PPTP Server as Cisco for Mikrotik Client

Following configuration explains the Cisco as PPTP server and connecting two sites:

Following Configuration needed to enable the VPDN and default server:



vpdn enable
!
vpdn-group Mtik
! Default PPTP VPDN group
 accept-dialin
  protocol pptp
  virtual-template 1


interface Virtual-Template1
 ip unnumbered Loopback0
 peer default ip address pool IPPOOL1
 ppp encrypt mppe auto required
 ppp authentication ms-chap-v2 ms-chap pap


ip local pool IPPOOL1 192.168.150.10 192.168.150.224

Few more additional things we need to keep the same ip address for the user: 
aaa new-model
!
!
aaa authentication ppp default local
aaa authorization network default local
!
aaa attribute list Gobi
 attribute type addr 192.168.150.13 service ppp protocol ip mandatory
 attribute type route "10.0.0.0 255.255.255.0 192.168.150.13"
 attribute type interface-config "description Gobi-test"

Finally apply the attribute list to the user:

username gobi password 0 test
username gobi aaa attribute list Gobi

Mikrotik Configurations: 
/interface pptp-client
add add-default-route=no allow=mschap2 connect-to=192.168.16.2 \
    dial-on-demand=no disabled=no max-mru=1500 max-mtu=1500 mrru=1500 name=\
    gobi password=test profile=default-encryption user=gobi


[admin@HOST1] > ip add print
Flags: X - disabled, I - invalid, D - dynamic
 #   ADDRESS            NETWORK         INTERFACE
 0   192.168.10.2/30    192.168.10.0    ether1
 1   192.168.16.1/30    192.168.16.0    ether2
 2   10.0.0.1/24        10.0.0.0        ether1
 3 D 192.168.150.13/32  192.168.150.1   gobi
IP route placed in the mikrotik as static : 
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=gobi scope=30 \
    target-scope=10

1500 df-bit ping test 
R1#ping 10.0.0.254 size 1500 df-bit

Type escape sequence to abort.
Sending 5, 1500-byte ICMP Echos to 10.0.0.254, timeout is 2 seconds:
Packet sent with the DF bit set
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 100/124/152 ms

Comments

Post a Comment

Popular posts from this blog

l2tpv3 configuration reference

Image
Reference Comparing , Designing and Deploying VPNs chap - 02 : L2TPv3 is the enhanced version of L2TPv2 protocol. Mikrotik uses L2TPv2 i suppose but it offer another similar tunneling mechanism as EOIP. L2TPv3 in cisco provides Pseudo-wire services to the customer. L2TPv3 only require the IP connectivity between peers but it can transport Ethernet, 802.1Q , HDLC, PPP framerelay etc. Advantage over MPLS is the customer having the full control of their routing domain. L2TP depolyment methods having 3 topologies LAC - LNS , LNS - LNS , LAC - LAC Following Diagram explain simple LAC - LAC L2TPv3 setup. It uses two types of messages: control connection messages - used for signaling between LCEs session data messages - Used to transport layer 2 protocols and connections Data channel Message Header having Session ID & cookie to correctly associate with the tunnel Deploying dynamic Pseudowires session 1) configure CEF - Its default in IOSs now. 2) configure a loopback in
Read more

proxy arp

Image
In the above diagram , both hosts don't have default routes. But both are in the same /16 subnet. When host1 tries to ping host2 will it be able to ping ? Yes this behaviour due to the Proxy Arp feature. Note: Cisco by default enabled the proxy arp feature you have to disable it manually . Check the following Debug messages "debug arp" from the router. When the Arp request for 192.168.20.101 received on the router Fa0/1 it replies with its own mac address of fa0/1. (c200.03fc.0001)and vice versa *Mar 1 00:11:43.071: IP ARP: rcvd req src 192.168.12.154 00aa.00f4.6800, dst 192.168.20.101 FastEthernet0/1 *Mar 1 00:11:43.075: IP ARP: sent rep src 192.168.20.101 c200.03fc.0001,dst 192.168.12.154 00aa.00f4.6800 FastEthernet0/1 *Mar 1 00:13:13.067: IP ARP: rcvd req src 192.168.20.101 00aa.0041.1d00, dst 192.168.12.154 FastEthernet0/0 *Mar 1 00:13:13.067: IP ARP: sent rep src 192.168.12.154 c200.03fc.0000, dst 192.168.20.101 00aa.0041.1d00 FastEther
Read more