Prev: FLASH Write Error #5 on Aironet 350
Next: Client 4.7 installation error with DNE
From: Elia Spadoni on 3 Dec 2006 05:05
> 88.233.168.2 is not an address you use for
> | > "initiate-to ip" in the vpdn definition, right?
> |
> |
> | initiate-to ip 83.233.168.2
>
.. You must not be routing
> through the vpn at all.

What do you mean with you dont have be routing through the vpn?
I think I have to put dial0 ipnat outside
and a nat entry that is like this:
ip nat inside source list 102 interface Dialer0 overload




>

> Dan Lanciani
> ddl(a)danlan.*com

Hello Dan, can you please explain me, or at least pointing me in a cisco
doc or similar,
to understand every command you gave me, to make further test?

If the policy routing works, what have I to see on the logs?

for example: what is the access list for?
what means set int atm0.35 , in policy routing?

ty


--
Posted via Mailgate.ORG Server - http://www.Mailgate.ORG
From: Dan Lanciani on 3 Dec 2006 05:42
In article <177e77179dd86d42cc91070f375c959c.115602(a)mygate.mailgate.org>, il.maggiore(a)inwind.it (Elia Spadoni) writes:
| > 88.233.168.2 is not an address you use for
| > | > "initiate-to ip" in the vpdn definition, right?
| > |
| > |
| > | initiate-to ip 83.233.168.2
| >
| . You must not be routing
| > through the vpn at all.
|
| What do you mean with you dont have be routing through the vpn?

Any packets sent into the vpn will disappear into a black hole because
of the routing loop created by using the same address for the server's
end of the PPP link and the initiate-to. That's what is killing the vpn
by blocking the keepalives. Since your access to the internet was
apparently working you must not have been sending packets out through the
vpn.

| I think I have to put dial0 ipnat outside
| and a nat entry that is like this:
| ip nat inside source list 102 interface Dialer0 overload

But you aren't actually routing any packets to that interface as far
as I can see.

| Hello Dan, can you please explain me, or at least pointing me in a cisco
| doc or similar,
| to understand every command you gave me, to make further test?

Cisco doesn't support client PPTP operation so there is no documentation
that I am aware of; however, most of the commands are exactly the same as
for any other PPP link. Policy routing commands are reasonably well
documented. All you need them to do is force the encapsulated vpn traffic
through the real ATM link rather than through the vpn itself, avoiding the
loop.

| If the policy routing works, what have I to see on the logs?

PBR debugging is verbose; it can show you how each packet is matched
against the route map. You should check that packets for the vpn
server are matching and being forced through the ATM link.

| for example: what is the access list for?

It tells the PBR which packets to match.

| what means set int atm0.35 , in policy routing?

It tells the PBR where to send the packets matched by the above access list.

Unfortunately, it seems that it is easier to debug these configurations
than to describe how to debug them. :(

Dan Lanciani
ddl(a)danlan.*com
First  |  Prev  | 
Pages: 1 2 3 4 5
Prev: FLASH Write Error #5 on Aironet 350
Next: Client 4.7 installation error with DNE