827: %LINK-3-UPDOWN: Interface Virtual-Access251,
changed state to down
You can create authentication accounts for other routers between the Access Server Shelf and the home gateway for VPDN.
On the Access Server Shelf, an example is:
username NAS password cisco
username HGW password cisco
vpdn enable
vpdn outgoing cisco.com NAS ip X.X.X.X
On the home gateway, an example is:
username NAS password cisco
username HGW password cisco
vpdn enable
vpdn incoming NAS HGW virtual-template 1
The following configuration is an example for configuring VPDN on the home gateway router:
username NAS password cisco
username HGW password cisco
vpdn enable
vpdn incoming NAS HGW virtual-template 1
interface virtual-template 1
ip unnumbered Loopback0
peer default ip address pool default
ppp authentication chap
ip local pool default X.X.X.X X.X.X.X
|
|