7/27/2019 Cisco Adsl Routers Tuneles

1/2

Cisco ADSL Routers: Configurando Tuneles L2TP.

Configuring a Cisco Router to Support Encryption for L2TP Tunnels

Cisco routers support encryption for both PPTP and L2TP tunnels. However, to

configure encryption for an L2TP tunnel you must first modify the routers default

configuration settings.

To configure Cisco router settings to support encryption for an L2TP tunnel,

perform the following steps:

1 In Cisco router configuration mode, enter the following commands to configure

tunnel authentication:

aaa authentication login cisco local

aaa authentication ppp default local

aaa authorization network default local

username password

2 In Cisco router configuration mode, enter the following commands to configure

the router as an L2TP server:vpdn-group 1

accept-dialin

protocol l2tp

virtual-template 25

terminate-from hostname OfficeConnect

local name c7200

no l2tp tunnel authentication

source-ip 192.180.3.2

3 In Cisco router configuration mode, enter the following commands to configure

the private network (LAN) interface:

interface Ethernet1/2

ip address 192.168.200.1 255.255.255.0

no ip mroute-cache

4 Before establishing the L2TP tunnel, you must first establish an ATM link between

the OCR 812 and the Cisco router. To establish an ATM link, install an ATM

interface card in the router and configure the card using the commands specified

in step b.

a To install an ATM interface card in your Cisco router, please refer to the

instructions provided by your interface card manufacturer.

b To configure an installed ATM interface card, enter the following commands:

interface atm 2/0

atm scrambling cell-payload

atm framing cbitplcp

interface ATM2/0.13148 multipoint

ip address 192.180.3.1 255.255.255.0

ip mask-reply

ip rip send version 2

ip rip receive version 2

map-group cpmtn

atm pvc 648 13 148 aal5snap

map-list cpmtn

ip 192.172.18.2 atm-vc 618 broadcast

http://www.adslnet.ws/modules.php?name=News&file=categories&op=newindex&catid=19http://www.adslnet.ws/modules.php?name=News&file=categories&op=newindex&catid=19

7/27/2019 Cisco Adsl Routers Tuneles

2/2

5 Once the L2TP tunnel has been established (and authentication has been

successful), the following Virtual Template will assign an IP address for the defined

L2TP pool:

interface Virtual-Template25

ip unnumbered ATM2/0.53103

ip mroute-cachepeer default ip address pool L2TP

ppp authentication pap

6 Ensure RIP and IP Pool configuration parameters are set to the following values:

RIP Configuration

router rip

ver 2

network 192.180.3.0

IP Pool for L2TP Tunnel

ip local pool L2TP 192.168.200.3 192.168.200.10

At this point, your L2TP tunnel should be fully operational and ready for use.

Debugging an L2TPTunnel on a Cisco Router

If your L2TP tunnel has not been successfully established, or if it is not operating as

expected, use the following debug commands to identify and correct the

problem(s) you are experiencing:

Debug vpdn command:

Parameter Used to Debug

error VPDN Protocol errors

event VPDN event

l2tp-sequencing L2TP sequencing

l2x-data L2F/L2TP data packets

l2x-errors L2F/L2TP protocol errorsl2x-events L2F/L2TP protocol events

l2x-packets L2F/L2TP control packets

Debug ppp command:

Parameter Used to Debug

authentication CHAP and PAP authentication

bap BAP protocol transactions

cbcp Callback Control Protocol negotiation

compression PPP compression

error Protocol errors and error statistics

multilink Multilink activity

negotiation Protocol parameter negotiationpacket Low-level PPP packet dump

tasks PPP background tasks