From: Elia S. on
Hello
I am in this situation:

HQ:
Cisco 2651XM
fast0/0 LAN 192.168.1.0/24
fast0/1 remote link to the remote office via wireless link
atm0.1 wan link



Remote office: (
Cisco 831:
eth0: LAN 192.168.10.0/24
eth1: "WAN"

the eth1 of the C831 is connected via a transparent wireless bridge to the
fast0/1 of the C2651xm in the HQ
The C831 is not on all the day but only for a few hours a day. the remote
lan just browses the internet via the wi-fi link and via the HQ's link. The
wifi link is established at 11mbit (5mbit real throughput).
The wireless link is encrypted via wep128 (UNSECURE) and cannot be upgraded.





After some days of planning I produced these ideas:

a) PPPoE Link (the C831,when switched on, calls the 2651XM and makes a PPP
link to it) ms-chap-v2 + mppe 128
b) lan to lan ipsec link. I have the problem that I can route though ipsec
the traffic destinated to the remote lans (192.168.1.x -> 192.168.10.x and
vice-versa but I don't know how to tunnel the traffic to internet via the
2651xm).
c) L2TP+IPSEC. A dialer interface on the C831 and a ip route 0.0.0.0 0.0.0.0
dial1 so everything goes through it.

Problem: I never configured a l2tp "dial up" .
Someone can help me ?




From: bod43 on
On 1 Feb, 13:41, "Elia S." <adminNOS...(a)spadhausen.com> wrote:
> Hello
> I am in this situation:
>
> HQ:
> Cisco 2651XM
> fast0/0 LAN 192.168.1.0/24
> fast0/1 remote link to the remote office via wireless link
> atm0.1 wan link
>
> Remote office: (
> Cisco 831:
> eth0: LAN 192.168.10.0/24
> eth1: "WAN"
>
> the eth1 of the C831 is connected via a transparent wireless bridge to the
> fast0/1 of the C2651xm in the HQ
> The C831 is not on all the day but only for a few hours a day. the remote
> lan just browses the internet via the wi-fi link and via the HQ's link. The
> wifi link is established at 11mbit (5mbit real throughput).
> The wireless link is encrypted via wep128 (UNSECURE) and cannot be upgraded.
>
> After some days of planning I produced these ideas:
>
> a) PPPoE Link (the C831,when switched on, calls the 2651XM and makes a PPP
> link to it) ms-chap-v2 + mppe 128
> b) lan to lan ipsec link. I have the problem that I can route though ipsec
> the traffic destinated to the remote lans (192.168.1.x -> 192.168.10.x and
> vice-versa but I don't know how to tunnel the traffic to internet via the
> 2651xm).
> c) L2TP+IPSEC. A dialer interface on the C831 and a ip route 0.0.0.0 0.0.0.0
> dial1 so everything goes through it.
>
> Problem: I never configured a l2tp "dial up" .
> Someone can help me ?

You may already have considered this however my
first thought is to just make the link a routed link.

This makes IPSEC straightforward and will also prevent
any broadcasts from leaking across the radio link.


L2TP-v3 does not seem to be supported on
83x or 85x or 87x.

L2TP does not seem to be supported on
831 but is on 836 and 801 so maybe that's a mistake
in the Feature Navigator.


From: bod43 on
On 1 Feb, 14:42, bod43 <Bo...(a)hotmail.co.uk> wrote:
> On 1 Feb, 13:41, "Elia S." <adminNOS...(a)spadhausen.com> wrote:
>
>
>
> > Hello
> > I am in this situation:
>
> > HQ:
> > Cisco 2651XM
> > fast0/0 LAN 192.168.1.0/24
> > fast0/1 remote link to the remote office via wireless link
> > atm0.1 wan link
>
> > Remote office: (
> > Cisco 831:
> > eth0: LAN 192.168.10.0/24
> > eth1: "WAN"
>
> > the eth1 of the C831 is connected via a transparent wireless bridge to the
> > fast0/1 of the C2651xm in the HQ
> > The C831 is not on all the day but only for a few hours a day. the remote
> > lan just browses the internet via the wi-fi link and via the HQ's link. The
> > wifi link is established at 11mbit (5mbit real throughput).
> > The wireless link is encrypted via wep128 (UNSECURE) and cannot be upgraded.
>
> > After some days of planning I produced these ideas:
>
> > a) PPPoE Link (the C831,when switched on, calls the 2651XM and makes a PPP
> > link to it) ms-chap-v2 + mppe 128
> > b) lan to lan ipsec link. I have the problem that I can route though ipsec
> > the traffic destinated to the remote lans (192.168.1.x -> 192.168.10.x and
> > vice-versa but I don't know how to tunnel the traffic to internet via the
> > 2651xm).
> > c) L2TP+IPSEC. A dialer interface on the C831 and a ip route 0.0.0.0 0.0.0.0
> > dial1 so everything goes through it.
>
> > Problem: I never configured a l2tp "dial up" .
> > Someone can help me ?
>
> You may already have considered this however my
> first thought is to just make the link a routed link.
>
> This makes IPSEC straightforward and will also prevent
> any broadcasts from leaking across the radio link.
>
> L2TP-v3 does not seem to be supported on
> 83x or 85x or 87x.
>
> L2TP does not seem to be supported on
> 831 but is on 836 and 801 so maybe that's a mistake
> in the Feature Navigator.

By the way - if not already obvious I don't know much
about L2TP.

I did notice this -
http://www.net-gyver.com/?p=952

Bridging over GRE tunnels.

router-t(config-if)#bridge-group 1
% This command is an unreleased and unsupported feature

Still unsupported but apparently is does work??

It's not in the help.

(config-if)#bridge?
% Unrecognized command

This is an 877 on Version 12.4(15)T7.