PPTP Server as Cisco for Mikrotik Client

Following configuration explains the Cisco as PPTP server and connecting two sites:

Following Configuration needed to enable the VPDN and default server:



vpdn enable
!
vpdn-group Mtik
! Default PPTP VPDN group
 accept-dialin
  protocol pptp
  virtual-template 1


interface Virtual-Template1
 ip unnumbered Loopback0
 peer default ip address pool IPPOOL1
 ppp encrypt mppe auto required
 ppp authentication ms-chap-v2 ms-chap pap


ip local pool IPPOOL1 192.168.150.10 192.168.150.224

Few more additional things we need to keep the same ip address for the user: 
aaa new-model
!
!
aaa authentication ppp default local
aaa authorization network default local
!
aaa attribute list Gobi
 attribute type addr 192.168.150.13 service ppp protocol ip mandatory
 attribute type route "10.0.0.0 255.255.255.0 192.168.150.13"
 attribute type interface-config "description Gobi-test"

Finally apply the attribute list to the user:

username gobi password 0 test
username gobi aaa attribute list Gobi

Mikrotik Configurations: 
/interface pptp-client
add add-default-route=no allow=mschap2 connect-to=192.168.16.2 \
    dial-on-demand=no disabled=no max-mru=1500 max-mtu=1500 mrru=1500 name=\
    gobi password=test profile=default-encryption user=gobi


[admin@HOST1] > ip add print
Flags: X - disabled, I - invalid, D - dynamic
 #   ADDRESS            NETWORK         INTERFACE
 0   192.168.10.2/30    192.168.10.0    ether1
 1   192.168.16.1/30    192.168.16.0    ether2
 2   10.0.0.1/24        10.0.0.0        ether1
 3 D 192.168.150.13/32  192.168.150.1   gobi
IP route placed in the mikrotik as static : 
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=gobi scope=30 \
    target-scope=10

1500 df-bit ping test 
R1#ping 10.0.0.254 size 1500 df-bit

Type escape sequence to abort.
Sending 5, 1500-byte ICMP Echos to 10.0.0.254, timeout is 2 seconds:
Packet sent with the DF bit set
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 100/124/152 ms

Comments

Post a Comment

Popular posts from this blog

l2tpv3 configuration reference

Image
Reference Comparing , Designing and Deploying VPNs chap - 02 : L2TPv3 is the enhanced version of L2TPv2 protocol. Mikrotik uses L2TPv2 i suppose but it offer another similar tunneling mechanism as EOIP. L2TPv3 in cisco provides Pseudo-wire services to the customer. L2TPv3 only require the IP connectivity between peers but it can transport Ethernet, 802.1Q , HDLC, PPP framerelay etc. Advantage over MPLS is the customer having the full control of their routing domain. L2TP depolyment methods having 3 topologies LAC - LNS , LNS - LNS , LAC - LAC Following Diagram explain simple LAC - LAC L2TPv3 setup. It uses two types of messages: control connection messages - used for signaling between LCEs session data messages - Used to transport layer 2 protocols and connections Data channel Message Header having Session ID & cookie to correctly associate with the tunnel Deploying dynamic Pseudowires session 1) configure CEF - Its default in IOSs now. 2) configure a loopback in
Read more

mikrotik queue tree - Per connection queuing.

Image
One of the cool feature on Mikrotik queuing is Per Connection Queuing . we can equally distribute the bandwidth among Number of users.[1] This setup explores the per connection queuing in the congestion situation and how to utilize the priority queuing features. [Please note Mikrotik Queue lowest priority value have highest priority eg: queue priority 7 traffic gets highest preference over queue priority 8  ] In this test setup 192.168.92.50 and 51 given 512Kbps per connection queuing(PCQ) Priority 6 . 192.168.52 and 54 placed under 256Kbps PCQ (Priority 8) and further youtube users given 384Kbps irrespective to the queue they are currently placed ( FIFO) . 1) Bridge setup - " Don't forget to enable the bridge firewall :) " /interface bridge add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes comment="" disabled=no forward-delay=15s l2mtu=1522 \ max-message-age=20s mtu=1500 name=br_traffic_shaper priority=0x8000 protocol-mode=none
Read more

Decoding BGP Notification Error

Following Log messages are normal in the IX scenario but decode the error message is quite interesting: We will see why this error message popped up : : %BGP-3-NOTIFICATION: sent to neighbor 10.10.194.236 2/7 (unsupported/disjoint capability) 0 bytes  FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 0039 0104 xx0D 00B4 C06A 1102 1C02 0601 0400 0200 0102 0280 0002 0202 0002 0246 0002 0641 0400 00C4 0D its a raw hex out  of the BGP open message and starts from the marker  16byte FF so the actual output starts from 0039  2 byte length value : 00 39 - 57 1 byte Type : 01 open message 1 byte Version : 04 2 byte ASN : xx0D  [ modified to remove the relevant information ] 2 byte holdtime : 00 B4 - 180 Seconds 4 byte BGP identifier : C06A 1102 [ modified ] 1 byte Optional parameter length : 1C   - 28 bytes Refer RFC: http://tools.ietf.org/html/rfc5492 http://tools.ietf.org/html/draft-ietf-idr-ext-opt-param-02 http://www.iana.org/assignments/capability-codes/capability-c
Read more