Конфигурация оборудования Cisco для подключения к провайдеру Интернет Beeline по средствам протокола L2TP. Данный конфиг создан на базе этого http://homenet.beeline.ru/index.php?showtopic=179518 Не до конца подобраны значения mtu. Поэтому наблюдаются задержки при открытии страниц.
Опробовано на оборудовании Cisco 851 и Cisco 1811
Благодарность Pete Jungle.
===================================================
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime mse
service timestamps log datetime msec
service password-encryption
service timestamps log datetime mse
service password-encryption
!
hostname Cisco
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$MrW.$CnxOXyPm4RATL5qJ5yIPt1
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication ppp default local
aaa authorization network default none
!
ip source-route
!
ip cef
no ip bootp server
ip domain name rdomain.local
ip name-server 85.21.192.3 (ip адрес сервера l2tp beeline — tp.internet.beeline.ru или tp.corbina.net)
ip name-server 213.234.192.8 (DNS провайдера)
ip name-server 213.234.192.7 (DNS провайдера)
no ipv6 cef
l2tp-class beeline
!
multilink bundle-name authenticated
!
username root privilege 15 secret 5 («cекрет»).
!
archive
log config
hidekeys
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
pseudowire-class pw-beeline
encapsulation l2tpv2
protocol l2tpv2 beeline
ip local interface FastEthernet0
!
interface FastEthernet0 <————- Outside interface to Corbina
ip address dhcp
ip access-group 111 out
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1452
speed auto
full-duplex
!
interface FastEthernet1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2
duplex full
speed 100
!
interface Virtual-PPP5
ip address negotiated
no ip proxy-arp
ip nat outside
ip virtual-reassembly
no peer neighbor-route
no cdp enable
ppp encrypt mppe auto
ppp authentication chap callin
ppp chap hostname 089555666 <——-username (login для подключения к Интернет)
ppp chap password 7 104C555B111801 <——-password (пароль для подключения к Интернет)
pseudowire 85.21.0.248 10 pw-class pw-beeline <——- ip L2TP сервера Beeline
!
interface Vlan1 <——- Inside int to PC
ip address 192.168.13.2 255.255.255.0
ip broadcast-address 192.168.13.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1400
!
interface Async1
no ip address
encapsulation slip
!
interface Dialer1
no ip address
ip mtu 1492
ip tcp adjust-mss 1452
no cdp enable
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Virtual-PPP5 <————— Default Route
ip route 10.0.0.0 255.0.0.0 10.233.64.1
ip route 83.102.146.96 255.255.255.224 10.233.64.1
ip route 85.21.0.0 255.255.0.0 10.233.64.1
ip route 89.179.135.67 255.255.255.255 10.233.64.1
ip route 195.14.0.0 255.255.0.0 10.233.64.1
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip dns server
ip nat inside source list lan interface FastEthernet0 overload
ip nat inside source list wan interface Virtual-PPP5 overload
!
ip access-list extended lan
permit ip 192.168.13.0 0.0.0.255 10.0.0.0 0.255.255.255
permit ip 192.168.13.0 0.0.0.255 195.14.0.0 0.0.255.255
permit ip 192.168.13.0 0.0.0.255 85.21.0.0 0.0.255.255
permit ip 192.168.13.0 0.0.0.255 83.102.146.0 0.0.0.31
ip access-list extended wan
permit ip 192.168.13.0 0.0.0.255 any
!
logging 192.168.13.210
access-list 111 permit ip any any
access-list 111 permit udp any any
access-list 111 permit gre any any
access-list 111 permit tcp any any
access-list 111 permit icmp any any
access-list 111 permit pcp any any
access-list 111 permit esp any any
access-list 111 permit igmp any any
access-list 111 permit ipinip any any
access-list 111 permit nos any any
access-list 111 permit tcp any any eq domain
no cdp run
control-plane
!
line con 0
password 7 130666010803
logging synchronous
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
session-timeout 10
logging synchronous
transport input ssh
!
end
==============================================