четвъртък, юли 18, 2013

Cisco router act as PPTP client

sh vers
Cisco IOS Software, 2800 Software (C2800NM-ADVSECURITYK9-M), Version 12.4(18), RELEASE SOFTWARE (fc1)
Cisco 2811 (revision 53.51) with 247808K/14336K bytes of memory.
Processor board ID FCZ114873QF
6 FastEthernet interfaces
2 Virtual Private Network (VPN) Modules
DRAM configuration is 64 bits wide with parity enabled.
239K bytes of non-volatile configuration memory.
62720K bytes of ATA CompactFlash (Read/Write)

 Running Config

service internal !---> necessary to enable VPDN to allow a request-dialin  protocol pptp
!
no ip gratuitous-arps !---> recommended
!
vpdn enable
!
vpdn-group 2
request-dialin
protocol pptp 
rotary-group 2  .
initiate-to ip 85.14.22.162 !---> 85.14.22.162 is the ip of my pptp Server
!
!
interface Dialer2  
description PPTP-client Dialer
ip address negotiated
ip access-group 102 in ! ---> ACL wich defines my interesting traffic
encapsulation ppp
dialer in-band
dialer idle-timeout 0 !---> PPTP is slow to negotiate and start, so better an infinite timeout...
dialer string 123 !---> seems to be ignored but...
dialer vpdn
dialer-group 2 !--->  see dialer-list 2 below
no cdp enable
ppp pfc local forbid
ppp pfc remote reject 
ppp encrypt mppe auto 
ppp chap hostname pptp_client_username
ppp chap password pptp_client_password
!
ip access-list ext 102
permit ip any 172.16.0.0 0.0.0.255
!
ip route 172.16.0.0 255.255.0.0 Dialer2 222 !---> some private routes via PPTP with higher metric
! PPTP link is used as a Dial-On-Demand backup link.  OSPF is serving needed prefixes via primary link
!dialer-list 2 protocol ip permit !----> used to initiate the pptp tunnel, permit all traffic, the ACL 102 will permit/block


четвъртък, юли 04, 2013

Daily wisdom

Нито е толкова просто, колкото изглежда, нито е толкова сложно колкото ни се струва!